OpenVAS is the standard in open-source based security scanning and vulnerability management.
Installation
Ensure that the packages are configured correctly and then install.
~ $ emerge -pv openvas [ebuild N ] app-crypt/gpgme-1.3.0-r1 USE="-common-lisp -pth" 850 kB [ebuild N ~] net-libs/libmicrohttpd-0.9.19 USE="-messages ssl -test" 782 kB [ebuild N ] net-analyzer/openvas-libraries-4.0.6 0 kB [ebuild N ] net-analyzer/openvas-scanner-3.2.5 221 kB [ebuild N ~] net-analyzer/greenbone-security-assistant-2.0.1 343 kB [ebuild N ] net-analyzer/openvas-cli-1.1.3 56 kB [ebuild N ] net-analyzer/openvas-manager-2.0.4 1,040 kB [ebuild N ] net-analyzer/openvas-administrator-1.1.2 134 kB [ebuild N ] net-analyzer/openvas-4 USE="-X" 0 kB
Install, it will take a while.
~ # emerge openvas
Configuring OpenVAS
Once the install is complete we must sync the feed, update the scanner database, start the administration and manager daemons then start the Greenbone Security Assistant.
First sync the NVT feed.
~ # openvas-nvt-sync [ snip ] sent 2018764 bytes received 102324268 bytes 47525.86 bytes/sec total size is 126292880 speedup is 1.21 [i] Checking dir: ok [i] Checking MD5 checksum: ok
Now make sure the Administrator is started and then tell the Manager to rebuild/update the feed data.
~ # /etc/init.d/openvasad start ~ # openvasmd --foreground --verbose --rebuild ~ # /etc/init.d/openvasmd start ~ # /etc/init.d/openvassd start ~ # /etc/init.d/gsad start
Now, the feed should be synchronised, the Administator (ad), Manager (md) and Scanner (sd) are running; as is Greenbone Security Assistant (gsad).
Create a User
Create a user account in OpenVAS so we can login to Greenbone.
Use openvas-adduser and follow the prompts as shown below, notice we have not added any rules to the user.
~ # openvas-adduser Using /var/tmp as a temporary file holder. Add a new openvassd user --------------------------------- Login : openvas Authentication (pass/cert) [pass] : Login password : Login password (again) : User rules --------------- openvassd has a rules system which allows you to restrict the hosts that openvas has the right to test. For instance, you may want him to be able to scan his own host only. Please see the openvas-adduser(8) man page for the rules syntax. Enter the rules for this user, and hit ctrl-D once you are done: (the user can have an empty rules set) Login : openvas Password : *********** Rules : Is that ok? (y/n) [y] y user added.
Use the following command to promote this user to an Administrator level.
~ # openvasad --enable-modify-settings -c set_role -u openvas -r Admin