greenbone-security-assistant (UI for OpenVAS)
This is the UI the Open Vulnerability Assessment System (OpenVAS).
###### Known Problems ######
- PDF report generation is broken. This may get fixed in a future slackbuild.
- All the daemons run as root. There's no (working) configuration options
or documentation to change this behavior.
- There are a number of tests that depend on other software packages that are
not available as slackbuilds at this time. Stay tuned.
- If you're running in a VM environment, or on a headless server, then
installing haveged is recommended, particularly for step 11 below.
###### Upgrade Notes ######
If you're updating from OpenVAS-7 to OpenVAS-8, please note the following.
(See: http://www.openvas.org/install-source.html if you're unsure which
version you're running.)
Openvas now uses redis as a temporary database while running scans. You will
need redis installed and running, as well as hiredis. See step 2 below on
how to configure redis.
Before running openvas-manager, you'll need to migrate the database. Simply
# openvasmd --migrate
###### Installation Instructions ######
These instructions assume you're familiar with slackbuilds. If not, please
refer to http://slackbuilds.org/howto/ .
1. Build and install hiredis.
2. Build and install redis. You need to uncomment the following 2 lines in the
Now start up redis:
# sh /etc/rc.d/rc.redis start
3. Build and install openvas-libraries.
4. Build and install openvas-scanner.
5. You need a Certificate Authority and server certificate. Run the following
6. You need the NVT's (Network Vulnerability Tests). Run the following
command to sync. In the future, you can do this through the
greenbone-security-assistant interface. This will take a minute or so
with a blazing fast internet connection. YMMV.
7. Start the openvas-scanner daemon.
# sh /etc/rc.d/rc.openvassd start
8. Build and install openvas-manager.
9. You need client certificates for manager to talk to scanner. Use the
# openvas-mkcert-client -n -i
10. Initialize the manager database. This will take a while, so be patient.
# openvasmd --rebuild
11. You want encrypted credentials in the DB, so do this now.
# openvasmd --create-credentials-encryption-key
This may take a while, so it's best to create some entropy by skipping to
#13-#15 and then coming back, if needed.
12. Create a user.
# openvasmd --create-user=cary
If you find the assigned password hard to remember, you can change it
# openvasmd --user=cary --new-password=mekmitasdigoat
13. Sync SCAP data. This will take some time.
14. Sync CERT data.
15. Update port names.
# wget http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
# openvas-portnames-update service-names-port-numbers.xml
# rm service-names-port-numbers.xml
16. Start the openvas-manager daemon.
# sh /etc/rc.d/rc.openvasmd start
17. Build and install libmicrohttpd.
18. Build and install greenbone-security-assistant.
19. Launch the greenbone-security-assistant.
# sh /etc/rc.d/rc.gsad start
20. Point your browser at https://<YOUR IP OR HOSTNAME>:9392
You'll get a certificate error, of course (fixing this is left as an
excercise for the reader). Log in with your username/password from #12.
21. [Optional] Build and install openvas-cli. You'll need this if you ever
want to script tests.
That's it! If you run into any problems, you can try running the
openvas-check-setup script found here:
If you don't have a web-server running, you can edit the /etc/rc.d/rc.gsad
script to remove the "-p 9392" option, and it will run on port 443.
Please let me know if you run into any problems. Patches welcome!
Maintained by: Kent Fritz
Keywords: penetraton testing,framework,openvas,security,scanner
(the SlackBuild does not include the source)