How to install and configure OpenVAS 9 on Ubuntu

OpenVAS is an advanced open-source vulnerability scanner and manager for servers and network tools. 

OpenVAS is a quite popular and highly advanced open-source vulnerability scanner and manager for servers and network tools. OpenVAS includes several services and tools. Here are a few most prominent features that are vital for any server.

  • Greenbone Security Assistant, a graphical interface that allows you to manage vulnerability scans from a web application
  • A database that stores results and configurations
  • Regularly updated feed of NVTs (Network Vulnerability Tests)
  • Scanner, which runs the NVTs

Install OpenVAS 9 on Ubuntu 18.04 LTS

Before we go to the installation part, we need to add the PPA repository to the system.

Step 1 – Add PPA Repository

Execute all commands in root user.

sudo add-apt-repository ppa:mrazavi/openvas

Step 2 –  Update System

sudo apt-get update

Now we will install needed packages.

Step 3 – Install SQLite

SQLite is a C-language library that is the most used database engine in the world.

 sudo apt install sqlite3

Step 4 – Install OpenVAS 9

Now is the time to install OpenVAS 9.

sudo apt install openvas9

It will ask to configure Redis Unix socket. Then select yes and continue.

Redis Configuration
Redis Configuration

After the installation is done, you have to configure some packages.

Step 5 – Install other needed packages

For PDF reporting, we have to install some packages for it.

sudo apt install texlive-latex-extra --no-install-recommends
sudo apt install texlive-fonts-recommended

We need the “openvas-nasl”  utility which is provided by the “libopenvas9-dev” package to run OpenVAS NASL scripts against a target or sometimes troubleshoot and check NASL scripts for errors.

You can install it using the following command:

sudo apt install libopenvas9-dev

We will add the vulnerability data to the database by syncing with the feeds. It can be done using the following commands.

greenbone-nvt-sync
greenbone-scapdata-sync

Data Sync
Data Sync

greenbone-certdata-sync

These syncs will get some time to update.

After the update is done, we can restart services.

Step 6 – Restart OpenVAS Services

Restart the OpenVAS scanner.

systemctl restart openvas-scanner

Restart the OpenVAS manager.

systemctl restart openvas-manager

Restart the Greenbone security assistant.

systemctl restart openvas-gsa

Then enable restarted services on system boot.

systemctl enable openvas-scanner
systemctl enable openvas-manager
systemctl enable openvas-gsa

Step 7 – Check OpenVAS processes

ps -aux | grep openvas

Openvas Processes
Openvas Processes

Rebuild the NVTs cache and all synced feed will be loaded into the manager.

openvasmd --rebuild --progress

Step 8 – Verify Installation

Here we are going to use openvas-check-setup tool for checking the state of OpenVAS installation.

Download and copy it to your path:

wget --no-check-certificate https://svn.wald.intevation.org/svn/openvas/branches/tools-attic/openvas-check-setup -P /usr/local/bin/

Give execute permission.

chmod +x /usr/local/bin/openvas-check-setup

Now verify installation.

openvas-check-setup --v9

Verify Installation
Verify Installation

Step 9 – Test Installation

Now everything is ok. We can browse the web interface. Open a browser and use the following URL.

https://Server-Ip:4000

The login default username and password is “admin”

Web Interface Login
Web Interface Login

After login, you can see the Dashboard.

DashBoard
DashBoard

Now we will add a scan target. So click on Scan-> Task. Then you will get the following window.

Scan Task
Scan Task

Add target.

Add Target
Add Target

Then start the scan and you will see scan is running.

Scan In Progress
Scan In Progress

After the scan is completed, you can download reports in PDF format.

We successfully installed and configured Openvas9 on Ubuntu 18.04 LTS and added a target to scan. If you have any issue with the installation, feel free to discuss in the comments section below.

Darshana
Hey! I'm Darshana, a Linux / DevOps Engineer and also a contributor to FOSS Linux. I enjoy working on various kind of Linux distributions and cloud technologies. During my free time, I love to swim and hike across nature trails. Linux is my love and I'm here to share all my learnings with all of you! Hope you enjoyed reading my article.

5 COMMENTS

  1. This is a very good step-by-step procedure which I appreciate, however step 8 (verification) is no longer valid as the tool is no longer available and/or maintained.

  2. Thank you for this guide which made it really easy to install OpenVAS. It fails to scan public IPs behind firewalls but Nmap does. Any advice on modification that could be made to resolve it?

  3. Hi,

    thank you for the guide. I surely will give it a try but one question: Did you try the command line tools e.g. omp and its successor?
    I tried another guide that worked fine but provided no working access to the scanner via command line.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

STAY CONNECTED

24,600FansLike
168FollowersFollow

LATEST ARTICLES