Skip to content

How To Install OpenVAS 8 On Ubuntu 14.04 To Run Vulnerability Scans & Pen Tests

OpenVAS is one of the most amazing Open Source packages in existence. It is an Open Source fork on the Nessus Vulnerability Scanner, on steroids. If you aren’t familiar with it, let me give you a brief introduction. OpenVAS is short for Open Source Vulnerability Assessment System. it is by far the number one free network and security scanner in existence. I has a database of nearly half a MILLION exploits for nearly every operating system, web app, and device in existence, and that database is constantly being expanded and updated. Installation isn’t too bad, if you have a good guide to help you. Once installed, it’s extremely easy to use. It has a web interface that can be as easy as typing in a host name or IP address and clicking scan. Of course, you can also customize the scans and there is also a handful of pre-configured scans, some thorough, and some less thorough. Reports are generated after a scan completes, which is viewable via the web interface, or you can even generate a PDF report that is useful for a network administrator, as well as upper management, if needed. There are software packages in existence that cost tens of thousands of dollars and fall short of OpenVAS’s feature set. Now that you have a brief introduction to OpenVAS, let’s get started on installing it.

How to install OpenVAS 8 on Ubuntu 14.04

OpenVAS has packages for CentOS and RedHat, which makes it very easy to install on those platforms. It only requires a few yum commands. Unfortunately, they do not have packages for Ubuntu. However, it’s not that hard to install. I’m assuming you have done a minimal installations of Ubuntu 14.04 Server, with only the OpenSSH Server packages installed.

First, we need to get some dependencies installed.

sudo apt-get install -y build-essential devscripts dpatch libassuan-dev \
 libglib2.0-dev libgpgme11-dev libpcre3-dev libpth-dev libwrap0-dev libgmp-dev libgmp3-dev \
 libgpgme11-dev libopenvas2 libpcre3-dev libpth-dev quilt cmake pkg-config \
 libssh-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev \
 doxygen sqlfairy xmltoman sqlite3 libsqlite3-dev wamerican redis-server libhiredis-dev libsnmp-dev \
 libmicrohttpd-dev libxml2-dev libxslt1-dev xsltproc libssh2-1-dev libldap2-dev autoconf nmap libgnutls-dev \
libpopt-dev heimdal-dev heimdal-multidev libpopt-dev mingw32

For the sake of making this as easy as possible, lets go ahead and become root for the installation.

sudo su

OpenVAS default installation settings requires a quick fix for redis-server.

cp /etc/redis/redis.conf /etc/redis/redis.orig ;\
echo "unixsocket /tmp/redis.sock" >> /etc/redis/redis.conf ;\
service redis-server restart

Let’s go ahead and change over to the source directory so we have a proper location to download the source tarballs.

cd /usr/local/src

Now we will download all the source files needed for OpenVAS.

wget --no-check-certificate https://wald.intevation.org/frs/download.php/2015/openvas-libraries-8.0.1.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2016/openvas-scanner-5.0.1.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2017/openvas-manager-6.0.1.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2018/greenbone-security-assistant-6.0.1.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/1987/openvas-cli-1.4.0.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/1975/openvas-smb-1.0.1.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/1999/ospd-1.0.0.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2005/ospd-ancor-1.0.0.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2003/ospd-ovaldi-1.0.0.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2004/ospd-w3af-1.0.0.tar.gz

Extract all of the tarballs we just downloaded.

find . -name \*.gz -exec tar zxvfp {} \;

Now we will configure and build openvas-smb.

cd openvas-smb* ;\
 mkdir build ;\
 cd build/ ;\
 cmake .. ;\
 make ;\
 make doc-full ;\
 make install ;\
 cd /usr/local/src

Next, configure and build openvas-libraries.

 cd openvas-libraries-* ;\
 mkdir build ;\
 cd build ;\
 cmake .. ;\
 make ;\
 make doc-full ;\
 make install ;\
 cd /usr/local/src

And, configure and build openvas-scanner.

cd openvas-scanner-* ;\
 mkdir build ;\
 cd build/ ;\
 cmake .. ;\
 make ;\
 make doc-full ;\
 make install ;\
 cd /usr/local/src

Time to reload libraries.

ldconfig

We need to create an SSL certificate for OpenVAS. Fill in the appropriate answers when prompted.

openvas-mkcert

Now we need to sync all NVT’s.

openvas-nvt-sync

Go ahead and start openvassd.

openvassd

It will take a few minutes to start up, you must wait until it’s finished and “Waiting for incoming..” It will look like this while it’s running.

