OpenVAS is the world’s most advanced Open Source vulnerability scanner and manager. It is a software framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. It executes the actual Network Vulnerability Tests (NVTs) which are served via the OpenVAS NVT Feed<\/a> or via a commercial feed service.<\/p>\n\n\n\n Before we dive into installing and setting up OpenVAS on Ubuntu 18.04, let us first have an overview of the basic functionality and the various components that make up OpenVAS.<\/p>\n\n\n\n The illustration below shows the logical architecture of the OpenVAS framework:<\/p>\n\n\n\n The description of major components of OpenVAS is briefly outlined below.<\/p>\n\n\n\n Without much theory, let us dive into installing and setting up OpenVAS on Ubuntu 18.04. But wait, you might also be interested in checking our previous articles on Nessus, Nikto, WPScan, Lynis, RKHunter, ClamAV, Free Sophos AntiVirus by following the links below;<\/p>\n\n\n\n Before you can proceed with installation and setup of OpenVAS 9 on Ubuntu 18.04, you have to create OpenVAS PPA repository using the After adding the ppa repo, update your system and install the required packages; Want to use PostgreSQL database with OpenVAS 9 instead of the default SQLite? See the link below on how to configure OpenVAS 9 to use PostgreSQL.<\/p>\n\n\n\n Install OpenVAS 9 with PostgreSQL in Ubuntu 18.04<\/a><\/p>\n\n\n\n During installation, you may be prompted to update the redis conf file to enable redis unix socket. Enable the socket and proceed with installation.<\/p>\n\n\n\n In order to obtain PDF reports with nice fonts for every scanning, some packages need to be installed.<\/p>\n\n\n\n To run OpenVAS NASL scripts against a target, or troubleshoot and check NASL scripts for errors, you need the openvas-nasl utility which is provided by the After that, update the network vulnerability tests database by syncing it with feeds<\/a> using the the following commands:<\/p>\n\n\n\n Once the update is done, restart the OpenVAS scanner, manager and security assistant.<\/p>\n\n\n\n You can also enable the services to run on system reboot.<\/p>\n\n\n\n Run the following command to confirm that the openvas processes are running.<\/p>\n\n\n\n Now, Before we can run any tests, we need to rebuild the NVTs cache so that the feeds we synced above are loaded to the OpenVAS manager.<\/p>\n\n\n\n There are some additional tools that can be installed for instance To install Now, run the command to verify your installation.<\/p>\n\n\n\n Oh well, it seems like everything is okay.<\/p>\n\n\n\n Now we can proceed to access our OpenVAS via web browser. Remember the default port number of the web interface is 4000<\/strong>. So, to access the web interface, go to https:\/\/IP_address_of_server:4000. <\/strong>The default login credentials are: “admin<\/strong>” as username and password.<\/p>\n\n\n\n When you login, the default dashboard for OpenVAS looks like as shown below;<\/p>\n\n\n\n You have successfully set up a fully functional OpenVAS Scanner on Ubuntu 18.04 and you should now be able to run vulnerability scans against your hosts.<\/p>\n\n\n\n See how to add and scan a target for vulnerabilities by following the link below.<\/p>\n\n\n\nArchitecture Overview<\/strong><\/h3>\n\n\n\n
![\"Install](\"http:\/\/kifarunix.com\/wp-content\/uploads\/2018\/08\/openvas-arch-1.png\" "\\"\\"")
<\/a><\/figure>\n\n\n\n\n
\n
Install and Setup OpenVAS 9 Vulnerability Scanner on Ubuntu<\/h2>\n\n\n\n
