How to install OpenVas 9 on Ubuntu 16.04 Xenial

Published on Author JFLeave a comment

This installation covers my experience with installing only OpenVas VERSION 9 on Ubuntu 16.04 Xenial only.

There are a variety of resources out there that will help you install previous versions like these:

https://launchpad.net/~mrazavi/+archive/ubuntu/openvas

https://www.vultr.com/docs/how-to-install-openvas-vulnerability-scanner-on-ubuntu-16-04

https://hackertarget.com/openvas-9-install-ubuntu-1604/

Again, this works for Verion 9 only.

Update Ubuntu

sudo lsb_release -a
sudo apt-get -y update && upgrade
sudo reboot (if possible)

Add needed resources

We will need to add a repo and other miscellaneous items & tools

Repo for OpenVas9

sudo add-apt-repository ppa:mrazavi/openvas

Misc Tools

  • sqlite3
  • rpm
  • nsis
  • alien
sudo apt-get install -y sqlite3 rpm nsis alien
  • LaTex (for PDF generation) & LaTex Fonts
sudo apt-get install -y sqlite3 texlive-latex-extra --no-install-recommends 
sudo apte-get install -y texlive-fonts-recommended
sudo wget --no-check-certificate https://svn.wald.intevation.org/svn/openvas/branches/tools-attic/openvas-check-setup
sudo chmod +x openvas-check-setup

To run it later:

sudo ./openvas-check-setup --v9

Open firewall

OpenVAS 9 access is through port 4000, unlike port 443 (and others) of past versions.

sudo ufw allow 4000

Note: the Check Setup script complain about it not being on “the usual” ports. You can ignore this for your safety, or adjust the port if you need to.

Install OpenVAS 9 and update

sudo install openvas9

Update the vulnerabilities

This might take some time. Note that previous versions of this command were “sudo openvas-nvt-sync”, etc.

sudo greenbone-nvt-sync
sudo greenbone-scapdata-sync
sudo greenbone-certdata-sync

Start the scanner, update & rebuild

sudo service openvas-scanner start
sudo service openvas-manager start
sudo openvasmd --update --progress
sudo openvasmd --rebuild --progress

Run Openvas Check

Before you do anything else, check that everything is installed correctly. Follow the instructions for anywhere it says “Fix”.

sudo ./openvas-check-setup --v9

Change host header

With previous versions of OpenVAS you simply go to the URL and you’re in. With this version you need to modify the openvas-gsa file

sudo nano /etc/default/openvas-gsa

Uncomment ALLOW_HEADER_HOST and modify to your needs

# To allow <host> as hostname/address part of a Host header:
#
#ALLOW_HEADER_HOST=

Updated:

# To allow <host> as hostname/address part of a Host header:
#
ALLOW_HEADER_HOST=[your public ipaddress]

Then reboot!

sudo reboot

Go to your scanner and login

MAKE SURE TO IMMEDIATELY LOGIN with admin/admin and update your password!

http://[ipaddress]:4000

Other Config Options

Change port

The default port is now 4000 instead of 443. Even the check function will produce a soft error stating that the port is incorrect.

sudo nano /etc/default/openvas-gsa

Change this to desired port

# To set listening port number:
#
PORT_NUMBER=4000

Check that OpenVAS is running

sudo ps -ef | grep openvas

or

sudo netstat -antp | grep -iE "(openvas|gsad)"

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.