{"id":2712,"date":"2019-06-18T19:17:52","date_gmt":"2019-06-18T16:17:52","guid":{"rendered":"https:\/\/kifarunix.com\/?p=2712"},"modified":"2019-06-18T19:17:53","modified_gmt":"2019-06-18T16:17:53","slug":"install-openvas-9-with-postgresql-in-ubuntu-18-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-openvas-9-with-postgresql-in-ubuntu-18-04\/","title":{"rendered":"Install OpenVAS 9 with PostgreSQL in Ubuntu 18.04"},"content":{"rendered":"\n

In this guide, we are going to learn how to install OpenVAS 9 with PostgreSQL in Ubuntu 18.04. In our previous guide, we covered the installation of OpenVAS 9 on Ubuntu 18.04, see the link below. OpenVAS 9 uses SQLite as the database by default.<\/p>\n\n\n\n

Installing OpenVAS 9 on Ubuntu 18.04<\/a><\/p>\n\n\n\n

Install OpenVAS 9 with PostgreSQL in Ubuntu 18.04<\/h3>\n\n\n\n

To begin with, update and upgrade your system packages.<\/p>\n\n\n\n

sudo apt update
sudo apt upgrade<\/code><\/pre>\n\n\n\n
Install PostgreSQL on Ubuntu 18.04<\/h4>\n\n\n\n
Run the command below to install PostgreSQL and the required dependencies to function with OpenVAS 9.<\/p>\n\n\n\n
sudo apt install postgresql postgresql-contrib postgresql-server-dev-10<\/code><\/pre>\n\n\n\n
Running PostgreSQL<\/h4>\n\n\n\n
PostgreSQL is set to run after installation by default. You can check status by running the command below;<\/p>\n\n\n\n
sudo systemctl status postgresql\n\u25cf postgresql.service - PostgreSQL RDBMS\n   Loaded: loaded (\/lib\/systemd\/system\/postgresql.service; enabled; vendor preset: enabled)\n   Active: active (exited) since Mon 2019-06-17 22:47:18 EAT; 10min ago\n Main PID: 2019 (code=exited, status=0\/SUCCESS)\n    Tasks: 0 (limit: 1130)\n   CGroup: \/system.slice\/postgresql.service<\/code><\/pre>\n\n\n\n
It is also enabled to run on system boot.<\/p>\n\n\n\n
systemctl is-enabled postgresql
enabled<\/code><\/pre>\n\n\n\n
Create PostgreSQL User and Database<\/h4>\n\n\n\n
Once the installation is done, create the PostgreSQL user and database for OpenVAS manager. Note that the database and user should be created as PostgreSQL user, postgres<\/strong>.<\/p>\n\n\n\n
sudo -Hiu postgres\ncreateuser root\ncreatedb -O root tasks<\/code><\/pre>\n\n\n\n
Grant PostgreSQL User DBA Roles<\/h4>\n\n\n\n
Next, login to PostgreSQL database and grant the user (created above) the administrative roles on that database.<\/p>\n\n\n\n
sudo -Hiu postgres\npsql tasks\ncreate role dba with superuser noinherit;\ngrant dba to root;\ncreate extension \"uuid-ossp\";\n\\q\nexit<\/code><\/pre>\n\n\n\n
Build OpenVAS 9 Manager From Source<\/h4>\n\n\n\n
To build OpenVAS 9 from the source, you need to download the source code. Hence, before you can proceed, create a directory to which the OpenVAS manager source will be downloaded. This guide used the local source code directory.<\/p>\n\n\n\n
sudo mkdir -p \/usr\/local\/src\/openvas\/debs<\/code><\/pre>\n\n\n\n
Add the mrazavi OpenVAS repository to enable use install OpenVAS Manager as shown below.<\/p>\n\n\n\n
sudo apt install software-properties-common\nsudo add-apt-repository ppa:mrazavi\/openvas<\/code><\/pre>\n\n\n\n
After that, edit the created source list to enable OpenVAS source repository by uncommenting source repository as shown below<\/p>\n\n\n\n
sudo vim \/etc\/apt\/sources.list.d\/mrazavi-ubuntu-openvas-bionic.list<\/code><\/pre>\n\n\n\n
deb http:\/\/ppa.launchpad.net\/mrazavi\/openvas\/ubuntu bionic main\ndeb-src http:\/\/ppa.launchpad.net\/mrazavi\/openvas\/ubuntu bionic main\n<\/code><\/pre>\n\n\n\n
Next, run system update to resynchronize packages to the latest versions.<\/p>\n\n\n\n
sudo apt update<\/code><\/pre>\n\n\n\n
Install Required Build Tools and Dependencies<\/h4>\n\n\n\n
Next, run the command below to install the build tools and the required dependencies.<\/p>\n\n\n\n
