How to Install OpenVAS Vulnerability Scanner on Ubuntu 16.04
Introduction
OpenVAS is an open source suite that can be used for vulnerability scanning and vulnerability management. It stands for Open Vulnerability Assessment System. OpenVAS is an excellent alternative to commercial security scanners such as Nessus, QualysGuard, etc. OpenVAS is divided into three parts: OpenVAS Scanner, OpenVAS Manager, and OpenVAS CLI.
In this tutorial, I will explain how to install OpenVAS Vulnerability Scanner on Ubuntu 16.04.
Prerequisites
- A newly deployed Ubuntu 16.04 server instance.
- A non-root user with sudo privileges setup on your server [sysad]
- A static IP address of 172.23.11.101 configured on [srvr-uopenvas.ssis.edu.vn].
- The rsync package must be installed
Step 1: Update the system
First, update your system to the latest stable version by running the following commands:
sudo apt-get update -y
sudo apt-get upgrade -y
sudo reboot
Step 2: Install required dependencies
Before installing OpenVAS, you will need to install its required dependencies. To install them, run the following command:
sudo apt-get install python-software-properties
Next, you will also need to install SQLite for OpenVAS manager:
sudo apt-get install sqlite3
Step 3: Install OpenVAS
By default, the OpenVAS package is not available in the Ubuntu 16.04 repository, so you will need to add OpenVAS PPA to your system's repository list.
Add the OpenVAS PPA.
sudo add-apt-repository ppa:mrazavi/openvas
Update the repository.
sudo apt-get update
Finally, install OpenVAS.
sudo apt-get install openvas
Once OpenVAS has finished installing, start the OpenVAS service with the following commands:
sudo systemctl start openvas-scanner
sudo systemctl start openvas-manager
sudo systemctl start openvas-gsa
sudo systemctl enable openvas-scanner
sudo systemctl enable openvas-manager
sudo systemctl enable openvas-gsa
Step 4: Allow OpenVAS through the system firewall
By default, OpenVAS runs on port
443, so you will need to allow this port through the UFW firewall.sudo ufw allow https
Step 5: Access OpenVAS web interface
Before accessing OpenVAS, you will need to update its vulnerability database. [You can do the update feed from the administration tab portion of the GUI]
sudo openvas-nvt-sync
Once the database is up-to-date, open your web browser and type the URL
https://172.23.11.101. On the login page, provide the default username(admin) and password (admin). After logging in, you will be presented with the OpenVAS dashboard.
If you want to change the admin user's password from command line, run the following command:
sudo openvasmd --user=admin --new-password=<new-password>
Congratulations! You have successfully installed OpenVAS on your Ubuntu 16.04 server.
Step 6: Creating Super Admin Users (DANGEROUS but necessary!)
service openvas-scanner stop
openvasmd --create-user=<username> --role="Super Admin"
openvasmd --user=<username> --new-password=<password>
service openvas-scanner start
NVT, CVE, CPE List
In order to update the NVT, CVE and CPE database listing, you need to have the SCAP feed updated. You can perform this from the GUI or
sudo openvas-scapdata-sync503 - Service temporarily down
The issue started when i trying to figure out why scan result isn't working for me. I accidentally updated the cert and everything just go down hill from there. Hence, the only way is to figure out what happen. And the following solution seems to work for me. I also had to recreate the admin user.
openvas-mkcert-client -n om -iopenvas-nvt-sync --wgetservice openvas-scanner stop; service openvas-manager stop;openvassdrm /var/lib/openvas/mgr/tasks.dbopenvasmd --progress --rebuild -vopenvasmd --create-user=admin --role=Admin openvasmd --user=admin --new-password=adminservice openvas-scanner start; service openvas-manager start;
What this does is to remove ALL your task. And rebuild it again. It seems that somehow when we refresh the cert, all the task that bind with the old cert can't seems to perform a handshake with the new cert that i have generated. Hence, removing everything and redo it again seems to solve this problem.
