OpenVAS is widely used and valuable security scanning tool and an essential component for any one creating a public or private cloud infrastructure. The OpenVAS open source project is sponsored by "Greenbone Networks" and they make available a pre-packaged OpenVAS based VM Appliance as "GCE - GSM (Greenbone Security Manager) Community Edition". This is based on Debian Linux and designed run on any of : Virtual Box, VMWare ESXi or Microsoft Hyper-V.

But what about KVM (Kernal Virtual Machine), which provides core of most private  and many public clouds ?

To get GCE Virtual Appliance running requires a bit of KVM / QEMU tickering, so to help people here are some guidelines taken from my working configuration.


OpenVAS 9 is the end of line for OpenVAS and project has now been renamed "Greenbone Vulnerability Management" (GVM) with GVM-10 being released in 2019 and GVM-11 being current stable release.

With these changes there have also been changes in how the Greenbone Community Edition runs and so I have split out this into OpenVAS and GVM based guidance.


GVM Based Edition

With GVM based CGE 6 there is no longer any Microsoft Hyper-V support, nor any official KVM / QEMU Support.

The deployment model is now that you create an empty VM, which is booted via CD-ROM which then does install of CGE to the hard drive.

This version of CGE is much more constricted then the prior OpenVAS version, for instance you cannot enable root (super user) on the installed machine. Configuration of networking (IP Addressing etc) is done via the captured shell script.

From this you can configure:

  • User - accounts
  • Network - static IP Addressing (ipv4 & ipv6, dns and default routes)
  • Services
  • Feed - the security feed
  • Other things ...

The underlying OS has now been updated to Debian Linux 4.11 (prior OpenVAS release was 3.16). There is now only SATA HD support and e1000 NIC support.

Here are QEMU / KVM configuration details:

  • Greenbone Community Edition (6.0.7) - based on Debian 3.16 64-Bit Linux (Jessie release)
  • Hypervisor - KVM
  • Architecture - x86_64
  • Chipset - Q35
  • Firmware - BIOS
  • HD Type - SATA HD (not HD must be at least 15GB
  • CDROM - SATA (to boot 6.0.7 ISO from)
  • No SCSI Controller Models work, I tested: lsilogic, lsisas1068, virtio
  • Graphics - Video QXL
  • Keyboard - Generic PS2 Keyboard
  • NIC Device Model - e1000
  • CPU - x 2
  • Memory - 4096 MiB

OpenVAS 9 Based Edition

NOTE: This is not a set of step by step instructions, but rather the key configuration items that you must select to allow QEMU / KVM machine to run. In my case I manage most of my KVM's with "Virtual Machine Manager".

Here is information you need to configure QEMU / KVM machine:

  • Greenbone Community Edition - based on Debian 3.16 64-Bit Linux (Jessie release)
  • Hypervisor - KVM
  • Architecture - x86_64
  • Chipset - Q35
  • Firmware - BIOS
  • HD Type - SCSI HD (must be device 0:0:0:1)
  • SCSI Controller Model - lsilogic
  • Graphics - Video QXL
  • Keyboard - Generic PS2 Keyboard
  • NIC Device Model - e1000-82545em
  • CPU - x 2
  • Memory - 4096 MiB

The GCE Debian Linux distribution has been stripped out to remove superfluous drivers and other programs, so you will find that if you do not use the configuraiton as above then GCE will not find HD or you will not have any network interface available for scanning.