This is a minor update to my previous post on how to install OpenVAS 2 on Ubuntu 9.04. Since that post there have been some changes. A new release of Ubuntu and a new version of OpenVAS. If you still prefer to use OpenVAS 2 then my previous instructions should work fine with Ubuntu 9.10. Those who would like to take advantage of OpenVAS 3 can expect the following new features:
- A new internal architecture of the modules
- NVT Meta Information that is free of arbitrary size limits
- IPv6 support
- WMI clients support
- Supports upcoming optional extensions:
- OpenVAS Manager for storing and organizing scans on a central server in a
SQL database - OpenVAS Administrator for User-, Feed- and Settings-Management
- Greenbone Security Assistent for a web-based Vulnerability Management
- OpenVAS Manager for storing and organizing scans on a central server in a
You can read more about it on the official OpenVAS website. Now, lets get to the good stuff. The instructions below should get you up and running with OpenVAS 3 on Ubuntu 9.10:
Prerequisites
First we need to install all of the dependent packages:
sudo apt-get install build-essential libgnutls-dev libpcap0.8-dev bison libglib2.0-dev libgpgme11-dev libssl-dev cmake
Getting the Files
Once those packages have installed we need to download the files required for OpenVAS. The links below may be outdated, make sure you obtain the latest version.
cd /tmp wget http://wald.intevation.org/frs/download.php/706/openvas-libraries-3.0.3.tar.gz wget http://wald.intevation.org/frs/download.php/696/openvas-scanner-3.0.1.tar.gz
Now that we have downloaded the required files we must compile and install the packages in the following order:
- openvas-libraries
- openvas-scanner
Install OpenVAS Libraries
Start by untarring the openvas-libraries and compiling/installing it:
tar -xvf openvas-libraries-3.0.3.tar.gz cd openvas-libraries-3.0.3/ sudo ./configure sudo make sudo make install
If all goes well here then you should get a message saying that the openvas-libraries have been installed. If for some reason you get a message saying that gpgme is not installed, then try this:
sudo apt-get install libgpgme11-dev
Install OpenVAS Scanner
Next untar the openvas-scanner and compile/install it:
cd .. tar -xvf openvas-scanner-3.0.1.tar.gz cd openvas-scanner-3.0.1/ sudo ./configure sudo make sudo make install
The OpenVAS libraries, and scanner should now be installed. We now have to make sure that /usr/local/bin and /usr/local/sbin are in our PATH. We can do that by typing in:
echo ${PATH}
In the output from the above command you should see /usr/local/bin and /usr/local/sbin somewhere. If you don’t you will have to add those entries to the PATH environmental variable manually. If your PATH environmental variable is all good you can build the links to the new libraries:
sudo ldconfigGenerate a Certificate
We are now ready to generate a certificate for our OpenVAS Server, make sure to enter values relevant to your location.
sudo openvas-mkcertFollow the onscreen prompts and enter the appropriate information when asked.
Create a User
Now we need to add a user:
sudo openvas-adduserEnter a username and choose your authentication method (choose “pass” to authenticate with a password). Hit ctrl-d when you are prompted for rules if you don’t want any scanning restrictions.
Now everything that we need is setup for the OpenVAS scanner. The next step is to sync the server with the NVT feed. The NVT (Network Vulnerability Test) feed is a list of files that will be downloaded to your server. I would recommend that you run the openvas-nvt-sync on regular intervals to ensure that your NVT files are up to date.
sudo openvas-nvt-syncNote: The first time you run this command it may take a while to download all the NVT’s. Grab a coffee and a sandwich, some water and a piece of fruit, some beer and some pretzels… or whatever it is you eat/drink.
Once it’s done its thing you can start up the OpenVAS server daemon:
sudo openvassdNote: It might take a few minutes to load all the plug-ins. A great opportunity to get some exercise and burn off the beer and pretzels from earlier.
If all went according to plan, you now have a running version of OpenVAS server. The next step in the process is to setup a client to connect to the OpenVAS server. You may opt to do this on a different computer, but you can just as easily install it on the same computer.
Install the OpenVAS Client
First we need to install the dependent packages for the client:
sudo apt-get install libgtk2.0-dev htmldoc
Now we can proceed to install the client:
cd /tmp wget http://wald.intevation.org/frs/download.php/685/openvas-client-3.0.0.tar.gz tar -xvf openvas-client-3.0.0.tar.gz cd openvas-client-3.0.0/ sudo ./configure sudo make sudo make install
If the above works for you, great! However if you’re running a 64 bit OS like me, you might get an error when you run “sudo make”. The error I received was:
/usr/bin/ld: cannot find -lcrypto collect2: ld returned 1 exit status make[1]: *** [OpenVAS-Client] Error 1 make[1]: Leaving directory `/tmp/openvas-client-3.0.0/openvas' make: *** [client] Error 2
I ran the following command to see what the problem was:
laneolson@system:/tmp/openvas-client-3.0.0$ ldconfig -p | grep crypto libcrypto.so.0.9.8 (libc6,x86-64) => /lib/libcrypto.so.0.9.8 libcrypto.so.0.9.8 (libc6,x86-64) => /usr/lib/libcrypto.so.0.9.8 libcrypto.so.0.9.8 (libc6, hwcap: 0x0008000000008000) => /lib32/i686/cmov/libcrypto.so.0.9.8 libcrypto.so.0.9.8 (libc6, hwcap: 0x0004000000000000) => /lib32/i586/libcrypto.so.0.9.8 libcrypto.so.0.9.8 (libc6, hwcap: 0x0002000000000000) => /lib32/i486/libcrypto.so.0.9.8
Creating a link in /usr/lib/ solved the problem:
sudo ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so
If you had to make the symbolic link make sure you do the following afterwards to complete the setup:
sudo ldconfig sudo make clean sudo ./configure sudo make sudo make install
You should have a message saying that the Client was installed successfully. You can run the client with:
sudo OpenVAS-ClientThe client can be installed on any computer that has access to the server. Once it is installed you just have to connect, setup a scan and you’re done! If you run into any hiccups along the way feel free to post in the comments and I will see if I can lend a hand.
Thank you for doing this!
These are very good instructions but setting the password is a little confusing when I go to add a user. How do I actually select pass once I run the command sudo openvas-adduser. I screwed this up somehow because once I run OpenVas I can’t login to set up a connection. I’m probably overlooking something very simple. Other than this everything works fine and the installation was very easy.
Great Write up. Very clear and concise. Thanks for your efforts.
Had on problem on “sudo openvas-nvt-sync”:
I had to manually change the argument of mktemp to add some XXXXXX
Finally it works! But when I run “openvas-nvt-sync” I get this:
mktmp: too few X’s in template ‘openvas-nvt-sync’
ERROR: Cannot create temporary directory for file download
What am I missing?
Hey George, looks like there is a bug in the latest build. You should be able to fix it by changing the value of SYNC_TMP_DIR to:
SYNC_TMP_DIR=`mktemp -d openvas-nvt-sync.XXXXXXXXXX`
Here is the post with the fix and more details:
http://lists.wald.intevation.org/pipermail/openvas-discuss/2010-March/001663.html
Thanks! That worked (eventually!). I changed the wrong SYNC_TMP_DIR (the first one, not the one referenced in the “If we have mkdir” comment! Thanks again!