Status: As at 26 Feb 2020 - tested and running and now mostly documented so others can do this as well
Status: As of June 2020 - with upgrade of OpenVAS 9 to GVM-11 the simple Ubuntu install is broken.
Status: As of Jan 2021 - Recommendation is to built on AWS from Source (see section on "GSM 20.08 on Ubuntu 20.04 on AWS")
NOTE: As of OpenVAS 10, OpenVAS is now know as Greenbone Vulnerability Management (GVM). I have updated this tip to reflect GVM update.
OpenVAS / GVM is a very useful Open Source security scanning tool.
Running a security scan on your network is strongly recommended, however if you are running scanner on your internal network, then the scan results may not reflect the situation of how your network looks to the "outside world".
To do this you should run your scanner from a machine that is accessing your network from the public internet, as this is a key attack path. A simple way to do this is to spin up a scanner instance in AWS or other public cloud and then run your scan from there. This is relatively easy to do and you can even use free Ubuntu EC2 machine to achieve this at low cost.
For running OpenVAS on QEMU / KVM, see here for my tip on running the OpenVAS on QEMU / KVM using the "Greenbone Networks" VM applicance.
GVM 20.08 on Ubuntu 20.04 on AWS
OpenVAS 9, which is no longer supported and the "simple" Ubuntu install for GVM-11 never worked correctly and in any case is now obselete as current version is now GVM 20.08 (reflects August 2020 as new release naming convention).
You can get a GVM 20.08 build up and running on AWS on Ubuntu 20.04 using source build.
Be aware that to build on AWS you will need a AWS host with more than the 1GB RAM that is provided by the "free tier" AWS Ubuntu 20.04 "Micro T2" machine.
I have done testing of build process and the "Micro T2" VM goes into virtual memory swap thrashing when building the "gsa" component. This occurs doing the node/yarn build process and I have observed this by running "top" during the build process. I tried to work around this by changing the "vm.swappiness" configuration from default 60% to 80% but VM still goes into swap thrashing.
If you set up an "medium T2" VM with:
- 2 CPUs and
- 4GB RAM with
- Security setup to allow: ssh (port 22), http (port 80) and https (port 443) access.
Then you can successfully build an GVM 20.08 instance from source on AWS.
I did this via instructions from:
- Mike Lab Instructions - https://www.mikeslab.net/install-greenbone-vulnerability-manager-20-08-on-ubuntu-20-04/ &
- Kevin Lucas Script - on github
Beware that the script enables Linux firewall (ufw) as part of its setup and fails to completes the data sync correctly as part of build on Ubuntu 20.04 and so you will need to re-run data load. Both these issues have been documented and can be worked around.
I have validated the the instructions from Mike Lab blog: https://www.mikeslab.net/install-greenbone-vulnerability-manager-20-08-on-ubuntu-20-04/ and Kevin Lucus's script on github.
I will not repeat the instructions here as you are better just using either of these instructions yourself.
The build will make a machine that is accessible via https via AWS public IP of your VM.
OpenVAS 9 on Ubuntu on AWS
NOTE: OpenVAS 9 is no longer supported and project has been renamed to "Greenbone Vulnerability Management" (GVM) with GVM-11 the new stable release. Instructions require update to new version.
- If you have not already done so, setup an AWS account: https://aws.amazon.com
- Using AWS Management Console, create a new EC2 VM
3. Setup an Ubuntu Server 18.04 64-bit (x86) VM
NOTE: Free Tier is sufficient to run a scanner, as long is you accept that it is slow
4. Using EC2 console, configure your VM firewall security and download your ssh key
For Firewall rules you should configure these so you can get acces to the following ports:
- 22 - ssh / sftp
- 80 / 443 - http / https
- 4000 - port for OpenVAS Web URL
The source access addresses will be based on your particular IP address ranges and security concerns.
5. Login to your VM:
$ ssh -i "aws-YOUR-key-01.pem" ubuntu@ec2-YOUR_VM.compute.amazonaws.com ... Usual Ubuntu Greetings... ... $ uname -a Linux ip-172-31-9-160 4.15.0-1060-aws #62-Ubuntu SMP Tue Feb 11 21:23:22 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ cat /etc/*-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.3 LTS" NAME="Ubuntu" VERSION="18.04.3 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04.3 LTS" VERSION_ID="18.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic
6. Now install OpenVAS
To make this a bit more repeatable, I have put what is needed into shell script
$ cat install.sh #/bin/sh sudo add-apt-repository ppa:mrazavi/openvas sudo update sudo apt update sudo apt upgrade sudo apt install sqlite3 sudo apt install openvas9 sudo apt install libopenvas9-dev sudo greenbone-nvt-sync sudo greenbone-scapdata-sync sudo greenbone-certdata-sync sudo systemctl enable openvas-scanner sudo systemctl enable openvas-manager sudo systemctl enable openvas-gsa sudo systemctl start openvas-scanner sudo systemctl start openvas-manager sudo systemctl start openvas-gsa sudo openvasmd --rebuild --progress
7. Connect via Web to your OpenVAS machine...
This should be availabe via the machine, AWS Address and port 4000
You can now configure your scans and run them
So happy scanning....