sudo apt install dpkg-dev debhelper cmake pkg-config libglib2.0-dev libgnutls28-dev build-essential libgcrypt11-dev libsqlite3-dev libgpgme-dev rats libopenvas9-dev<\/code><\/pre>\n\n\n\n
Download OpenVAS Manager Source code<\/h4>\n\n\n\n
Navigate to OpenVAS 9 source directory created above and run the command below to download the source code.<\/p>\n\n\n\n
cd \/usr\/local\/src\/openvas\nsudo apt source openvas9-manager<\/code><\/pre>\n\n\n\n
Verify OpenVAS build dependencies<\/h4>\n\n\n\n
Before you can compile OpenVAS 9, you need to check if any dependency is missing. This can be done by running the dpkg-checkbuilddeps<\/strong> command within the OpenVAS manager source directory.<\/p>\n\n\n\n
cd \/usr\/local\/src\/openvas\/openvas9-manager-7.0.3\nsudo dpkg-checkbuilddeps<\/code><\/pre>\n\n\n\n
If there is any dependency missing, you will see it. Hence, you need to install any missing dependency before you can proceed. If all is well, the command returns nothing.<\/p>\n\n\n\n
Configure OpenVAS Source code to use PostgreSQL<\/h4>\n\n\n\n
To configure OpenVAS to use PostgreSQL instead of the default SQLite, edit the debian\/rules<\/strong> within the source code directory and make the adjustments as shown below;<\/p>\n\n\n\n
sudo vim debian\/rules<\/code><\/pre>\n\n\n\n
...\n# Add '-DBACKEND=POSTGRESQL' to the line below to enable support for PostgreSQL\noverride_dh_auto_configure:\n        dh_auto_configure -- -DLOCALSTATEDIR=\/var -DSYSCONFDIR=\/etc -DBACKEND=POSTGRESQL\n...<\/code><\/pre>\n\n\n\n
Once that is done, add PostgreSQL directory as part of OpenVAS install directories.<\/p>\n\n\n\n
sudo sh -c \"echo 'usr\/lib\/openvasmd\/pg' >> debian\/openvas9-manager.dirs\"\nsudo sh -c \"echo 'usr\/lib\/openvasmd\/pg' >> debian\/openvas9-manager.install\"<\/code><\/pre>\n\n\n\n
Compile and Install OpenVAS 9 on Ubuntu 18.04<\/h4>\n\n\n\n
Run the command below to generate OpenVAS 9 manager DEB package from the source code.<\/p>\n\n\n\n
sudo dpkg-buildpackage -uc -us<\/code><\/pre>\n\n\n\n
If all is well, multiple DEB files are generated and stored under the \/usr\/local\/src\/openvas\/<\/strong>. Move all these binaries to debs directory created above.<\/p>\n\n\n\n
sudo mv \/usr\/local\/src\/openvas\/*.deb \/usr\/local\/src\/openvas\/debs\/<\/code><\/pre>\n\n\n\n
Install OpenVAS 9 manager. To avoid any would be dependency, use the APT command.<\/p>\n\n\n\n
sudo apt install \/usr\/local\/src\/openvas\/debs\/*.deb<\/code><\/pre>\n\n\n\n
During installation, you are prompted to enable redis unix socket. Enable it and proceed.<\/p>\n\n\n\n
\"install<\/a><\/figure>\n\n\n\n
Next, you need to disable SQLite from overriding PostgreSQL when an update is run. This can be done by running the commands below;<\/p>\n\n\n\n
sudo apt-mark hold openvas9-manager<\/code><\/pre>\n\n\n\n
The build and installation of OpenVAS 9 manager is done . You can now update the network vulnerability tests database by syncing it with feeds<\/a> using the the following commands:<\/p>\n\n\n\n
greenbone-nvt-sync\ngreenbone-scapdata-sync\ngreenbone-certdata-sync<\/code><\/pre>\n\n\n\n
Once the update is done, restart the OpenVAS scanner, manager and security assistant.<\/p>\n\n\n\n
systemctl restart openvas-scanner\nsystemctl restart openvas-manager\nsystemctl restart openvas-gsa<\/code><\/pre>\n\n\n\n
Enable the services to run on system reboot.<\/p>\n\n\n\n
systemctl enable openvas-scanner\nsystemctl enable openvas-manager\nsystemctl enable openvas-gsa<\/code><\/pre>\n\n\n\n
Next, rebuild the NVTs cache so that the feeds synced above are loaded  to the OpenVAS manager.<\/p>\n\n\n\n
openvasmd --rebuild --progress --verbose\nRebuilding NVT cache... done.<\/code><\/pre>\n\n\n\n
OpenVAS 9 should now be running. You can check it as shown below;<\/p>\n\n\n\n
