Recently, I published a guide outlining how to install OpenVAS 8, from source, on Ubuntu 14. I got some feedback from some folks requesting a guide on installing OpenVAS on CentOS 7, from the binary packages available via yum. FYI, as of this writing, there are no binary packages for OpenVAS 8, hopefully they will come soon. OpenVAS is a top-knoch Open Source package for running vulnerability scans against networks and servers. Every network administration should have an OpenVAS installation tucked away on a virtual machine somewhere. It’s just so easy to monitor all of your systems for vulnerabilities, there’s no excuse not to. Installing OpenVAS from packages is much easier than installing from source. So, as requested, here you go.
How to install OpenVAS 7 on CentOS 7
Although time consuming, compared to installing from source, installing OpenVAS from binary package is a much less involved process. There are a few ‘gotchya’s” when installing to CentOS 7, mostly related to redis, which I’ll cover in this guide.
This guide assumes you have a minimal CentOS 7 server installation and you are logged into the console or via SSH.
First, we need to install a few prerequisites. To do that, run this command.
yum -y update yum install -y wget net-tools nano
The OpenVAS binary packages aren’t included with the stock repositories. So, we need to enable the Atomicorp repository.
wget -q -O - http://www.atomicorp.com/installers/atomic |sh yum -y upgrade
Now, we will install redis and OpenVAS 7.
yum -y install redis openvas
This will take a few minutes while it downloads all of the packages and dependencies. When it’s finished, we can kick off openvas-setup.
This is going to take some time. You will be prompted for some information shortly. Grab a cup of coffee.
If you are running this setup during the day, there is a very likely chance you will get an NVT sync error like the following.
@ERROR: max connections (200) reached -- try again later rsync error: error starting client-server protocol (code 5) at main.c(1516) [Receiver=3.0.9] [e] Error: rsync failed.
If so, don’t worry, just wait a few minutes and run openvas-setup again. The NVT feed server is overloaded. It’s annoying, but there’s not much you can do about it. I hardly run into this problem in the evening and at night.
After all of the NVT’s are synced you will be prompted to answer a few questions. The defaults are fine, unless you would like to change anything. It will look like this.
At this point, OpenVas is setup and configured. However, you will not be able to log into the web interface yet As of CentOS 7, iptables was replaced with firewalld (which I do not like). So, we’re going to disable firewalld. If you want to install iptables in it’s place, click here to see my guide on removing firewalld and installing iptables on CentOS 7. For now, we’re just going to disable firewalld.
systemctl mask firewalld systemctl stop firewalld
Now you will be able to login to the web interface of OpenVAS by navigating to https://
WARNING: Cannot connect to KB at '/tmp/redis.sock': Connection refused'
To resolve this, we need to make a couple changes to redis and disable SELinux.
echo "unixsocket /tmp/redis.sock" >> /etc/redis.conf sed -i 's/enforcing/disabled/g' /etc/selinux/config /etc/selinux/config systemctl enable redis.service shutdown -r now
After the reboot is complete, wait about 5 minutes for OpenVAS to load up. It can take a few minutes. Then, you’re ready to log into the web interface and run your first scan! Navigate to https://
After logged in, running a scan is as simple as entering a hostname or IP address in the quick scan box on the main page. It looks like this.
A scan can take 30 minutes or more to run, so be patient. Once its finished, you can open the scan and click the report to view the Vulnerability Assessment results. You can also save it as a PDF, as well as various other formats.
If you have any questions, please feel free to ask in the comments below. I’ll do my best to help. Thanks!