November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

Categories

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  
«  
  »

OpenVAS 5 Installation on CentOS 6.2

OpenVAS 5 Installation on CentOS 6.2

Install Centos 6.2 Minimal

OS: CentOS 6.2 32bit
Hardware: Virtual Machine (VirtualBox 4.1.14)
OpenVAS: 5

About

OpenVAS is an opensource vulnerability network scanner.
OpenVAS let you scan your network for vulnerabilities and create a report on your network status.

Prerequisite

    Disable SELINUX

vi /etc/selinux/config


SELINUX=disabled

Disable the firewall

 Install wget

yum install wget -y

    Update your Operating System and reboot

yum update -y
reboot

OpenVAS Installation

    Install atomic repository

wget -q -O – http://www.atomicorp.com/installers/atomic |sh

Atomic Archive installer, version 2.0.3

BY INSTALLING THIS SOFTWARE AND BY USING ANY AND ALL SOFTWARE
PROVIDED BY ATOMICORP LIMITED YOU ACKNOWLEDGE AND AGREE:

THIS SOFTWARE AND ALL SOFTWARE PROVIDED IN THIS REPOSITORY IS
PROVIDED BY ATOMICORP LIMITED AS IS, IS UNSUPPORTED AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ATOMICORP LIMITED, THE
COPYRIGHT OWNER OR ANY CONTRIBUTOR TO ANY AND ALL SOFTWARE PROVIDED
BY OR PUBLISHED IN THIS REPOSITORY BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.

Do you agree to these terms? (yes/no) [Default: yes]
ENTER

Installing the Atomic GPG key: OK
Downloading atomic-release-1.0-14.el6.art.noarch.rpm: OK

The Atomic Rocket Turtle archive has now been installed and configured for your system
The following channels are available:
  atomic          – [ACTIVATED] – contains the stable tree of ART packages
  atomic-testing  – [DISABLED]  – contains the testing tree of ART packages
  atomic-bleeding – [DISABLED]  – contains the development tree of ART packages

    Install OpenVAS

yum install openvas -y

    Run openvas-setup to configure OpenVAS

openvas-setup

Openvas Setup, Version: 0.1

Step 1: Update NVT’s
Please note this step could take some time.
Once completed, NVT’s will be updated automatically every 24 hours

Updating NVTs….
Stopping openvas-scanner:                                  [  OK  ]
Starting openvas-scanner:
                                                           [  OK  ]
Updating OpenVAS Manager database….

Step 2: Configure GSAD
The Greenbone Security Assistant is a Web Based front end
for managing scans. By default it is configured to only allow
connections from localhost.

Allow connections from any IP? [Default: yes] Stopping gree[  OK  ]curity-assistant:
Starting greenbone-security-assistant:                     [  OK  ]

Step 3: Choose the GSAD admin users password.
The admin user is used to configure accounts,
Update NVT’s manually, and manage roles.

Enter password: enter password for admin user
ENTER

 

ad   main:MESSAGE:3223:2012-01-19 11h09.05 IST: No rules file provided, the new user will have no restrictions.
ad   main:MESSAGE:3223:2012-01-19 11h09.05 IST: User admin has been successfully created.

Step 4: Create a user

Using /var/tmp as a temporary file holder.

Add a new openvassd user
---------------------------------

Login : humus
ENTER

Authentication (pass/cert) [pass] :
ENTER
Login password : enter user password
ENTER
Login password (again) : enter user password again
ENTER
User rules
---------------
openvassd has a rules system which allows you to restrict the hosts that humus has the right to test.
For instance, you may want him to be able to scan his own host only.

Please see the openvas-adduser(8) man page for the rules syntax.

Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)
ctrl-D
Login             : humus
Password          : ***********

Rules             :

Is that ok? (y/n) [y]
ENTER
Setup complete, you can now access GSAD at:

https://<IP>:9392
  • Start OpenVAS administrator
/etc/init.d/openvas-administrator start
  • Download openvas-check-setup script and check OpenVAS setup
cd /usr/local/src/
wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup -O openvas-check-setup.sh --no-check-certificate
chmod +x openvas-check-setup.sh
./openvas-check-setup.sh --server
  • Open Greenbone Security Assistent port in linux firewall
vi /etc/sysconfig/iptables
...
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9392 -j ACCEPT  
...
service iptables restart
  • Connect to OpenVAS server
    • Using a web browser browse to https://openvas_server_IP:9392

That’s it. OpenVAS server installation completed. You can create new scans on your network and schdule them to run frequently and check their reports.

For more information on OpenVAS visit http://www.openvas.org

 

August 22nd, 2012 | Category: Security on Centos

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>