Saturday, November 13, 2010

Open Vulnerability Assessment System (OpenVAS)

This came across when I in search of Nessus for Ubuntu and I found some alternative "VS" (Vulnerability Scanner) to be replace and it act as same as Nessus.

It's took time in search for the alternative software because the default Ubuntu repository send dont have Nessus.But you may add the repository if you insist to install Nessus in your Ubuntu.For me,I seem less trusting unknown repository and decided to look for OpenVas.

Below I show you how to install an OpenVas tools for Vulnerability Scanner.

*==============*
About OpenVAS
*==============*
The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 18,000 in total (as of August 2010).

All OpenVAS products are Free Software and mostly licensed under the GNU General Public License (GNU GPL).


*============*
HOW TO
*============*

1.Install from Default Ubuntu Repository:

#apt-get install openvas-server openvas-plugins-base openvas-plugins-dfsg openvas-client libopenvasnasl2 libopenvas2

2.Basic Configuration:

a) openvas-mkcert (Press "Enter" act as default setting and key in your location)

b) openvas-adduser
-Login = Your Login Name
-pass/cert = pass
-Login Password = Your Password
-Login Password (again) = Your Password

c) User Rules will Pop-Up
-Just Hit Enter for Root User with no restriction

d) Is that ok ?(y/n) [y]



3. OpenVAS NVT Feed Sync.

You need to follow these steps:

a. Check the configuration of the synchronization command:

Usually you will find this shell script installed as "/usr/sbin/openvas-nvt-sync".

You should verify that the variables "NVT_DIR" and "FEED" are correct. This should be the case for NVT_DIR if you did not deviate from the standard build and install routine. For FEED there is currently only the pre-configured one available anyway. So, just don't change it.

b. Run the synchronization command:

# openvas-nvt-sync


It will connect to the currently only available NVT feed. At the end, it will verify the md5 checksums of all synchronized files. If any of them fails, an error is reported. In this case you should retry a couple of minutes later (reasons for failures could be network lags or that feed was updated at the same time.)

c. Restart the OpenVAS server (openvasd):

# kill -1 PID


Where PID is the process ID of the main openvasd. You may see in the "openvas-nvt-sync" script how this should work ideally, but currently it does not work. You might consider using the "killall openvasd" command if you really know what this means.

(*IT'S TOOK TIMES TO SYNC. BE PATIENT!)


4.Edit your configuration file "/etc/openvas/openvasd.conf" and change the nasl_no_signature_check option to the following:

Code:

nasl_no_signature_check = yes

(*Default it will #Comment for nasl_no_signature_check = no )


5.Finally

Type OPENVASD and you vulnerability scanner will be started.

------------------------------------------------------------------------


Another way on how to install OpenVAS
=====================================

# apt-get install openvas

# openvas-adduser

# openvas-mkcert

# openvas-nvt-sync

# openvasd

# openvas-mkcert-client -n om -i

# openvasmd –rebuild

# openvasad -c ‘add_user’ -n openvasadmin -r Admin

# openvasmd -p 9390 -a 127.0.0.1

# openvasad -a 127.0.0.1 -p 9393

# gsad –http-only –listen=127.0.0.1 -p 9392

And you may access it at [Web Interface: http://127.0.0.1:9392]


EOF
====

No comments:

Post a Comment