[NOTE] I am working on fixing this article to look the way it should on the wiki --Corrytonapple

I have worked over the last three days to get openVAS 4.0 working on Ubuntu Server 11.04. I have a feeling that the same process would work for 10.04 and 10.10 if the repository is changed.

  • Here is what I did to get the server up and running. Step 1: Configure OBS Repository

sudo apt-get -y install python-software-properties sudo add-apt-repository "deb http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.04/ ./" 

  • Other repositories are:

  • 10.04

||<tablestyle="width:100%" class="ubuntu_quotebackground"> "deb http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_10.04/ ./" ||

10.10

||<tablestyle="width:100%" class="ubuntu_quotebackground"> "deb http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_10.10/ ./" ||

You have to remove the 'source' entry in /etc/apt/sources.list

sudo nano /etc/apt/sources.list

Now you can continue adding the repository

||<tablestyle="width:100%" class="ubuntu_quotebackground"> sudo apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys BED1E87979EAFD54

  • sudo apt-get update ||

Step 2: Quick-Install OpenVAS

sudo apt-get -y install greenbone-security-assistant gsd openvas-cli openvas-manager openvas-scanner openvas-administrator sqlite3 xsltproc

Step 3: Quick-Start OpenVAS

||<tablestyle="width:100%" class="ubuntu_quotebackground"> test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q

  • sudo openvas-nvt-sync

    test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i sudo /etc/init.d/openvas-manager stop sudo /etc/init.d/openvas-scanner stop sudo touch sudo touch /var/lib/openvas/mgr/tasks.db sudo chmod 600 /var/lib/openvas/mgr/tasks.db sudo openvassd sudo openvasmd --migrate sudo openvasmd --rebuild sudo killall openvassd sleep 15 sudo /etc/init.d/openvas-scanner start sudo /etc/init.d/openvas-manager start sudo /etc/init.d/openvas-administrator restart test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin sudo gsad ||

Add the components to startup by adding them to the rc.local file

sudo nano /etc/rc.local

add the following:

||<tablestyle="width:100%" class="ubuntu_quotebackground"> openvassd

  • openvasad openvasmd

    gsad || Open a web browser and go to your server You will be prompted for a login

http://ubuntuforums.org/attachment.php?attachmentid=192428&stc=1&d=1305646699

  • Login with the admin user you created in the setup. After login you will be greeted with a screen that looks like this.

http://ubuntuforums.org/attachment.php?attachmentid=192429&stc=1&d=1305647044

  • The first step to get your system scanning is to define your targets. You can not setup any tasks until those are setup. Click 'Targets'.

http://ubuntuforums.org/attachment.php?attachmentid=192430&stc=1&d=1305647063

  • Now you can fill out as many targets as you like. Targets can be dns names, a single IP address or a range of IP addresses.

||<tablestyle="width:100%" class="ubuntu_quotebackground"> New Target

  • For creating a new target the dialog offers these entries. Hit the button "Create Target" to submit the new target. The list of targets will be updated.

    Note on Hosts:

    • The hosts parameter is a comma-separated list of values. Each value can be * an IPv4 address (e.g. 192.168.13.1) * a hostname (e.g. myhost1.domain) * an IPv4 address range in long format (e.g. 192.168.1.116-192.168.1.124) * an IPv4 address range in short format (e.g. 192.168.1.116-124) * an IPv4 address range in CIDR notation (e.g. 192.168.13.0/24) * an IPv6 address (e.g. fe80::222:64ff:fe76:4cea/64). These options can be mixed (e.g. 192.168.13.1, myhost2.domain, 192.168.13.0/24). * The netmask in CIDR notation is limited to 20 (4095 hosts). * The Scanner currently expects IPv6 addresses to name a single host, and always replaces the netmasks of IPv6 addresses with 128. ||

Once you have created your targets your screen should look like this: http://ubuntuforums.org/attachment.php?attachmentid=192431&stc=1&d=1305647466

  • Now you need to setup new tasks that make use of your 'targets'.

http://ubuntuforums.org/attachment.php?attachmentid=192432&stc=1&d=1305647701

Once you have entered your targets and chosen the scan type you are unable to modify the scan type. To choose a new scan type for a target you would have to create a new task. (we will cover schedules later as well).

  • Once you have created your target list you can click on targets to get to your list.

http://ubuntuforums.org/attachment.php?attachmentid=192434&stc=1&d=1305647962

  • From here you can run the task, restart the task, stop the task, delete the task, view reports associated with the task and edit the task. As stated previously you can not change the scan type for the target when editing.

http://ubuntuforums.org/attachment.php?attachmentid=192436&stc=1&d=1305648125

  • Be warned that running large IP address ranges can take a significant amount of time. the /24 scan I did took 5 hours and 37 minutes to complete. The task will refresh on a schedule if you choose that option.

http://ubuntuforums.org/attachment.php?attachmentid=192448&stc=1&d=1305649748

  • When the run is complete you will be able to view a summary or detailed report. Also, note the run button turned in to a pause button.

http://ubuntuforums.org/attachment.php?attachmentid=192447&stc=1&d=1305649575

  • The summary view will show you the overall security risk level that machine has (High above). You can then drill down and get more detail by clicking on the blue magnifying glass.

http://ubuntuforums.org/attachment.php?attachmentid=192446&stc=1&d=1305649575

  • This view shows you the summary of how many 'vulnerabilities' the scanner found at each level. To get even more detail you again click the magnifying glass. The next level of detail shows high and medium items and presents options to download reports. The PDF generation has not worked for me, but HTML has.

http://ubuntuforums.org/attachment.php?attachmentid=192443&stc=1&d=1305649329 http://ubuntuforums.org/attachment.php?attachmentid=192444&stc=1&d=1305649329

  • For me this tool has worked to make me more aware of potential issues. You have to be careful to read the 'vulnerabilities' because I have found some of them to not be applicable because the server is not actually running the service selected.

openVAS4.0 (last edited 2012-05-12 20:41:25 by corrytonapple)