ps aux | grep openvas | grep -v grep\nroot     16686  0.0  0.1 102068  1380 ?        Ss   16:24   0:00 gpg-agent --homedir \/var\/lib\/openvas\/openvasmd\/gnupg --use-standard-socket --daemon\nroot     16726  0.1  0.3 146408  3584 ?        Ss   16:26   0:01 openvassd: Waiting for incoming connections\nroot     16747  0.0 14.2 348460 143340 ?       SL   16:26   0:00 openvasmd<\/code><\/pre>\n\n\n\n
To be able to generate pdf reports for the scan results, you need to install some additional packages.<\/p>\n\n\n\n
sudo apt install texlive-latex-extra --no-install-recommends\nsudo apt install texlive-fonts-recommended --no-install-recommends<\/code><\/pre>\n\n\n\n
Accessing OpenVAS Web Interface<\/h4>\n\n\n\n
You should now be able to access OpenVAS web interface via the address, https:\/\/localhost:4000<\/strong>. Use “admin<\/strong>” as username and password for logins. However, if you are accessing OpenVAS 9 externally, you need to set the listen address to an interface IP as shown below.<\/p>\n\n\n\n
vim \/etc\/default\/openvas-gsa<\/code><\/pre>\n\n\n\n
...\n# To set listening address:\n# \n#LISTEN_ADDRESS=\"0.0.0.0\"\nLISTEN_ADDRESS=\"192.168.43.138\"\n...<\/code><\/pre>\n\n\n\n
After that, restart OpenVAS GSA by executing the command;<\/p>\n\n\n\n
systemctl restart openvas-gsa<\/code><\/pre>\n\n\n\n
Hence, login to web via https:\/\/<server-IP>:4000<\/strong>.<\/p>\n\n\n\n
\"install<\/a><\/figure>\n\n\n\n
Login with “admin<\/strong>” as username and password for logins. However, you need to verify if this user is created by default by running the command below;<\/p>\n\n\n\n
openvasmd --get-users<\/code><\/pre>\n\n\n\n
If the user doesn’t exist, create an administrative user by running the command below;<\/p>\n\n\n\n
openvasmd --create-user openvasadmin<\/code><\/pre>\n\n\n\n
The command will automatically generate a password for the user created. You can use this credentials to login to OpenVAS 9 GSA web user interface.<\/p>\n\n\n\n
When you login, you can reset the password by navigating to Administration > Users > Actions > Edit User<\/strong>.<\/p>\n\n\n\n
\"Reset<\/a><\/figure>\n\n\n\n
Click Save <\/strong>to save the new password.<\/p>\n\n\n\n
You have successfully installed OpenVAS 9 with support for PostgreSQL as the default database. You can now run the scans on your target end points. See the link below on how to run scans. Enjoy.<\/p>\n\n\n\n
How to Add and Scan a Target for Vulnerabilities on OpenVAS Scanner<\/a><\/p>\n\n\n\n
Follow the links below for related content.<\/p>\n\n\n\n
How to Install and Configure Nessus Scanner on Ubuntu 18.04\/CentOS 7<\/a>
How to Install and Use WPScan WordPress Vulnerability Scanner Ubuntu 18.04<\/a>
How to Install and Use Nikto Web Scanner on Ubuntu 18.04<\/a>
How to Install and Use ClamAV Antivirus on Ubuntu 18.04<\/a>
How to Perform System Security Auditing with Lynis on Ubuntu 18.04<\/a>
How to Install RKHunter (RootKit Hunter) On Ubuntu 18.04<\/a>
How to Install Sophos AntiVirus on Ubuntu 18.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
In this guide, we are going to learn how to install OpenVAS 9 with PostgreSQL in Ubuntu 18.04. In our previous guide, we covered the<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[370,34,150],"tags":[100,989,990,991,67],"class_list":["post-2712","post","type-post","status-publish","format-standard","hentry","category-openvas","category-security","category-vulnerability-scanners","tag-openvas","tag-openvas-9","tag-postgresql","tag-sqlite","tag-ubuntu-18-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2712"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=2712"}],"version-history":[{"count":3,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2712\/revisions"}],"predecessor-version":[{"id":3331,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2712\/revisions\/3331"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=2712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=2712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=2712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}