Unlock the power of vulnerability scanning and security assessment by learning how to install OpenVAS on Rocky Linux 9 with our step-by-step guide. Enhance your system’s security posture and safeguard your infrastructure with this comprehensive tutorial tailored for seamless integration and optimal performance. #centlinux #linux #openvas
Table of Contents
What is OpenVAS?:
OpenVAS (Open Vulnerability Assessment System, originally known as GNessUs) is the scanner component of Greenbone Vulnerability Manager (GVM), a software framework of several services and tools offering vulnerability scanning and vulnerability management.
All Greenbone Vulnerability Manager products are free software, and most components are licensed under the GNU General Public License (GPL). Plugins for Greenbone Vulnerability Manager are written in the Nessus Attack Scripting Language, NASL.
Greenbone Vulnerability Manager began under the name of OpenVAS, and before that the name GNessUs, as a fork of the previously open source Nessus scanning tool, after its developers Tenable Network Security changed it to a proprietary (closed source) license in October 2005. OpenVAS was originally proposed by pentesters at SecuritySpace, discussed with pentesters at Portcullis Computer Security and then announced by Tim Brown on Slashdot.
Greenbone Vulnerability Manager is a member project of Software in the Public Interest. (Source: Wikipedia)
Is OpenVAS free?
Yes, OpenVAS (Open Vulnerability Assessment System) is free and open-source software. It is licensed under the GNU General Public License (GPL) and is available for anyone to download, use, and modify without cost. OpenVAS is widely used for vulnerability scanning and management, providing users with a comprehensive set of tools for identifying and mitigating security vulnerabilities in their systems and networks.
Recommended Online Training: OpenVas Basic to Advanced With Kali Linux
Environment Specification:
We are using a minimal Rocky Linux 9 virtual machine with following specifications.
- CPU – 3.4 Ghz (2 cores)
- Memory – 2 GB
- Storage – 20 GB
- Operating System – Rocky Linux release 9.1 (Blue Onyx)
- Hostname – openvas-01.centlinux.com
- IP Address – 192.168.88.128/24
Prepare your Rocky Linux Server:
Connect with your Rocky Linux server as root using with the help of a ssh client.
Set a Fully Qualified Domain Name (FQDN) for your OpenVAS server by using hostnamectl command.
# hostnamectl set-hostname openvas-01.centlinux.com
Edit /etc/hosts file in a vim text editor.
# vi /etc/hosts
Add following line in this file to setup name resolution.
192.168.88.128 openvas-01.centlinux.com openvas-01
Refresh your Yum cache and update software packages in your Rocky Linux server.
# dnf makecache # dnf update -y
Sometimes, the above command updates software packages related to Linux Kernel. If his happens then you should reboot your Linux operating system before moving forward with this Linux Tutorial.
# reboot
After restart check the Linux operating system and Linux Kernel versions.
# cat /etc/rocky-release Rocky Linux release 9.1 (Blue Onyx) # uname -r 5.14.0-162.12.1.el9_1.0.2.x86_64
OpenVAS requires SELinux to be disabled.
You can execute following sets of commands to permanently disable SELinux in your Rocky Linux server.
# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config # grubby --update-kernel ALL --args selinux=0 # reboot
You need to install wget command to download OpenVAS installer.
Execute dnf command to install wget package.
# dnf install -y wget
Install Third Party Yum Repositories:
OpenVAS requires some software packages that are not available in standard yum repositories.
Therefore, you are required to enable CRB (Power Tools) and EPEL (Extra Packages for Enterprise Linux) yum repositories.
You can enable these yum repositories by executing following set of commands.
# dnf config-manager --set-enabled crb # dnf install -y epel-release epel-next-release
Execute following command to download and install Atomic yum repository.
# wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh Atomic Free Unsupported Archive installer, version 7.0.2 BY INSTALLING THIS SOFTWARE AND BY USING ANY AND ALL SOFTWARE PROVIDED BY ATOMICORP LIMITED YOU ACKNOWLEDGE AND AGREE: THIS SOFTWARE AND ALL SOFTWARE PROVIDED IN THIS REPOSITORY IS PROVIDED BY ATOMICORP LIMITED AS IS, IS UNSUPPORTED AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ATOMICORP LIMITED, THE COPYRIGHT OWNER OR ANY CONTRIBUTOR TO ANY AND ALL SOFTWARE PROVIDED BY OR PUBLISHED IN THIS REPOSITORY BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. For supported software packages please contact us at: sales@atomicorp.com Do you agree to these terms? (yes/no) [Default: yes] Configuring the [atomic] repo archive for this system Installing the Atomic GPG keys: OK Downloading atomic-release-1.0-23.el9.art.noarch.rpm: Verifying... ################################# [100%] Preparing... ################################# [100%] Updating / installing... 1:atomic-release-1.0-23.el9.art ################################# [100%] Enable repo by default? (yes/no) [Default: yes]: The Atomic repo has now been installed and configured for your system The following channels are available: atomic - [ACTIVATED] - contains the stable tree of ART packages atomic-testing - [DISABLED] - contains the testing tree of ART packages atomic-bleeding - [DISABLED] - contains the development tree of ART packages
Rebuild your cache for newly installed yum repositories.