add-apt-repository<\/code> command as shown below. When you run the above command, a summary of how to go about installation and set up is given. To add the ppa repo, press ENTER.<\/p>\n\n\n\nadd-apt-repository ppa:mrazavi\/openvas<\/code><\/pre>\n\n\n\nsqlite3<\/code> which provides SQL DB for OpenVAS manager, openvas9<\/code> package fot openvas 9.<\/p>\n\n\n\napt update -y\napt upgrade -y\napt install sqlite3 openvas9 -y<\/code><\/pre>\n\n\n\nConfiguring openvas9-scanner\n----------------------------\n\nOpenvas scanner require redis database to store data. It will connect to the database with a unix socket\nat \/var\/run\/redis\/redis.sock.\n\n\nIf you agree, the installation process will enable redis unix socket at this address automatically, by\nupdating \/etc\/redis\/redis.conf.\n\nOtherwise, you have to manually update your \/etc\/redis\/redis.conf.\n\nDo you want to enable redis unix socket in \/etc\/redis\/redis.conf? [yes\/no] yes<\/strong><\/code><\/pre>\n\n\n\napt install texlive-latex-extra --no-install-recommends -y\napt install texlive-fonts-recommended --no-install-recommends -y<\/code><\/pre>\n\n\n\nlibopenvas9-dev<\/code> package. To install libopenvas9-dev, run the following command.<\/p>\n\n\n\napt install libopenvas9-dev<\/code><\/pre>\n\n\n\ngreenbone-nvt-sync\ngreenbone-scapdata-sync\ngreenbone-certdata-sync<\/code><\/pre>\n\n\n\nsystemctl restart openvas-scanner\nsystemctl restart openvas-manager\nsystemctl restart openvas-gsa<\/code><\/pre>\n\n\n\nsystemctl enable openvas-scanner\nsystemctl enable openvas-manager\nsystemctl enable openvas-gsa<\/code><\/pre>\n\n\n\nps aux | grep openvas<\/code><\/pre>\n\n\n\nroot 18390 0.0 0.3 146072 3500 ? Ss 10:59 0:02 openvassd: Waiting for incoming connections<\/strong>\nroot 18418 0.0 0.0 93312 536 ? Ss 10:59 0:00 gpg-agent --homedir \/var\/lib\/openvas\/openvasmd\/gnupg --use-standard-socket --daemon\nroot 18521 0.0 0.6 202844 6172 ? SL 10:59 0:00 openvasmd<\/strong><\/code><\/pre>\n\n\n\nopenvasmd --rebuild --progress --verbose\nRebuilding NVT cache... done.<\/code><\/pre>\n\n\n\nopenvas-check-setup<\/code> tool for checking the state of OpenVAS installation. It can also show other requirements for OpenVAS functionality.<\/p>\n\n\n\nopenvas-check-setup<\/code>, download it to your PATH, make it executable.<\/p>\n\n\n\nwget --no-check-certificate https:\/\/svn.wald.intevation.org\/svn\/openvas\/branches\/tools-attic\/openvas-check-setup -P \/usr\/local\/bin\/\nchmod +x \/usr\/local\/bin\/openvas-check-setup<\/code><\/pre>\n\n\n\nopenvas-check-setup --v9<\/code><\/pre>\n\n\n\nopenvas-check-setup 2.3.7\nTest completeness and readiness of OpenVAS-9\n\nPlease report us any non-detected problems and\nhelp us to improve this check routine:\nhttp:\/\/lists.wald.intevation.org\/mailman\/listinfo\/openvas-discuss\n\nSend us the log-file (\/tmp\/openvas-check-setup.log) to help analyze the problem.\n\nUse the parameter --server to skip checks for client tools\nlike GSD and OpenVAS-CLI.\n\nStep 1: Checking OpenVAS Scanner ...\n...<\/strong>\nStep 10: Checking presence of optional tools ...\nOK: pdflatex found.\nOK: PDF generation successful. The PDF report format is likely to work.\nOK: ssh-keygen found, LSC credential generation for GNU\/Linux targets is likely to work.\nWARNING: Could not find rpm binary, LSC credential package generation for RPM and DEB based targets will not work.\nSUGGEST: Install rpm.\nWARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work.\nSUGGEST: Install nsis.\n\nIt seems like your OpenVAS-9 installation is OK.<\/code><\/pre>\n\n\n\n![\"Install](\"http:\/\/kifarunix.com\/wp-content\/uploads\/2018\/08\/greenbone-dash-1.png\" "\\"\\"")
<\/a><\/figure>\n\n\n\n![\"Install](\"http:\/\/kifarunix.com\/wp-content\/uploads\/2018\/08\/greenbonee_dash-1.png\" "\\"\\"")
<\/a><\/figure>\n\n\n\n