OpenVAS CentOS 6.x VM Appliance

The official OpenVAS documentation for CentOS Quick-Setup/Quick-Start installs has been in my experience rather incomplete. Following it verbatim has very often rendered an inoperable OpenVAS installation. The instructions that follow have been designed towards running the current version of OpenVAS on a CentOS 6.x VM as an appliance. In other words, the virtual OS environment is not meant to do anything other than serve the OpenVAS application. The instructions that follow may work in other environments, but your mileage may vary.

First off, set up your VM with at least 2048 MB of RAM, 64 GB of disk space, and preferably 2 CPU cores. Also, your virtual NIC should be set to “bridged” mode (as opposed to “NAT” or “Shared” mode). Install CentOS 6.x from the “minimal” ISO, making sure to pay attention to the network settings during setup (if you ignore them, your VM will not have an active network connection).

At this point, you’re ready to begin setting up your new OpenVAS environment…

First off, you’ll need to disable SELINUX — otherwise, OpenVAS’ aggressive scanning engine(s) won’t be able to function properly. Edit the configuration file:

vi /etc/selinux/config

…set SELINUX to disabled:

SELINUX=disabled

…and then reboot.

Afterwards, disable the firewall:

service iptables stop
chkconfig iptables off

Now you’ll need to install wget, and for accurate timekeeping, NTP:

yum -y install wget ntp

Next, you should enable and start the NTPD service:

chkconfig ntpd on
service ntpd start

Now, you need to grab the OpenVAS installer script:

wget -q -O - http://www.atomicorp.com/installers/atomic |sh

…and then update YUM:

yum -y update

Now it’s time to install OpenVAS:

yum -y install openvas

This shouldn’t take too long — maybe up to 30 minutes, depending on your available bandwidth. Once complete, run:

openvas-setup

You will need to answer a few questions towards the end of the setup script, such as the credentials for an admin and a normal user account for OpenVAS. Just pay attention to the prompts, and answer them intelligently. During setup, an NVT Sync will occur. This means that the vulnerability scripts from the past ten years and beyond will be synchronized with your installation. This will take a significant amount of time to complete, possibly more than an hour, so be patient and don’t cancel out of the process. Once it had finished, do this:

service openvas-manager stop

If you don’t, the next step will silently fail and you won’t be able to log into the web console. Next, do:

openvassd

This step could also take a significant amount of time, depending on your appliance’s resources. In my experience, it should take less time than the initial ‘openvassd’ process. Now you should do:

openvasmd --migrate
openvasmd --rebuild
killall openvassd
service openvas-scanner start
service openvas-manager start

At this point, the installation is complete, but it doesn’t hurt to double-check everything, so run:

openvas-check-setup

All results should return an [OK]. Finally, do:

service openvas-administrator restart

…and once you see [OK], point your browser to:

https://ip:9392/

…and you’re ready to begin setting up your environment. Keep in mind the following:

  • Schedules are in GMT
  • Email Escalators rely on unfiltered outbound access to port 25/tcp. If your ISP blocks this type of access, ask them to unblock it. I spent over an hour troubleshooting this before deciding to contact my ISP (AT&T), and simply asking them nicely resulted in them removing the block in less than 10 minutes. I’m sure there’s some sort of workaround that may work, such as configuring postfix to send outbound mail on a different port, but after wasting numerous hours of my life, I wasn’t able to find one that worked for me. Just ask your ISP!
  • Only scan the nodes/networks that you have been granted permission to scan. It may be illegal to do so otherwise.
Sunday, April 12th, 2009 Adam

No comments yet.

Leave a comment

You must be logged in to post a comment.

Search

 

Categories