In this article , I have explained how to install openvas vulnerability scanner on Ubuntu.
Also we will learn to add a target hosts to scanner and scan the servers.
What is OpenVAS Vulnerability Scanner?
OpenVAS also known as Open Vulnerability Assessment System is a an opensource tool offering vulnerability scanning and management.
Plugins for OpenVAS are written in Nessus Attack Scripting Language.
Its capabilities includes authenticated testing , unauthenticated testing and low and high level internet and industrial protocols , performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.
OpenVAS includes several services and tools.
- Greenbone Security Assistant – A graphical interface that allows us to manage scans from web application.
- Scanner – Which runs the NVT (Network Vulnerability tests).
- A database to store results and configurations.
Lets go ahead and install openvas vulnerability scanner on ubuntu system.
Installing OpenVAS on Ubuntu
Before installing openvas tool on ubuntu , Update the Ubuntu’s default APT package repository.
sudo apt-get update
Then we need to add the PPA repository to the system.make sure you have root or sudo permission to execute below commands.
sudo add-apt-repository ppa:mrazavi/openvas
When you run the above command , It will display the all the commands that needs to be executed to setup openvas on the server.
After adding the PPA repository , We need to update the system.
sudo apt-get update
Then install SQLite , Which will be used as a database to store scanned results and configurations.
sudo apt-get install sqlite3
Now Lets go ahead and install openvas software using the below command.
sudo apt-get install openvas9 -y
While installing, It will ask us to configure Redis Unix socket , Choose Yes and hit Enter
After the openvas packages are installed , We need to install some of the packages.
We need to install the below packages which will help us to get the scanned reports in the PDF format.
sudo apt install texlive-latex-extra --no-install-recommends -y
sudo apt install texlive-fonts-recommended -y
After the above packages are installed , We need to install openvas-nasl tool which can be installed using libopenvas9-dev package.
The purpose of this package is to run OpenVAS NASL scripts against the target servers to check for errors.
sudo apt install libopenvas9-dev -y
And then we need to add the vulnerability data to the database by syncing with the openvas feeds.
Execute the below command to download the network vulnerability tests from OpenVAS feeds.
And also sync the security content automation protocol data and cert vulnerability data using the below commands.
The above sync’s will take some time to complete.
After the update is done , We should restart the openvas services.
Restarting OpenVAS Services
Below are the commands to restart openvas services,
Restart OpenVAS Manager.
systemctl restart openvas-manager
Restart the OpenVAS Scanner.
systemctl restart openvas-scanner
Restart the Greenbone Security Assistant.
systemctl restart openvas-gsa
Enable them to auto start on system reboot.
systemctl enable openvas-manager
systemctl enable openvas-scanner
systemctl enable openvas-gsa
Lets check the openvas processes using the below command.
ps -ef |grep openvas
The Greenbone Security Assistant (OpenVAS Web Interface) runs on the port 4000.It can be checked using the below command.
netstat -nltp |grep gsa
We need to rebuild the OpenVAS database, so that the openvas manager can access the NVT data which we downloaded previously.
openvasmd --rebuild --progress
We are almost done installing and configuring the openvas vvulnerability scanner on ubuntu system.
Now If you Go to your browser and access http://PublicIP:4000 , You may get the below error.
The request contained an unknown or invalid Host header. If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it.
To fix this issue , Go to the server , and open the below file.
You can see that the ALLOW_HEADER_HOST is commented out. Uncomment it and enter the Public IP address of the instance as shown below.
Once done , Save and Close the file.
We need to restart GSA for the changes to take effect.
systemctl restart openvas-gsa
Now If you access GSA (Greenbone Security Assistant) – http://PublicIP:4000 , You should see the following login page.
The default Username and Password to login is admin.
You can use the following command to change the password for admin.
openvasmd --user=admin [email protected]
After login , You will see the following dashboard.
To add target to the Scanner , Hover to Scans and click Tasks
You will get the following screen.
To perform immediate scanning for a host , Click Task Wizard
Then provide the IP address or Hostname of the target host and click Start Scan.
The scan will start immediately.
After the scanning is completed , You will get the scanned results in Low , Medium and High Severity.
Click the Host , Under Vulnerability , You can find the Scanned report.
To check the lists of hosts added to the Scanner , Under Configuration , Choose Targets.
We have successfully installed and configured OpenVAS Vulnerability Scanner on Ubuntu , Also we have added a host and performed a Scan for that host.
Thanks for reading.Please do check out my other blogs.