# dnf makecache Rocky / Red Hat Enterprise Linux 9 - atomic 1.1 kB/s | 3.0 kB 00:02 Extra Packages for Enterprise Linux 9 - x86_64 4.8 kB/s | 8.9 kB 00:01 Extra Packages for Enterprise Linux 9 - Next - 15 kB/s | 8.9 kB 00:00 Rocky Linux 9 - BaseOS 733 B/s | 4.1 kB 00:05 Rocky Linux 9 - AppStream 2.2 kB/s | 4.5 kB 00:02 Rocky Linux 9 - CRB 258 kB/s | 2.1 MB 00:08 Rocky Linux 9 - Extras 586 B/s | 2.9 kB 00:05 Metadata cache created.
OpenVAS installation on Rocky Linux 9
Now you can install OpenVAS software by executing following commands.
During installation, gvm updates Network Vulnerability Tests feed from the Greenbone Security Feed/Community Feed. It may takes a few more minutes, depends upon your Internet connection speed.
# dnf install -y gvm # gvm-setup ##################################### GVM Setup, Version: 6.1.0 Atomicorp, Inc. ##################################### cannot access /var/lib/alternatives/python: No such file or directory * Initializing database in '/var/lib/pgsql/data' * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log Created symlink /etc/systemd/system/multi-user.target.wants/postgresql.service → /usr/lib/systemd/system/postgresql.service. Created symlink /etc/systemd/system/multi-user.target.wants/redis.service → /usr/lib/systemd/system/redis.service. net.core.somaxconn = 1024 vm.overcommit_memory = 1 Update NVT, CERT, and SCAP data Please note this step could take some time. Once completed, this will be updated automatically every 24 hours Updating NVTs.... /usr/bin/greenbone-nvt-sync --- --- --- sent 727 bytes received 99,598,473 bytes 991,036.82 bytes/sec total size is 99,554,950 speedup is 1.00 /usr/sbin/greenbone-feed-sync --type CERT success Updating OpenVAS Manager certificates: Complete GVMD startup: Done Set the GSAD admin users password. The admin user is used to configure accounts, Update NVT's manually, and manage roles. Enter Administrator Password: Verify Administrator Password: Created symlink /etc/systemd/system/multi-user.target.wants/ospd-openvas.service → /usr/lib/systemd/system/ospd-openvas.service. Created symlink /etc/systemd/system/multi-user.target.wants/notus-scanner.service → /usr/lib/systemd/system/notus-scanner.service. Created symlink /etc/systemd/system/openvas-manager.service → /usr/lib/systemd/system/gvmd.service. Created symlink /etc/systemd/system/multi-user.target.wants/gvmd.service → /usr/lib/systemd/system/gvmd.service. Created symlink /etc/systemd/system/greenbone-security-assistant.service → /usr/lib/systemd/system/gsad.service. Created symlink /etc/systemd/system/multi-user.target.wants/gsad.service → /usr/lib/systemd/system/gsad.service. Created symlink /etc/systemd/system/multi-user.target.wants/mosquitto.service → /usr/lib/systemd/system/mosquitto.service. success success ##################################### Setup complete Log in to GSAD at https://localhost #####################################
OpenVAS software has been installed successfully.
To access OpenVAS software from network, you need to allow https service in Linux firewall.
# firewall-cmd --permanent --add-service=https success # firewall-cmd --reload success
Access Your OpenVAS Security Assistant:
Open URL https://openvas-01.centlinux.com in a web browser.
Login as admin user, you can use the password that you have set during execution of gvm-setup command.
You have reached at the Dashboard of OpenVAS Security Assistant.
Video Tutorial: How to install OpenVAS on Linux
Final Thoughts
Equip yourself with the knowledge to fortify your system’s defenses by seamlessly learning how to install OpenVAS on Rocky Linux 9. With our step-by-step guide, you’ll harness the power of this robust vulnerability assessment system, ensuring the security of your infrastructure. Let this tutorial be your roadmap to a more secure and resilient network environment.
ok
I followed your tutorial and successfully got openvas up and running! I'm coming back, a year later, because certain things in openvas have reached their EOL and now i need to update/upgrade Openvas… But i get this error when trying to run dnf upgrade….
"error: /etc/rpm/macros.atomic-config: line 3: Macro %undefine is a built-in (%define)
error: /etc/rpm/macros.atomic-config: line 5: Macro %undefine is a built-in (%define)
error: /etc/rpm/macros.atomic-config: line 3: Macro %undefine is a built-in (%define)
error: /etc/rpm/macros.atomic-config: line 5: Macro %undefine is a built-in (%define)
"
I don't think that, you can perform an in-place upgrade of OpenVAS. Why don't you configure a new server and then migrate your OpenVAS application thereon.