The Open Vulnerability Assessment System (OpenVAS) is a set of tools for vulnerability scanning and management. OpenVAS can scan systems for thousands of known vulnerabilities. It’s incredibly powerful and should be considered a must have for anyone who serious about their network and system security.
SEE: Network Security Policy (Tech Pro Research)
I’ll walk you through the process of installing this powerhouse security admin tool on Ubuntu 16.04. The process is a bit time consuming, but what you gain in the end is worth every second.
Note: OpenVAS is an outstanding way to test machines you own/service/administer for vulnerabilities. Do not use this tool on systems outside of your purview.
We’ll be working entirely via the command line, so open a terminal window on your Ubuntu 16.04 server and get ready to type. The first thing you must do is update apt and then upgrade your system. Issue the following two commands:
sudo apt-get update sudo apt-get upgrade
Before continuing to the OpenVAS install, there is one package that must be installed. Issue the command:
sudo apt install software-properties-common
Once those commands have completed, the necessary apt repository must be installed. Issue the following at your terminal:
sudo add-apt-repository ppa:mrazavi/openvas
When prompted to hit Enter, do so. The repository is set.
We update apt once again with the command:
sudo apt-get update
Finally, we install OpenVAS:
sudo apt-get install openvas
A number of dependencies will be picked up and installed during this process. During the installation, you will be asked to enable a redis database so OpenVAS can store necessary data. Tap Yes and hit Enter (Figure A).
When that task completes, OpenVAS is installed, but it’s not ready to be used—there are still a few steps to take.
You need to install the sqlite3 package, which is used to store Common Vulnerabilities and Exposures data. To install sqlite3, issue the following command:
sudo apt-get install sqlite3
Now we need to sync the OpenVAS NVT feed. By doing this, the OpenVAS installation will have access to the most current vulnerabilities. The command to sync the NVT feed is:
The above command should be added as a weekly cron job (as the feed is updated weekly). To do this safely, we’ll create a bash script, called openvas-update, with the following contents:
#!/bin/sh temp=`tempfile` openvas-nvt-sync 2>&1> $temp if [ $? -ne 0 ] then cat $temp fi rm $temp if [ -f /var/lib/run/openvasd.pid ] then pid=`cat /var/lib/run/openvasd.pid` kill -1 $pid 2>/dev/null fi
Give that file executable permissions with the command chmod u+x openvas-update and then move it to a suitable location, such as /usr/local/sbin. Now issue the command sudo crontab -e and add the following line:
0 0 * * SUN /usr/local/sbin/openvas-update
Save and close that file.
Next we need to synchronize Security Content Automation Protocol (SCAP) and Computer Emergency Readiness Team (CERT) vulnerability data. Do this with the following two commands:
sudo openvas-scapdata-sync sudo openvas-certdata-sync
Both of the above commands will take a while, so either sit back and enjoy the show or head off and tackle another task.
When the two sync commands complete, the OpenVAS scanner and manager both need to be restarted with the following two commands:
sudo service openvas-scanner restart sudo service openvas-manager restart
Finally, the OpenVAS database must be rebuilt so the OpenVAS manager can access the newly updated data. Issue the following command:
sudo openvasmd --rebuild --progress
Before you continue, the default admin password must be changed. To do this, issue the command (NEW_PASSWORD is the password you want to use for the admin user):
sudo openvasmd --user=admin --new-password=NEW_PASSWORD
OpenVAS is ready to be used. Point your browser to https://IP_OF_SERVER:9392 (IP_OF_SERVER is the actual IP address of your server hosting OpenVAS) and log in with the user admin and the new password you created above.
Now you can use the OpenVAS web-based interface to scan an IP address for vulnerabilities. Type in the IP address or hostname in the IP Address Or Hostname field and click Start Scan (Figure B).
With your new OpenVAS installation ready to go, you can scan all of the machines on your network to check for any known vulnerability. This should be considered a must for any system or network administrator.
It’ll take some time to get OpenVAS up and running, but in the end you’ll be far more aware of any issues on your servers and/or desktops. Better safe than sorry.
Source: SANS ISC SecNewsFeed @ March 2, 2017 at 08:24PM