Skip to content

OpenVas

OpenVAS Vulnerability Scanner is an advanced, open-source security tool designed for comprehensive vulnerability assessment and management. It efficiently scans and identifies potential security weaknesses in network services and software systems. Azure Marketplace: OpenVas

Note:

  • Please be aware that it takes a few minutes for Openvas to be up and running.

SSH Into the server:

  • Utilize Azure to setup user and ssh keys.
  • Make sure to allow ssh, https via network security group.

OpenVAS GVM Login:

  • ssh into your server.
  • Password:
sudo cat /root/password.txt 
  • Go to your browser - https://ip-of-server
  • Login:
username: admin 
password: ( Output of password.txt )

OpenVas Basics:

  • Dashboard: Check Feeds > Administration > Feed Status
  • Dashboard: Create a new Target > Configuration > Target > Select - Top Left: Paper W/plus > New Target > Enter IP
    or Cidr range > Choose your options
  • Dashboard: Create a New Port List > Configuration > Port List > Select - Top Left: Paper W/ Star > New Port List
  • Dashboard: Quick Scan > Scans > Tasks > Select - Top Left: Paper W/ Star > New Task > Select Target > Set to once

    Start

  • Terminal - Update Password:
sudo runuser -u _gvm -- gvmd --user=admin --new-password=PASSWORD
sudo systemctl daemon-reload 
sudo systemctl restart gvmd
  • Terminal - Update Feeds: ( Optional )
sudo greenbone-feed-sync --type all 
  • Terminal: Add New user:
sudo runuser -u _gvm -- gvmd --create-user=newuser --new-password=PASSWORD
  • Getting Started W/ Openvas GVM > https://www.youtube.com/watch?v=LGh2SetiKaY

Troubleshooting:

  • Check to see if all services are running correctly.
sudo systemctl status gvmd gsad ospd-openvas redis-server postgresql nginx
  • You can stop,start, and restart services if not working.
sudo systemctl stop gvmd gsad ospd-openvas redis-server postgresql nginx
sudo systemctl start gvmd gsad ospd-openvas redis-server postgresql nginx
sudo systemctl restart gvmd gsad ospd-openvas redis-server postgresql nginx
  • If you get this error from the web browser login:
The Greenbone Vulnerability Manager service is not responding. This could be due to system maintenance. Please try again later, check the system status, or contact your system administrator.

# Check for issues with the gvmd.service
sudo journalctl -xeu gvmd.service
  • One first boot a system update occurs, so this can update openvas and make the DB outdated in some cases.
  • Check to see if you have an outdated Database:
sudo -u _gvm gvmd --get-scanners
# If you get this message.
Database is wrong version.
Your database is too old for this version of gvmd.
Please migrate to the current data model.
Use a command like this: gvmd --migrate

# Please run this command to fix it.
sudo apt update && sudo apt upgrade -y 
sudo systemctl stop gvmd gsad ospd-openvas
sudo -u _gvm gvmd --migrate
sudo systemctl start gvmd gsad ospd-openvas
sudo greenbone-feed-sync --type all 
  • Optional: Update gvm feeds ( Takes a while ):
  • This is done via crontab automatically every sunday.
sudo greenbone-feed-sync --type all 

Additonal Security Features:

  • Crowdsec IPS - https://www.crowdsec.net/
  • Firewalld - https://firewalld.org/
  • Auditd Logging - https://linux.die.net/man/8/auditd
  • Automated Updates - https://dnf.readthedocs.io/en/latest/automatic.html
  • Nginx - https://nginx.org/en/docs/

References:

  • https://openvas.org/
  • https://docs.greenbone.net/GSM-Manual/gos-22.04/en/web-interface.html