• A new internal architecture of the modules
• NVT Meta Information that is free of arbitrary size limits
• IPv6 support
• WMI clients support
• Supports upcoming optional extensions:
  • OpenVAS Manager for storing and organizing scans on a central server in a
    SQL database
  • OpenVAS Administrator for User-, Feed- and Settings-Management
  • Greenbone Security Assistent for a web-based Vulnerability Management

You can read more about it on the official OpenVAS website. Now, lets get to the good stuff. The instructions below should get you up and running with OpenVAS 3 on Ubuntu 9.10:

Prerequisites

First we need to install all of the dependent packages:

sudo apt-get install build-essential libgnutls-dev libpcap0.8-dev bison 
libglib2.0-dev libgpgme11-dev libssl-dev cmake

Getting the Files

Once those packages have installed we need to download the files required for OpenVAS. The links below may be outdated, make sure you obtain the latest version.

cd /tmp
wget http://wald.intevation.org/frs/download.php/706/openvas-libraries-3.0.3.tar.gz
wget http://wald.intevation.org/frs/download.php/696/openvas-scanner-3.0.1.tar.gz

Now that we have downloaded the required files we must compile and install the packages in the following order:

1. openvas-libraries
2. openvas-scanner

Install OpenVAS Libraries

Start by untarring the openvas-libraries and compiling/installing it:

tar -xvf openvas-libraries-3.0.3.tar.gz
cd openvas-libraries-3.0.3/
sudo ./configure
sudo make
sudo make install

If all goes well here then you should get a message saying that the openvas-libraries have been installed. If for some reason you get a message saying that gpgme is not installed, then try this:

sudo apt-get install libgpgme11-dev

Install OpenVAS Scanner

Next untar the openvas-scanner and compile/install it:

cd ..
tar -xvf openvas-scanner-3.0.1.tar.gz
cd openvas-scanner-3.0.1/
sudo ./configure
sudo make
sudo make install

The OpenVAS libraries, and scanner should now be installed. We now have to make sure that /usr/local/bin and /usr/local/sbin are in our PATH. We can do that by typing in:

echo ${PATH}

In the output from the above command you should see /usr/local/bin and /usr/local/sbin somewhere. If you don’t you will have to add those entries to the PATH environmental variable manually. If your PATH environmental variable is all good you can build the links to the new libraries:

sudo ldconfig

Generate a Certificate

We are now ready to generate a certificate for our OpenVAS Server, make sure to enter values relevant to your location.

sudo openvas-mkcert

Follow the onscreen prompts and enter the appropriate information when asked.

Create a User

Now we need to add a user:

sudo openvas-adduser

Enter a username and choose your authentication method (choose “pass” to authenticate with a password). Hit ctrl-d when you are prompted for rules if you don’t want any scanning restrictions.

Now everything that we need is setup for the OpenVAS scanner. The next step is to sync the server with the NVT feed. The NVT (Network Vulnerability Test) feed is a list of files that will be downloaded to your server. I would recommend that you run the openvas-nvt-sync on regular intervals to ensure that your NVT files are up to date.

sudo openvas-nvt-sync

Note: The first time you run this command it may take a while to download all the NVT’s. Grab a coffee and a sandwich, some water and a piece of fruit, some beer and some pretzels… or whatever it is you eat/drink.

Once it’s done its thing you can start up the OpenVAS server daemon:

sudo openvassd

Note: It might take a few minutes to load all the plug-ins. A great opportunity to get some exercise and burn off the beer and pretzels from earlier.

If all went according to plan, you now have a running version of OpenVAS server. The next step in the process is to setup a client to connect to the OpenVAS server. You may opt to do this on a different computer, but you can just as easily install it on the same computer.

Install the OpenVAS Client

First we need to install the dependent packages for the client:

sudo apt-get install libgtk2.0-dev htmldoc

Now we can proceed to install the client:

cd /tmp
wget http://wald.intevation.org/frs/download.php/685/openvas-client-3.0.0.tar.gz
tar -xvf openvas-client-3.0.0.tar.gz
cd openvas-client-3.0.0/
sudo ./configure
sudo make
sudo make install

If the above works for you, great! However if you’re running a 64 bit OS like me, you might get an error when you run “sudo make”. The error I received was:

/usr/bin/ld: cannot find -lcrypto
collect2: ld returned 1 exit status
make[1]: *** [OpenVAS-Client] Error 1
make[1]: Leaving directory `/tmp/openvas-client-3.0.0/openvas'
make: *** [client] Error 2

