OpenVAS is a great open source alternative to Nessus, which in the recent years has closed its source. Nessus still remains free to home users but requires commercial users to purchase a Professional plugin feed to obtain the latest and greatest plugins. If your IT department is running on a low budget, or you just prefer to stick to open source then OpenVAS is the way to go! OpenVAS has readily available installation packages for several different flavours of linux (Gentoo, OpenSUSE, Slackware, etc.). As of writing this, I am not aware of any installation packages created for Ubuntu. However, I was able to compile OpenVAS from source quite easily on Ubuntu by performing the following steps. For a more in depth look at installing and configuring OpenVAS check out the OpenVAS Compendium.
Prerequisites
First we need to install all of the dependent packages:
sudo apt-get install build-essential libgnutls-dev libpcap0.8-dev bison libgtk2.0-dev libglib2.0-dev libgpgme11-dev libssl-dev htmldoc
Note: libgtk2.0-dev is only required for the OpenVAS client. htmldoc is only required if you plan on exporting reports to PDF from the OpenVAS client.
Getting the Files
Once those packages have installed we need to download the files required for OpenVAS. The links below may be outdated, make sure you obtain the latest version.
cd /tmp wget http://wald.intevation.org/frs/download.php/572/openvas-libraries-2.0.2.tar.gz wget http://wald.intevation.org/frs/download.php/561/openvas-libnasl-2.0.1.tar.gz wget http://wald.intevation.org/frs/download.php/562/openvas-server-2.0.1.tar.gz wget http://wald.intevation.org/frs/download.php/576/openvas-plugins-1.0.6.tar.gz wget http://wald.intevation.org/frs/download.php/575/openvas-client-2.0.3.tar.gz
Now that we have downloaded the required files we must sompile and install the packages in the following order:
- openvas-libraries
- openvas-libnasl
- openvas-server
- openvas-plugins
Install OpenVAS Libraries
Start by untarring the openvas-libraries and compiling/installing it:
tar -xvf openvas-libraries-2.0.2.tar.gz cd openvas-libraries-2.0.2/ sudo ./configure sudo make sudo make install
Install OpenVAS libnasl
Next untar the openvas-libnasl and compile/install it:
cd .. tar -xvf openvas-libnasl-2.0.1.tar.gz cd openvas-libnasl-2.0.1/ sudo ./configure sudo make sudo make install
Install OpenVAS Server
Next untar the openvas-server and compile/install it:
cd .. tar -xvf openvas-server-2.0.1.tar.gz cd openvas-server-2.0.1/ sudo ./configure sudo make sudo make install
The OpenVAS libraries, libnasl, and server packages should now be installed. We now have to make sure that /usr/local/bin and /usr/local/sbin are in our PATH. We can do that by typing in:
echo ${PATH}
In the output from the above command you should see /usr/local/bin and /usr/local/sbin somewhere. If you don’t you will have to add those entries to the PATH environmental variable manually.
Install OpenVAS Plugins
Our next step is to compile/install the plugins:
cd .. tar -xvf openvas-plugins-1.0.6.tar.gz cd openvas-plugins-1.0.6/ sudo ./configure sudo make sudo make install
Note: The plugins may take a while to make… be patient.
Now we have to setup the symbolic links:
sudo ldconfigGenerate a Certificate
We are now ready to generate a certificate for our OpenVAS Server, make sure to enter values relevant to your location.
sudo openvas-mkcertCreate a User
Now we need to add a user:
sudo openvas-adduserEnter a username and choose your authentication method. Hit ctrl-d when you are prompted for rules if you dont want any scanning restrictions.
sudo openvas-nvt-syncAnd at last… the moment of truth! Start up the OpenVAS server daemon:
sudo openvasd -D
Install the OpenVAS Client
Now that the server is setup you can setup the client to run the scans:
cd .. tar -xvf openvas-client-2.0.3.tar.gz cd openvas-client-2.0.3/ sudo ./configure sudo make sudo make install sudo OpenVAS-Client
The client can be installed on any computer that has access to the server. Once it is installed you just have to connect, setup a scan and you’re done! Stay tuned for another blog post on configuring scans with the OpenVAS Client.
When I try and start the OpenVas server I get the following error – Not able to open nor to locate it in include paths
Guess I am doing something wrong?
BTW – I had to install gpgme.
Good directions though I have been looking for something like this for awhile now.
You think I can use the Windows client to connect to the OpenVas server?
Hey dp,
Sorry for my delayed response. Could you paste the exact error that you get? You may have to add the directory that the OpenVAS Server is installed in to your {PATH} environmental variable.
When you type “echo ${PATH}” do you see /usr/local/bin and /usr/local/sbin in the list?
Also, it should be no problem using the Windows client with the Ubuntu version of the OpenVAS server.
I had to manually install gpgme to get OpenVAS libnasl to compile… After that, everything compiled fine. Then, I ran
sudo openvasd -D
and I get this…
Loading the OpenVAS plugins…[7513]() gpgme_new failed: User defined source 1/Unknown error code
Segmentation fault
Any suggestions? I really need to get this running. Could you E-Mail me please. I will try to check back here for a response as well. Thanks,
David
Hey David,
What version of gpgme did you install? The version I used for this guide is version 1.1. There may be some issues with gpgme 1.2 and openvas.
I used version 1.1. It wouldn’t let me compile libnasl until I installed it. After installing gpgme, the rest of the install for OpenVAS went fine. But it still gives me the same error when I try to run
sudo openvasd -D.
Thanks for taking the time to help those of us just getting started with OpenVAS.
David
Hmm… I’ve never seen this issue before. It looks like someone else has posted a ticket with the same issue though: http://wald.intevation.org/tracker/index.php?func=detail&aid=1079&group_id=29&atid=220
Lane, what a great article, it runs flawless in Ubuntu 9.10
Only thing missing is a “cd ..” at the first line of “Install the OpenVAS Client”
I have a problem when istalling the CLIENT… configure: error: Could not find OpenSSL and OpenSSL headers on your system
Im using Ubuntu 8.0
Thanks , great info !
One thing that should be noted, it’s that once you start the client, the port where the server it’s listening is 9390, and not the one that appears listed in the “Connect to OpenVAS Server” window.
Hi Ignacio, sorry for my delayed response.
Do you have openssl installed on your system? Try:
sudo apt-get install openssl
and see if that solves the problem.
- Lane
Try starting the server with “sudo openvasd”
Thats how I start my OV server
Great article. thanks – couple of typos though.
sudo apt-get install libssl-dev
should fix the problem —^
Thanks for the comments folks. I’ve updated the original post to reflect the changes in some of the comments.
Hi, I have a backtrack 4 final installed in my machine. Since openvas is version 2, i would like to change it to openvas 3.
should I uninstall the version 2 and put the version 3? how can I achieve it?
Thank you
[...] is a minor update to my previous post on how to install OpenVAS 2 on Ubuntu 9.04. Since that post there have been some changes. A new release of Ubuntu and a new version of [...]
Hi Yaggi,
BackTrack 4 is not based on Debian so I doubt using the procedures here will work. However, you can still install it from source using a similar method. You just have to be sure you have all of the dependencies. I would recommend leaving it at version 2 for now (it is supported for at least another year). You will be using the same NVT feed and therefore be able to run the same tests.Sorry, it’s been a while since I looked at Backtrack. Apparently version 4 is Debian based. You can take a look at my post on Installing OpenVAS 3 on Ubuntu 9.10. The procedure should be similar.