OpenVAS is widely used and valuable security scanning tool and an essential component for any one creating a public or private cloud infrastructure. The OpenVAS open source project is sponsored by "Greenbone Networks" and they make available a pre-packaged OpenVAS based VM Appliance as "GCE - GSM (Greenbone Security Manager) Community Edition". This is based on Debian Linux and designed run on any of : Virtual Box, VMWare ESXi or Microsoft Hyper-V.

But what about KVM (Kernal Virtual Machine), which provides core of most private  and many public clouds ?

To get GCE Virtual Appliance running requires a bit of KVM / QEMU tickering, so to help people here are some guidelines taken from my working configuration.

Status: Dec 2020 - Updated for GSM TRIAL (based on Greenbone OS 20.08)


OpenVAS 9 is the end of line for OpenVAS and project has now been renamed "Greenbone Vulnerability Management" (GVM) with GVM-10 being released in 2019 and GVM-11 being current stable release.

With these changes there have also been changes in how the Greenbone Community Edition runs and so I have split out this into OpenVAS and GVM based guidance.

With the release of GVM 20.08 the Greenbone Community Edition (GCE) has been rename to "Greenbone Security Manager TRAIL". This is still Debian based and key change for it installation is need for EFI based boot. For KVM/QEMU, this means using OVMF (Open Virtual Machine Firmware) EFI.


GSM TRIAL Edition

With now renamed GSM TRIAL  based version there is now only Virtual Box as documented installation.

The deployment model is now that you create an empty VM, which is booted via CD-ROM which then does install of CSM TRIAL to the hard drive.

This version does not allow enabling root (super user) on the installed machine. Configuration of networking (IP Addressing etc) is done via the captured shell script.

Key different from prior version is that you should now configure your VM to use EFI Firmware (ie OVMF for KVM/QEMU)

From this you can configure:

  • User - accounts
  • Network - static IP Addressing (ipv4 & ipv6, dns and default routes)
  • Services
  • Feed - the security feed
  • Other things ...

The underlying OS has now been updated to Debian 10 (Buster)/Linux 4.19, now officially Greenbone OS (GOS) 20.08. There is now only SATA HD support and e1000 NIC support.

Here are QEMU / KVM configuration details:

  • Greenbone Security Manager TRIAL  (20.08) - based on Debian 10 (Buster)/Linux Kernel 4.19 (64-Bit) (or GOS 20.08)
  • Hypervisor - KVM
  • Architecture - x86_64
  • Chipset - Q35
  • Firmware - OVMF
  • HD Type - SATA HD (not HD must be at least 15GB
  • CDROM - SATA (to boot 20.08 ISO from)
  • No SCSI Controller Models work, I tested: lsilogic, lsisas1068, virtio
  • Graphics - Video QXL
  • Keyboard - Generic PS2 Keyboard
  • NIC Device Model - e1000
  • CPU - x 2
  • Memory - 4096 MiB

GVM Based Edition

With GVM based CGE 6 there is no longer any Microsoft Hyper-V support, nor any official KVM / QEMU Support.

The deployment model is now that you create an empty VM, which is booted via CD-ROM which then does install of CGE to the hard drive.

This version of CGE is much more constricted then the prior OpenVAS version, for instance you cannot enable root (super user) on the installed machine. Configuration of networking (IP Addressing etc) is done via the captured shell script.

From this you can configure:

  • User - accounts
  • Network - static IP Addressing (ipv4 & ipv6, dns and default routes)
  • Services
  • Feed - the security feed
  • Other things ...

The underlying OS has now been updated to Debian Linux 4.9 (prior OpenVAS release was 3.16). There is now only SATA HD support and e1000 NIC support.

Here are QEMU / KVM configuration details:

  • Greenbone Community Edition (6.0.7) - based on Debian 9 (Stretch)/Linux 4.9 (64 Bit)
  • Hypervisor - KVM
  • Architecture - x86_64
  • Chipset - Q35
  • Firmware - BIOS
  • HD Type - SATA HD (not HD must be at least 15GB
  • CDROM - SATA (to boot 6.0.7 ISO from)
  • No SCSI Controller Models work, I tested: lsilogic, lsisas1068, virtio
  • Graphics - Video QXL
  • Keyboard - Generic PS2 Keyboard
  • NIC Device Model - e1000
  • CPU - x 2
  • Memory - 4096 MiB

OpenVAS 9 Based Edition

NOTE: This is not a set of step by step instructions, but rather the key configuration items that you must select to allow QEMU / KVM machine to run. In my case I manage most of my KVM's with "Virtual Machine Manager".

Here is information you need to configure QEMU / KVM machine:

  • Greenbone Community Edition - based on Debian 3.16 64-Bit Linux (Jessie release)
  • Hypervisor - KVM
  • Architecture - x86_64
  • Chipset - Q35
  • Firmware - BIOS
  • HD Type - SCSI HD (must be device 0:0:0:1)
  • SCSI Controller Model - lsilogic
  • Graphics - Video QXL
  • Keyboard - Generic PS2 Keyboard
  • NIC Device Model - e1000-82545em
  • CPU - x 2
  • Memory - 4096 MiB

The GCE Debian Linux distribution has been stripped out to remove superfluous drivers and other programs, so you will find that if you do not use the configuraiton as above then GCE will not find HD or you will not have any network interface available for scanning.