Trouble Shooting and Operating
Here are some common operating issues...
Use the openvasmd (OpenVAS) Manager Daemon to administor users and passwords.
$ openvasmd --help Usage: openvasmd [OPTION…] - Manager of the Open Vulnerability Assessment System Help Options: -h, --help Show help options Application Options: --backup Backup the database. --check-alerts Check SecInfo alerts. --client-watch-interval=
Check if client connection was closed every seconds. 0 to disable. Defaults to 1 seconds. -d, --database= Use as database for SQLite/Postgres. --disable-cmds= Disable comma-separated . --disable-encrypted-credentials Do not encrypt or decrypt credentials. --disable-password-policy Do not restrict passwords to the policy. --disable-scheduling Disable task scheduling. --create-user= Create admin user and exit. --delete-user= Delete user and exit. --get-users List users and exit. --create-scanner= Create global scanner and exit. --modify-scanner= Modify scanner and exit. --scanner-name= Name for --modify-scanner. --scanner-host= Scanner host for --create-scanner and --modify-scanner. Default is /var/run/openvassd.sock. --otp-scanner= Path to scanner unix socket file. Used by --rebuild and --update --scanner-port= Scanner port for --create-scanner and --modify-scanner. Default is 9391. --scanner-type= Scanner type for --create-scanner and --mdoify-scanner. Either 'OpenVAS' or 'OSP'. --scanner-ca-pub= Scanner CA Certificate path for --[create|modify]-scanner. --scanner-key-pub= Scanner Certificate path for --[create|modify]-scanner. --scanner-key-priv= Scanner private key path for --[create|modify]-scanner. --verify-scanner= Verify scanner and exit. --delete-scanner= Delete scanner and exit. --get-scanners List scanners and exit. --schedule-timeout=
After installing OpenVAS there should be a single OpenVAS user defined (admin)
$ sudo openvasmd --get-users admin ... now to update password $ sudo openvasmd --user=admin --new-password=YOUR_PASSWORD
Web Connect Error
On doing web connect you get:
The request contained an unknown or invalid Host header. If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it.
This is likely a result of having stopped your VM and then restarted it. If you are using a VM without a persistent URL (this is paid for feature), then the AWS URL address changes on stopping and re-starting the VM.
To address this problem you need to edit: vi /etc/default/openvas-gsa
This has a configuration for the valid access URL address header: "ALLOW_HEADER_HOST" .
Simply update this to current valid AWS DNS name and reboot machine:
$ sudo vi /etc/default/openvas-gsa $ sudo reboot
Out of Disk Space
If you are using a free tier AWS VM then you will run out of disk space, due to historical reports and so cannot run scans.
Simply go into the Web Admin interface and purge old reports
OpenVAS need to keeps its security advisory database up to date and so you need to periodically refresh the database.
This will require you to ssh into the VM to trigger update & rebuild...
$ sudo greenbone-nvt-sync $ sudo greenbone-scapdata-sync $ sudo greenbone-certdata-sync $ sudo openvasmd --rebuild --progress ... Then on completion do reboot ... $ sudo reboot
And we are current:
NOTE: If you have issues getting feed update then check "Web Connect Error" note above, as this will also affect feed connection.
References & Links:
Running OpenVAS (GCE) Appliance on KVM / QEMU - my prior post on running OpenVAS via Greenbone Network VM Appliance
OpenVAS - a very valuable Open Source security scanner
AWS - Amazon Web Services is your toolkit of useful cloud computing
OpenVAS vulnerability scanner - Ubuntu PPA by Mohammad Razavi, follow link up and you will also find Docker image version as well
GVM Source Install on Ubuntu 20.04 - see the following instructions on Mikes Lab blog
GVM Source Install Script - here is Ubuntu 20.04 install script from github. I have only done initial testing on this it works on with exception of need to disable ufw and reload the data
Greenbone Source Edition - when all else fails revert to source -;