OpenVAS stands for Open Vulnerability Assessment System. This tool is a vulnerability scanner and of course a very good security assessor. OpenVAS is simply a software framework consisting of several services and tools using for vulnerability scanning and vulnerability management. All OpenVAS products are free software, and most are licensed under the GNU General Public License (GPL). In this article, we want to introduce you step by step to Tutorial Setup and Configure OpenVAS on Debian 10. It should be noted that you can visit the packages available in Eldernode if you want to buy a Linux VPS server.
How to Setup and Configure OpenVAS on Debian 10
OpenVAS was originally called GNessUs and is a branch of the previously open-source Nessus Vulnerability Scan. After Nessus developers at Tenable Network Security decided to turn it into proprietary software in October 2003, OpenVAS continued to operate as an open-source branch of it.
You can install OpenVAS as a virtual machine or uncompiled code or even directly on the Linux operating system. Then use all the features of a Nessus for free. This scanner has a long history since 2009 with daily updates (the name of these updates is “Network Vulnerability Tests”) or NVT for short.
As of June 2016, 47,000 NVTs have been released for OpenVAS. It also includes more than 50,000 vulnerability tests supported by a security software company. It also has an internal programming language that can perform some special and personalized tests depending on the user’s needs. You can install this tool in the form of a virtual machine or non-compiled code or even directly on the Linux operating system and use all its features for free.
Follow us in this article to teach you how to install, Setup and Configure OpenVAS on Debian 10.
Prerequisites for Installing OpenVAS on Debian 10
In this article, we are going to teach you how to install GVM on Debian 10. Greenbone Vulnerability Management (GVM), formerly known as OpenVAS, is a network security scanner that provides a set of Network Vulnerability (NVT) tests to identify security holes. Before installing this tool, you need to prepare some prerequisites.
_ At least 4 GB RAM
_ At least 4 vCPUs
_ More than 8 GB disk space
The next step is to update the system packages using the following commands:
Since we will be running GVM 20.08 as a non-privileged user of the system, you must create a GVM system account using the following commands:
useradd -r -d /opt/gvm -c "GVM User" -s /bin/bash gvm
In the next step, you need to create the GVM user directory as specified by the -d option in the above command. Then place the user and group ownership on GVM.
chown gvm: /opt/gvm
You will also need to install the following dependencies in order to properly install OpenVAS on Debian 10:
apt install gcc g++ make bison flex libksba-dev curl redis libpcap-dev \
cmake git pkg-config libglib2.0-dev libgpgme-dev nmap libgnutls28-dev uuid-dev \
libssh-gcrypt-dev libldap2-dev gnutls-bin libmicrohttpd-dev libhiredis-dev \
zlib1g-dev libxml2-dev libradcli-dev clang-format libldap2-dev doxygen \
gcc-mingw-w64 xml-twig-tools libical-dev perl-base heimdal-dev libpopt-dev libunistring-dev graphviz \
libsnmp-dev python3-setuptools python3-paramiko python3-lxml python3-defusedxml python3-dev gettext python3-polib xmltoman \
python3-pip texlive-fonts-recommended texlive-latex-extra --no-install-recommends xsltproc sudo vim rsync
How to Install Yarn on Debian 10
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
apt install yarn -y
How to Install PostgreSQL on Debian 10
Since OpenVAS or GVM uses PostgreSQL as the backend database, you should use the following command and install PostgreSQL in Debian 10:
apt install postgresql postgresql-contrib postgresql-server-dev-all
After installing PostgreSQL, now is the time to create a user and database. Note that the database and the user must be created as a PostgreSQL user, Postgres. To do this you can run the following commands:
sudo -Hiu postgres
createdb -O gvm gvmd
Then in the next step, you have to assign the role of PostgreSQL user to DBA using the following commands:
psql gvmd create role dba with superuser noinherit; grant dba to gvm; create extension "uuid-ossp"; create extension "pgcrypto"; \q exit
Finally, you need to restart and then enable PostgreSQL using the following commands:
systemctl restart postgresql
systemctl enable postgresql
How to build GVM from source code
Since different tools are required to install GVM in Debian 10, you must install all GVM configuration files and libraries in /opt/gvm. Because we intend to run GVM as an unauthorized GVM user.
