This article explains how to install OpenVAS on CentOS 7. My earlier attempts to document the installation process of OpenVAS on CentOS 6 failed. OpenVAS is an alternative to (and a fork of) the very popular Nessus. It’s a very capable vulnerability scanner. I hope to write other articles on the use of OpenVAS soon.
A few prerequisites:
- Disable SELinux.
- Permit TCP port 9392.
Run this command. It’s downloading a script and executing it:
wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh
yum clean all
Install OpenVAS from YUM:
yum install openvas atomic-sqlite-sqlite sshpass
Run the setup process and follow the prompts. This takes a few hours due to all the downloads it needs:
You can set a new Admin password at any time later for the web portal:
openvasmd --user=admin --new-password=MySecretPassword
Set the NVT signature checking in “/etc/openvas/openvassd.conf”. The following is set to ‘yes’ by default. Change it to no:
nasl_no_signature_check = no
Restart the services:
systemctl enable openvas-manager systemctl enable openvas-scanner systemctl enable redis systemctl restart openvas-manager systemctl restart openvas-scanner systemctl restart redis
Open your web browser and navigate to the following address and login with the username and password you’ve previously set:
Further random notes
The following are my notes and attempts to resolve minor issues.
It’s important to keep OpenVAS up to date. Schedule the following command(s):
greenbone-nvt-sync ; openvasmd --rebuild
Trouble exporting reports in PDF format
For assistance with PDF reports can be found in this thread “lists.wald.intevation.org/pipermail/openvas-discuss/2014-October/006939.htmlOID: 188.8.131.52.4.1.256184.108.40.206013”. I was not successful in my en-devour to resolve this matter. I’d say it’s more to do with CentOS rather than OpenVAS.