OpenVAS is the standard in open-source based security scanning and vulnerability management.

Installation

Ensure that the packages are configured correctly and then install.

~ $ emerge -pv openvas
[ebuild  N     ] app-crypt/gpgme-1.3.0-r1  USE="-common-lisp -pth" 850 kB
[ebuild  N    ~] net-libs/libmicrohttpd-0.9.19  USE="-messages ssl -test" 782 kB
[ebuild  N     ] net-analyzer/openvas-libraries-4.0.6  0 kB
[ebuild  N     ] net-analyzer/openvas-scanner-3.2.5  221 kB
[ebuild  N    ~] net-analyzer/greenbone-security-assistant-2.0.1  343 kB
[ebuild  N     ] net-analyzer/openvas-cli-1.1.3  56 kB
[ebuild  N     ] net-analyzer/openvas-manager-2.0.4  1,040 kB
[ebuild  N     ] net-analyzer/openvas-administrator-1.1.2  134 kB
[ebuild  N     ] net-analyzer/openvas-4  USE="-X" 0 kB

Install, it will take a while.

~ # emerge openvas

Configuring OpenVAS

Once the install is complete we must sync the feed, update the scanner database, start the administration and manager daemons then start the Greenbone Security Assistant.

First sync the NVT feed.

~ # openvas-nvt-sync
[ snip ]
sent 2018764 bytes  received 102324268 bytes  47525.86 bytes/sec
total size is 126292880  speedup is 1.21
[i] Checking dir: ok
[i] Checking MD5 checksum:
ok

Now make sure the Administrator is started and then tell the Manager to rebuild/update the feed data.

~ # /etc/init.d/openvasad start
~ # openvasmd --foreground --verbose --rebuild
~ # /etc/init.d/openvasmd start
~ # /etc/init.d/openvassd start
~ # /etc/init.d/gsad start

Now, the feed should be synchronised, the Administator (ad), Manager (md) and Scanner (sd) are running; as is Greenbone Security Assistant (gsad).

Create a User

Create a user account in OpenVAS so we can login to Greenbone.

Use openvas-adduser and follow the prompts as shown below, notice we have not added any rules to the user.

~ # openvas-adduser
Using /var/tmp as a temporary file holder.
Add a new openvassd user
---------------------------------
Login : openvas
Authentication (pass/cert) [pass] :
Login password :
Login password (again) :

User rules
---------------
openvassd has a rules system which allows you to restrict the hosts that openvas has the right to test.
For instance, you may want him to be able to scan his own host only.

Please see the openvas-adduser(8) man page for the rules syntax.

Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)

Login             : openvas
Password          : ***********
Rules             :

Is that ok? (y/n) [y] y
user added.

Use the following command to promote this user to an Administrator level.

~ # openvasad --enable-modify-settings -c set_role -u openvas -r Admin

See Also