Update the PATH environment variable in /etc/Environment using the following command:
echo "PATH=\$PATH:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin" > /etc/profile.d/gvm.sh
Then in the next step, you have to add the GVM library path to /etc/ld.so.conf.d using the following command:
echo "/opt/gvm/lib" > /etc/ld.so.conf.d/gvm.conf
Now you need to go to the temporary list created above to download the GVM source files. Then run the following commands to simulate GVM GitHub directory files in order:
git clone -b gvm-libs-20.08 https://github.com/greenbone/gvm-libs.git
git clone -b master https://github.com/greenbone/openvas-smb.git
git clone -b openvas-20.08 https://github.com/greenbone/openvas.git
git clone -b ospd-20.08 https://github.com/greenbone/ospd.git
git clone -b ospd-openvas-20.08 https://github.com/greenbone/ospd-openvas.git
git clone -b gvmd-20.08 https://github.com/greenbone/gvmd.git
git clone -b gsa-20.08 https://github.com/greenbone/gsa.git
Now that you have successfully installed the source files according to the instructions, now is the time to build and install GVM on Debian 10. You should note the current to-do list using the following commands:
Note: All GVM files and libraries will be installed in a non-standard, /opt/gvm location. Therefore, you must configure the PKG_CONFIG_PATH environment variable in the pkg configuration files before configuring using the following command:
The next step is to build and install GVM libraries. Use the following command from the source list, /opt/gvm/gvm-source, in this setting, switch to the GVM library list:
Create a build directory by executing the following commands and change it:
Now you need to configure the build:
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
Finally, install and compile GVM libraries using the following commands:
How to Install OpenVAS scanner on Debian Linux
OpenVAS is a complete scanning engine that runs an updated and extensive feed of Network Vulnerability Tests (NVT). It should also be noted that the OpenVAS SMB provides modules for the OpenVAS scanner to communicate with the Microsoft Windows operating system via the Windows management tool API and a Winexe binary to run remote processes on that system.
To install Openvas-SMB, just run the following commands in order:
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
Finally, you can create and install the OpenVAS scanner by running the following commands:
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
Setup and Configure OpenVAS on Debian 10
After successfully completing all the above steps, we now come to the configuration of the OpenVAS scanner. Since the host scan information is temporarily stored on the Redis server, the default configuration for the Redis server is /etc/redis/redis.conf. You need to go back to the privileged user and continue the configuration steps.
The first step is to use the following command to create a cache in shared libraries installed:
The next step is to copy the OpenVAS Redis scanner configuration file to redis-openvas.conf in the same Redis configuration directory. To do this, use the following command:
cp /opt/gvm/gvm-source/openvas/config/redis-openvas.conf /etc/redis/
Then you need to update the configuration ownership by executing the following command:
chown redis:redis /etc/redis/redis-openvas.conf
Then you should update the path to Redis Unix socket on the /opt/gvm/etc/openvas/openvas.conf using the following command:
echo "db_address = /run/redis-openvas/redis.sock" > /opt/gvm/etc/openvas/openvas.conf
Now you need to add the GVM user to the Redis group by running the following command:
usermod -aG redis gvm
How to Run OpenVAS on Debian 10
Note that in order to manage the OpenVAS scanner, you must create serviced system unit files as follows. Create the OpenVAS systemd service as follows:
cat > /etc/systemd/system/openvas.service << 'EOL' [Unit] Description=Control the OpenVAS service After=redis.service After=postgresql.service [Service] ExecStartPre=-rm -rf /opt/gvm/var/run/ospd-openvas.pid /opt/gvm/var/run/ospd.sock /opt/gvm/var/run/gvmd.sock Type=simple User=gvm Group=gvm Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin ExecStart=/usr/bin/python3 /opt/gvm/.local/bin/ospd-openvas \ --pid-file /opt/gvm/var/run/ospd-openvas.pid \ --log-file /opt/gvm/var/log/gvm/ospd-openvas.log \ --lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock RemainAfterExit=yes [Install] WantedBy=multi-user.target EOL
Now you need to reload the systemd service unit configurations using the following commands:
systemctl start openvas
You can check the status of the service by running the following command:
systemctl status openvas
You can now enable the OpenVAS scanner to run on the system boot:
systemctl enable openvas
In the next step, you must create an OpenVAS administrative user by executing the following command:
sudo -Hiu gvm gvmd --create-user admin
Note: This command generates a random password for the user.
If you want to reset the GVM admin password, you can use the following command. In the following command, you must enter the password you want instead of <new-password>:
sudo -Hiu gvm gvmd --user=admin --new-password=<new-password>
Now it’s time for Accessing GVM (OpenVAS). It should be noted that Greenbone Security Assistant (GSA) WebUI opens port 443 and listens to all interfaces. So if the firewall is running, you need to open port 443 using the command below to access external access:
ufw allow 443/tcp
You can now access the GSA via the URL HTTPS: ServerIP-OR-hostname:
Scanners and security tools are very important in the cyber world. Security can also be implemented in a network in many ways, including firewalls, security scanners such as Nikto, Nmap, OpenVas, etc., but these methods are many and varied. In this article, we tried to teach you step by step about Tutorial Setup and Configure OpenVAS on Debian 10.