To monitor the status, use this command.

watch "ps -ef | grep openvassd"

Screen Shot 2015-05-19 at 12.58.10 PM

Do not proceed until it looks like this.

Screen-Shot-2015-05-19-at-12.59.26-PM

Once openvassd is started and waiting, we can proceed with configuring and building openvas-manager.

cd openvas-manager-* ;\
 mkdir build ;\
 cd build/ ;\
 cmake .. ;\
 make ;\
 make doc-full ;\
 make install ;\
 cd /usr/local/src

Now, get the scap feed.

openvas-scapdata-sync

Next, get the cert feed.

openvas-certdata-sync

Create a client certificate.

openvas-mkcert-client -n -i

Now we will initialize the database. This will take a few minutes depending on the speed of your server and internet connection.

openvasmd --rebuild --progress

This will create the admin user to log into the web interface. Make sure you WRITE DOWN OR SAVE THE PASSWORD You will not see it again, and it will be impossible to remember. Once you log into the web interface you can change it.

openvasmd --create-user=admin --role=Admin

Again, . Then, we can configure and build openvas-cli.

cd openvas-cli-* ;\
 mkdir build ;\
 cd build/ ;\
 cmake .. ;\
 make ;\
 make doc-full ;\
 make install ;\
 cd /usr/local/src

Configure and install greenbone-security-assistant.

cd greenbone-security-assistant-* ;\
 mkdir build ;\
 cd build/ ;\
 cmake .. ;\
 make ;\
 make doc-full ;\
 make install ;\
 cd /usr/local/src

Now it’s time to start everything up. Run these commands one at a time.

openvasmd --rebuild --progress

openvasmd

gsad --http-only

And finally, we’re going to verify the installation. Again, run these commands one at a time.

wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup --no-check-certificate

chmod 0755 openvas-check-setup

./openvas-check-setup --v8 --server

You might see a few warnings or errors, that’s ok. Just as long as you see “It seems like your OpenVAS-8 installation is OK” at the bottom. It should look something like this.

Screen-Shot-2015-05-19-at-1.44.06-PM

Last but not least, we need to install texlive-full in order to generate PDF reports. If you don’t need or want PDF reports, you can safely skip this.

apt-get install texlive-full

This will install quite a few dependencies, so only install if you need PDF reports.

To start OpenVAS 8 at boot time, I have a script to take care of everything. I am not the original author of the script, it has just been modified to work with the parameters of this installation. The original author is commented in the script.

cd /usr/local/src ;\
wget http://www.serenity-networks.com/files/openvas-startupscripts-v8.tar.gz ;\
tar zxvfp openvas-startupscripts-v8.tar.gz ;\
cd openvas-startupscripts-v8 ;\
cp etc/* /etc/ -arvi ;\
update-rc.d openvas-manager defaults ;\
update-rc.d openvas-scanner defaults ;\
update-rc.d greenbone-security-assistant defaults

Now, you can go ahead and log into the web interface. Browse to http:// The username is admin and the password is the password you saved earlier. You should see this.

Screen Shot 2015-05-20 at 8.58.34 AM

After you log in, you can run your first scan by entering an IP address or hostname in the quickstart box and clicking start scan.

Screen-Shot-2015-05-20-at-9.00.06-AM

I suggest you change your password by going to Administrator > Users > the click the blue wrench (edit) under actions.

Stay tuned for a guide on how to use OpenVAS and Greenbone Security Assistant. If you run into any problems, please feel free to post in the comments below. Thanks!