I ran the following command to see what the problem was:

laneolson@system:/tmp/openvas-client-3.0.0$ ldconfig -p | grep crypto
	libcrypto.so.0.9.8 (libc6,x86-64) => /lib/libcrypto.so.0.9.8
	libcrypto.so.0.9.8 (libc6,x86-64) => /usr/lib/libcrypto.so.0.9.8
	libcrypto.so.0.9.8 (libc6, hwcap: 0x0008000000008000) => /lib32/i686/cmov/libcrypto.so.0.9.8
	libcrypto.so.0.9.8 (libc6, hwcap: 0x0004000000000000) => /lib32/i586/libcrypto.so.0.9.8
	libcrypto.so.0.9.8 (libc6, hwcap: 0x0002000000000000) => /lib32/i486/libcrypto.so.0.9.8

Creating a link in /usr/lib/ solved the problem:

sudo ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so

If you had to make the symbolic link make sure you do the following afterwards to complete the setup:

sudo ldconfig
sudo make clean
sudo ./configure
sudo make
sudo make install

You should have a message saying that the Client was installed successfully. You can run the client with:

sudo OpenVAS-Client

The client can be installed on any computer that has access to the server. Once it is installed you just have to connect, setup a scan and you’re done! If you run into any hiccups along the way feel free to post in the comments and I will see if I can lend a hand.

Prerequisites

First we need to install all of the dependent packages:

sudo apt-get install build-essential libgnutls-dev libpcap0.8-dev bison libgtk2.0-dev
libglib2.0-dev libgpgme11-dev libssl-dev htmldoc

Note: libgtk2.0-dev is only required for the OpenVAS client. htmldoc is only required if you plan on exporting reports to PDF from the OpenVAS client.

Getting the Files

Once those packages have installed we need to download the files required for OpenVAS. The links below may be outdated, make sure you obtain the latest version.

cd /tmp
wget http://wald.intevation.org/frs/download.php/572/openvas-libraries-2.0.2.tar.gz
wget http://wald.intevation.org/frs/download.php/561/openvas-libnasl-2.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/562/openvas-server-2.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/576/openvas-plugins-1.0.6.tar.gz
wget http://wald.intevation.org/frs/download.php/575/openvas-client-2.0.3.tar.gz

Now that we have downloaded the required files we must sompile and install the packages in the following order:

1. openvas-libraries
2. openvas-libnasl
3. openvas-server
4. openvas-plugins

Install OpenVAS Libraries

Start by untarring the openvas-libraries and compiling/installing it:

tar -xvf openvas-libraries-2.0.2.tar.gz
cd openvas-libraries-2.0.2/
sudo ./configure
sudo make
sudo make install

Install OpenVAS libnasl

Next untar the openvas-libnasl and compile/install it:

cd ..
tar -xvf openvas-libnasl-2.0.1.tar.gz
cd openvas-libnasl-2.0.1/
sudo ./configure
sudo make
sudo make install

Install OpenVAS Server

Next untar the openvas-server and compile/install it:

cd ..
tar -xvf openvas-server-2.0.1.tar.gz
cd openvas-server-2.0.1/
sudo ./configure
sudo make
sudo make install

The OpenVAS libraries, libnasl, and server packages should now be installed. We now have to make sure that /usr/local/bin and /usr/local/sbin are in our PATH. We can do that by typing in:

echo ${PATH}

In the output from the above command you should see /usr/local/bin and /usr/local/sbin somewhere. If you don’t you will have to add those entries to the PATH environmental variable manually.

Install OpenVAS Plugins

Our next step is to compile/install the plugins:

cd ..
tar -xvf openvas-plugins-1.0.6.tar.gz
cd openvas-plugins-1.0.6/
sudo ./configure
sudo make
sudo make install

Note: The plugins may take a while to make… be patient.

Now we have to setup the symbolic links:

sudo ldconfig

Generate a Certificate

We are now ready to generate a certificate for our OpenVAS Server, make sure to enter values relevant to your location.

sudo openvas-mkcert

Create a User

Now we need to add a user:

sudo openvas-adduser

Enter a username and choose your authentication method. Hit ctrl-d when you are prompted for rules if you dont want any scanning restrictions.

sudo openvas-nvt-sync

And at last… the moment of truth! Start up the OpenVAS server daemon:

sudo openvasd -D

Install the OpenVAS Client

Now that the server is setup you can setup the client to run the scans:

cd ..
tar -xvf openvas-client-2.0.3.tar.gz
cd openvas-client-2.0.3/
sudo ./configure
sudo make
sudo make install
sudo OpenVAS-Client

The client can be installed on any computer that has access to the server. Once it is installed you just have to connect, setup a scan and you’re done! Stay tuned for another blog post on configuring scans with the OpenVAS Client.