This article explains how to install OpenVAS on CentOS 7. My earlier attempts to document the installation process of OpenVAS on CentOS 6 failed. OpenVAS is an alternative to (and a fork of) the very popular Nessus. It’s a very capable vulnerability scanner. I hope to write other articles on the use of OpenVAS soon.
Sunday 21st April 2019: OpenVAS has recently gone through a significant change with “openvas-9.0.3-6767.el7.art.noarch is obsoleted by greenbone-vulnerability-manager-10.0.0-6947.el7.art.noarch”. This HowTo is likely not correct any longer. I will try to modify it to meet the new changes.
A few prerequisites:
- Disable SELinux.
- Permit TCP port 9392, 443 and 80.
Run this command. It’s downloading a script and executing it:
wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh
yum clean all
Tune Redis by adding the following to your “/etc/rc.local”. Otherwise, just make sure this is executed before Redis starts.
echo 512 > /proc/sys/net/core/somaxconn echo never > /sys/kernel/mm/transparent_hugepage/enabled
Install OpenVAS from YUM:
yum install openvas atomic-sqlite-sqlite sshpass
Run the setup process and follow the prompts. This takes a few hours due to all the downloads it needs:
You can set a new Admin password at any time later for the web portal:
openvasmd --user=admin --new-password=MySecretPassword
Set the NVT signature checking in “/etc/openvas/openvassd.conf”. The following is set to ‘yes’ by default. Change it to no:
nasl_no_signature_check = no
Restart the services:
systemctl enable redis systemctl enable gsad systemctl enable gvmd systemctl enable openvas-manager systemctl enable openvas-scanner systemctl restart redis systemctl restart gsad systemctl restart gvmd systemctl restart openvas-manager systemctl restart openvas-scanner
Open your web browser and navigate to the following address and login with the username and password you’ve previously set:
"https://localhost:9392" or "https://localhost"
Further random notes
The following are my notes and attempts to resolve minor issues.
It’s important to keep OpenVAS up to date. Schedule the following command(s):
greenbone-nvt-sync ; openvasmd --rebuild
Trouble exporting reports in PDF format
For assistance with PDF reports can be found in this thread “lists.wald.intevation.org/pipermail/openvas-discuss/2014-October/006939.htmlOID: 220.127.116.11.4.1.25618.104.22.168013”. I was not successful in my en-devour to resolve this matter. I’d say it’s more to do with CentOS rather than OpenVAS.