OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
The OpenVAS user¶
OpenVAS is run under a dedicated user,
so as user
The following commands should be run as user
Generate OpenVAS keys certificates¶
A gnupg key is used to verify the integrety of downloaded data. So, create our own gnupg key, and sign the OpenVASgnupg key with it:
gpg --homedir=/var/lib/openvas/gnupg --gen-key --batch < /var/lib/openvas/gnupg/gnupg_genkey_batch.txt gpg --homedir=/var/lib/openvas/gnupg --import /var/lib/openvas/gnupg/OpenVAS_TI.asc gpg --homedir=/var/lib/openvas/gnupg --yes --lsign-key 48DB4530
Create the certificates needed for communication:
openvas-mkcert -q openvas-mkcert-client -n -i
Download OpenVAS data¶
Download OpenVAS data (may take half an hour or more):
openvas-nvt-sync openvas-scapdata-sync openvas-certdata-sync
Rebuild OpenVAS databases¶
The first time openvassd is started, it will rebuild its cache:
This may take 10 minutes or more. You can watch the progress with:
ps u -C openvassd
When cache rebuilding is complete, you should see:
openvassd: Waiting for incoming connections
Then rebuild the openvasmd database:
OpenVAS admin user¶
Add an administrative user:
openvasmd --create-user admin
Remember the password ...
openvassd should already have been started above.
Start manager and greenbone-security-assistant:
openvasmd gsad --port=9392
You should now have an OpenVAS interface on localhost:9392
Check that everything is OK¶
wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup --no-check-certificate chmod +x openvas-check-setup ./openvas-check-setup
Pretending to be another Linux distribution¶
Many OpenVAS checks are distribution specific, and KaarPux is not recognized by OpenVAS. Hence you may want to set up KaarPux to pretend to be another Linux distribution.
Then, if you run an OpenVAS scan, more vulnerabilities may be picked up.
Note however, that some package names differ between KaarPux and other Linux distributions, so some vulnerabilities may be missed.
create the file
#!/bin/sh /home/kaarpux/kaarpux/master/tools/kx_version.pl --rpm --threads=10 2>/dev/null
and the file
#!/bin/sh /home/kaarpux/kaarpux/master/tools/kx_version.pl --dpkg --threads=10 2>/dev/null | \\ /home/kaarpux/kaarpux/master/tools/kx_pkg_dpkg.sh
and make them executable:
chmod +x /bin/rpm /bin/dpkg
Pretending to be Fedora¶
create the file
KaarPux pretending to be Fedora release 20 (Heisenbug)
You may want to try other Fedora versions: grep Fedora /var/lib/openvas/plugins/gather-package-list.nasl
Pretending to be Debian¶
create the file
KaarPux pretending to be Debian 7.0
You may want to try other Debian versions:
grep \\"Debian /var/lib/openvas/plugins/gather-package-list.nasl
OpenVAS network scanning¶
A part of OpenVAS is scanning
hosts for network vulnerabilities.
If you want to run those scans, you need to start:program:OpenVAS
If you do not run OpenVAS
you need to set Alive Test to Consider Alive
when creating a New Target
One indicator of the above problem is a log item stating:
Remote host is dead.