New Banner 3

Services

Find out more about ProCheckUp's services including: Penetration Testing, PCI QSA and PCI DSS

More Detail

PCI DSS User Group

User Group is for merchants to come and share experiences with fellow professionals. We have regular presentations from the card schemes and acquiring banks.

Find out more & join...

Installing OpenVAS 8 Beta From Source On Debian

17 February 2015 by Simon Davies, ProCheckUp

When performing vulnerability assessments it is essential to possess a vulnerability scanner and manager in order to automate the process of discovering vulnerabilities on hosts based on known CVEs. OpenVAS is an open source, free vulnerability scanner and manager that performs on par with Nessus based on recent comparisons that I have carried out. If you wish to build and install this tool please see below: 

1. Download the following source files:

Libraries 8.0 beta 6 source files:

wget http://wald.intevation.org/frs/download.php/1922/openvas-libraries-8.0+beta6.tar.gz

Scanner 5.0 beta 6 source files:

wget http://wald.intevation.org/frs/download.php/1926/openvas-scanner-5.0+beta6.tar.gz

Manager 6.0 beta 6 source files:

wget http://wald.intevation.org/frs/download.php/1930/openvas-manager-6.0+beta6.tar.gz

Greenbone Security Assistant 6.0 beta 6 source files:

wget http://wald.intevation.org/frs/download.php/1934/greenbone-security-assistant-6.0+beta6.tar.gz

Commandline Interface (CLI) 1.4 beta 5 source files:

wget http://wald.intevation.org/frs/download.php/1882/openvas-cli-1.4+beta5.tar.gz 

openvas-smb 1.0.0 source files:

wget http://wald.intevation.org/frs/download.php/1919/openvas-smb-1.0.0.tar.gz

2. Uncompressing the downloaded archives:

tar -zxvf archive_name.tar.gz

i.e. tar -zxvf openvas-libraries-8.0+beta5.tar.gz

3. Installing OpenVAS 8 dependencies:

apt-get install bison flex cmake pkg-config libssh-dev libgnutls-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev libksba-dev libhiredis-dev libldap2-dev autoconf libsqlite3-dev libxml2-dev libmicrohttpd-dev xsltproc tcl rpm alien nsis gcc-mingw32 perl-base perl-base heimdal-dev heimdal-multidev libpopt-dev libxslt-dev

To Build Documentation:

apt-get install libsnmp-dev doxygen xmltoman sqlfairy

4. Enabling WMI support:

Change directory into the folder containing the openvas-smb 1.0.0 source files:

cd path_to_folder_containing_source_files

Create a folder named build and change directory into it:

mkdir build

cd build

Configure the build:

cmake path_to_folder_containing_source_files

Compile and install:

make               

make doc          

make install       

make rebuild_cache

5. Compiling and installing the OpenVAS 8 components:

OpenVAS 8 components:

  • Libraries 8.0 beta 6
  • Scanner 5.0 beta 6
  • Manager 6.0 beta 6
  • Greenbone Security Assistant 6.0 beta 6
  • Commandline Interface (CLI) 1.4 beta 5

 

Change directory into the folder containing the component's source files:

cd path_to_folder_containing_source_files

Create a folder named build and change directory into it:

mkdir build

cd build

Configure the build:

cmake path_to_folder_containing_source_files

Compile and install:

make               

make doc          

make install       

make rebuild_cache

6.  Download Redis 2.8.19:

wget http://download.redis.io/releases/redis-2.8.19.tar.gz

To install redis uncompress the archive:

tar -zxvf redis-2.8.19.tar.gz

Then compile the source files:

make
  
To test Redis is working correctly:

make test

To install Redis in /usr/local/bin:

make install

Create redis OpenVAS config file in /etc:

create /etc/redis.conf


The file should contain the below:

unixsocket /tmp/redis.sock
unixsocketperm 700
timeout 0
#DB = 1 + (#of parallel tasks) * (#of parallel hosts)
databases 128
#CLI = 1 + (#of parallel tasks) * (#of parallel hosts) * (#of concurrent NVTs)
maxclients    512

7. Configuring OpenVAS 8:

Initial Setup:

openvas-mkcert

openvas-mkcert-client -n -i


Update:

openvas-nvt-sync

openvas-scapdata-sync

openvas-certdata-sync

openvasmd --rebuild


Create Admin user:

openvasmd --create-user=enter_name --role=Admin

i.e. openvasmd --create-user=simon --role=Admin

8. Creating a bash script to start OpenVAS 8:

#!/bin/bash
cd /usr/local/sbin
./openvassd
echo -e "Open-VAS Scanner Started..."
./openvasmd
echo -e "Open-VAS Manager Started..."
./gsad
echo -e "Greenbone Security Assistant Started..."
echo -e "\nWelcome to OpenVAS 8"
cd /usr/local/bin
./redis-server /etc/redis.conf


Save the script as OpenVAS_Start and remember to make it executable:

chmod +x OpenVAS_Start

9. Checking OpenVAS 8 is set up correctly:

wget --no-check-certificate https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup


Ensure that the script is executable:

chmod +x openvas-check-setup


Execute the script:

./openvas-check-setup --v8

10. Using the OpenVAS 8 web GUI:

Visit the following URL in your web browser:

https://server_domain_or_IP:9392

 

 

Back To listing