001. OpenVAS 5 Installation on CentOS 6.2

Disclaimer: The following information is provided with no representation or warranty of any kind either express or implied. You may use it freely at your own risk, and no one else will be liable for any damages arising out of such usage.

OS: CentOS 6.2 32bit
Hardware: Virtual Machine (VirtualBox 4.1.14)
OpenVAS: 5

About

OpenVAS is an opensource vulnerability network scanner. OpenVAS let you scan your network for vulnerabilities and create a report on your network status.

Prerequisite

• Disable SELINUX

vi /etc/selinux/config

...
SELINUX=disabled
...

• Install wget

yum install wget -y

• Update your Operating System and reboot

yum update -y 
reboot

OpenVAS Installation

• Install atomic repository

wget -q -O - http://www.atomicorp.com/installers/atomic |sh

Atomic Archive installer, version 2.0.3

BY INSTALLING THIS SOFTWARE AND BY USING ANY AND ALL SOFTWARE
PROVIDED BY ATOMICORP LIMITED YOU ACKNOWLEDGE AND AGREE:

THIS SOFTWARE AND ALL SOFTWARE PROVIDED IN THIS REPOSITORY IS
PROVIDED BY ATOMICORP LIMITED AS IS, IS UNSUPPORTED AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ATOMICORP LIMITED, THE
COPYRIGHT OWNER OR ANY CONTRIBUTOR TO ANY AND ALL SOFTWARE PROVIDED
BY OR PUBLISHED IN THIS REPOSITORY BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.

Do you agree to these terms? (yes/no) [Default: yes]
ENTER

Installing the Atomic GPG key: OK
Downloading atomic-release-1.0-14.el6.art.noarch.rpm: OK

The Atomic Rocket Turtle archive has now been installed and configured for your system
The following channels are available:
  atomic          - [ACTIVATED] - contains the stable tree of ART packages
  atomic-testing  - [DISABLED]  - contains the testing tree of ART packages
  atomic-bleeding - [DISABLED]  - contains the development tree of ART packages

• Install OpenVAS

yum install openvas -y

• Run openvas-setup to configure OpenVAS

openvas-setup

Openvas Setup, Version: 0.1

Step 1: Update NVT's
Please note this step could take some time.
Once completed, NVT's will be updated automatically every 24 hours

Updating NVTs....
Stopping openvas-scanner:                                  [  OK  ]
Starting openvas-scanner:
                                                           [  OK  ]
Updating OpenVAS Manager database....

Step 2: Configure GSAD
The Greenbone Security Assistant is a Web Based front end
for managing scans. By default it is configured to only allow
connections from localhost.

Allow connections from any IP? [Default: yes] Stopping gree[  OK  ]curity-assistant:
Starting greenbone-security-assistant:                     [  OK  ]

Step 3: Choose the GSAD admin users password.
The admin user is used to configure accounts,
Update NVT's manually, and manage roles.

Enter password: enter password for admin user
ENTER

ad   main:MESSAGE:3223:2012-01-19 11h09.05 IST: No rules file provided, the new user will have no restrictions.
ad   main:MESSAGE:3223:2012-01-19 11h09.05 IST: User admin has been successfully created.

Step 4: Create a user

Using /var/tmp as a temporary file holder.

Add a new openvassd user
---------------------------------

Login : humus
ENTER

Authentication (pass/cert) [pass] :
ENTER

Login password : enter user password
ENTER

Login password (again) : enter user password again
ENTER

User rules
---------------
openvassd has a rules system which allows you to restrict the hosts that humus has the right to test.
For instance, you may want him to be able to scan his own host only.

Please see the openvas-adduser(8) man page for the rules syntax.

Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)
ctrl-D

Login             : humus
Password          : ***********

Rules             :

Is that ok? (y/n) [y]
ENTER

Setup complete, you can now access GSAD at:

https://<IP>:9392

• Start OpenVAS administrator

/etc/init.d/openvas-administrator start

• Download openvas-check-setup script and check OpenVAS setup

cd /usr/local/src/
wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup -O openvas-check-setup.sh --no-check-certificate
chmod +x openvas-check-setup.sh
./openvas-check-setup.sh --server

• Open Greenbone Security Assistent port in linux firewall

vi /etc/sysconfig/iptables

...
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9392 -j ACCEPT  
...

service iptables restart

• Connect to OpenVAS server
  • Using a web browser browse to https://openvas_server_IP:9392

That’s it. OpenVAS server installation completed. You can create new scans on your network and schdule them to run frequently and check their reports.

For more information on OpenVAS visit http://www.openvas.org