OpenVas
The OpenVAS GVM Vulnerability Scanner is an advanced, open-source security tool designed for comprehensive vulnerability assessment and management. It efficiently scans and identifies potential security weaknesses in network services and software systems. AWS Marketplace: Openvas
Note:
- Please be patient , it takes 5-10 minutes to be accessible.
SSH Into the server:
- Linux + MAC - add .pem key to
~/.ssh/id_rsa
# change permisisons
chmod 400 id_rsa
ssh adminotaur@ip-of-server
- If using putty or mobaxterm make sure to convert .pem using puttygen.
OpenVAS GVM Login:
- ssh into your server.
- Password:
sudo cat /home/adminotaur/password.txt
- Go to your browser - https://ip-of-server
- Login:
username: admin
password: ( Output of password.txt )
- You may see feeds syncing or Error fetching the feed , please wait for feeds to update.
OpenVas Basics:
- Dashboard: Check Feeds > Administration > Feed Status
- Dashboard: Create a new Target > Configuration > Target > Select - Top Left: Paper W/plus > New Target > Enter IP
or Cidr range > Choose your options - Dashboard: Create a New Port List > Configuration > Port List > Select - Top Left: Paper W/ Star > New Port List
- Dashboard: Quick Scan > Scans > Tasks > Select - Top Left: Paper W/ Star > New Task > Select Target > Set to once
Start
- Terminal - Update Password:
sudo runuser -u _gvm -- gvmd --user=admin --new-password=PASSWORD
sudo systemctl daemon-reload
sudo systemctl restart gvmd
- Terminal - Update Feeds: ( Optional )
sudo greenbone-feed-sync --type all
- Terminal: Add New user:
sudo runuser -u _gvm -- gvmd --create-user=newuser --new-password=PASSWORD
- Getting Started W/ Openvas GVM > https://www.youtube.com/watch?v=LGh2SetiKaY
Troubleshooting:
- Check to see if all services are running correctly.
sudo systemctl status gvmd gsad ospd-openvas redis-server postgresql nginx
- You can stop,start, and restart services if not working.
sudo systemctl stop gvmd gsad ospd-openvas redis-server postgresql nginx
sudo systemctl start gvmd gsad ospd-openvas redis-server postgresql nginx
sudo systemctl restart gvmd gsad ospd-openvas redis-server postgresql nginx
- If you get this error from the web browser login:
The Greenbone Vulnerability Manager service is not responding. This could be due to system maintenance. Please try again later, check the system status, or contact your system administrator.
# Check for issues with the gvmd.service
sudo journalctl -xeu gvmd.service
- Check to see if you have an outdated Database:
sudo -u _gvm gvmd --get-scanners
# If you get this message.
Database is wrong version.
Your database is too old for this version of gvmd.
Please migrate to the current data model.
Use a command like this: gvmd --migrate
# Please run this command to fix it.
sudo apt update && sudo apt upgrade -y
sudo systemctl stop gvmd gsad ospd-openvas
sudo -u _gvm gvmd --migrate
sudo systemctl start gvmd gsad ospd-openvas
sudo greenbone-feed-sync --type all
- Optional: Update gvm feeds ( Takes a while ):
- This is done via crontab automatically every sunday.
sudo greenbone-feed-sync --type all
Additonal Security Features:
- Crowdsec IPS - https://decyphertek.readthedocs.io/en/latest/technotes/Crowdsec/
- UFW Host Firewall - https://decyphertek.readthedocs.io/en/latest/technotes/UFW/
- Auditd Logging - https://decyphertek.readthedocs.io/en/latest/technotes/Auditd/
- Automated Updates - Update script upon first boot and daily.
- Nginx - https://nginx.org/en/docs/
- Daily Security Report: ( Scheduled via crontab )
cd /var/log/decyphertek/
ls
sudo cat security_report_DATE-HERE.log
References:
- https://openvas.org/