Sep 212013
 

So, I tried installing OpenVAS in my ESXi environment to test it and play around with it. But the installation seems tricky or broken and very bad documented. This is what I found so far:

To install on Debian, you need to take these steps (from here):

Step 1: Configure OBS Repository
(as user root, only once)

echo "deb http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/ ./" >> /etc/apt/sources.list
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/Release.key
apt-key add ./Release.key
sudo apt-get update

Step 2: Quick-Install OpenVAS
(as user root, only once)

apt-get -y install greenbone-security-assistant openvas-cli openvas-manager openvas-scanner openvas-administrator sqlite3 xsltproc rsync
To install support packages for report generation (downloads around 30 MB of additional packages):

apt-get -y install texlive-latex-base texlive-latex-extra texlive-latex-recommended htmldoc
To install support for autogenerated LSC credential packages:

apt-get -y install alien rpm nsis fakeroot
Step 3: Quick-Start OpenVAS
(copy and paste whole block as user root, during first time you will be asked to set a password for user “admin”)

test -e /var/lib/openvas/CA/cacert.pem  || openvas-mkcert -q
openvas-nvt-sync
test -e /var/lib/openvas/users/om || openvas-mkcert-client -n om -i
/etc/init.d/openvas-manager stop
/etc/init.d/openvas-scanner stop
openvassd
openvasmd --rebuild
openvas-scapdata-sync
openvas-certdata-sync
test -e /var/lib/openvas/users/admin || openvasad -c add_user -n admin -r Admin
killall openvassd
sleep 15
/etc/init.d/openvas-scanner start
/etc/init.d/openvas-manager start
/etc/init.d/openvas-administrator restart
/etc/init.d/greenbone-security-assistant restart
Step 4: Log into OpenVAS as “admin”

Open https://localhost:9392/.

It sounds easy, but the installation breaks (see my last post). I found a check script, that will help you troubleshoot your installation, but the script said my install was “OK”, while it was not. Fail-Script.

Whatever, if you want to add your user to OpenVAS, you need to run “openvas-adduser” and for giving them admin rights “touch /var/lib/openvas/user/USERNAME/isadmin”. Strange system it is…

If you want to make it listen on IP addresses different than 127.0.0.1, you should run
sed -i "s/127.0.0.1/YOURIP/g" /etc/default/openwhatever
on all the OpenVAS files.

So far, the product seems buggy, bad documented and ressource hungry. But the scanning is fast (from what I tested so far).

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)