Install OpenVAS on Ubuntu 12.04

The OpenVAS packages provided via the openSUSE Build Service are slightly out of date. But there is an Personal Package Archive(PPA) on Launchpad with up to date packages. In this tutorial I will show how to install current OpenVAS packages from Launchpad.

Install the packages

First of all you have to decide if you want to use the stable version or the nightly builds and add the corresponding resources.

To add the stable packages you have to run the following command ...

$ sudo add-apt-repository ppa:openvas/stable

... and for the nightly packages you have to modify the command parameters a little bit.

$ sudo add-apt-repository ppa:openvas/nightly

If the PPA sources and the GPG key were successfully added to the system it's time to update the package information and install the required packages.

$ sudo apt-get update
$ sudo apt-get install openvas-scanner openvas-manager openvas-administrator greenbone-security-assistant openvas-cli openvas-check-setup gsd

At the moment the following additional packages have to be installed but this might change in the near future.

$ sudo apt-get install xsltproc sqlite3

Quick setup

For a quick setup you can use the commands provided on the OpenVAS website and listed below.

test -e /var/lib/openvas/CA/cacert.pem  || sudo openvas-mkcert -q
sudo openvas-nvt-sync
test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-scanner stop
sudo openvassd
sudo openvasmd --migrate
sudo openvasmd --rebuild
sudo killall openvassd
sleep 15
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin

If the process was successful you should be able to login using the 'admin' user and the password you provided during the setup. The interface of the Greenbone Security Assistant should be accessible at http://localhost:9392/

Detailed setup

Go on with the detailed setup if you want to get a deeper understanding of what happens in detail during the setup.

First of all the OpenVAS scanner needs a SSL Certificate for its communication with the OpenVAS manager. Use the openvas-mkcert tool to create the required certificates.

$ sudo openvas-mkcert

The following files are generated during the execution:

. Certification authority:
   Certificate = /var/lib/openvas/CA/cacert.pem
   Private key = /var/lib/openvas/private/CA/cakey.pem

. OpenVAS Server :
    Certificate = /var/lib/openvas/CA/servercert.pem
    Private key = /var/lib/openvas/private/CA/serverkey.pem

To perform the security scans the scanner needs Network Vulnerability Tests(NVT). So you have to sync the NVT feed by using the given command.

$ sudo openvas-nvt-sync

If you are working with OpenVAS 6 you might also sync the SCAP data.

$ sudo openvas-scapdata-sync

After that you have to create a client certificate using the openvas-mkcert-client tool. If -n is specified the tool doesn't ask any questions and creates a certificate for the user 'om'. The -i parameter installs the certificate to be used with the OpenVAS manager.

$ sudo openvas-mkcert-client -n om -i

Before you go on stop all running processes.

$ sudo /etc/init.d/openvas-scanner stop
$ sudo /etc/init.d/openvas-manager stop
$ sudo /etc/init.d/openvas-administrator stop
$ sudo /etc/init.d/greenbone-security-assistant stop

Now it's time to prepare the scanner. So you have to start it manually and wait until all NVTs are successfully loaded. This process might take some time at the first run.

$ sudo openvassd

If the OpenVAS scanner starts successfully you have to migrate the database and rebuild it. This might also take some time to complete.

$ sudo openvasmd --migrate
$ sudo openvasmd --rebuild

The migration and the rebuild should be successful and you can shutdown all scanner processes.

$ sudo killall openvassd

Wait some seconds before you go on with the next commands and start all required services.

$ sudo /etc/init.d/openvas-scanner start
$ sudo /etc/init.d/openvas-manager start
$ sudo /etc/init.d/openvas-administrator restart
$ sudo /etc/init.d/greenbone-security-assistant restart

The second last thing you have to do is to create an user with administrative privileges. In the following example 'admin' is the name of the user to create and 'Admin' is the role to create the user with.

$ sudo openvasad -c add_user -n admin -r Admin

If everything was successful you should be able to login using the 'admin' user. You can access the Greenbone Security Assistant by directing your browser to http://localhost:9392/

Check your setup

To test your setup you can use the openvas-check-setup tool by executing the following command.

$ sudo openvas-check-setup

At the time of writing the stable version is OpenVAS 5 and this is also the version the tool performs the tests with. If you have installed OpenVAS 6(nightly builds) you have to pass an additional command line parameter to the tool.

$ sudo openvas-check-setup --v6

Verwandte Artikel