Search This Blog

Thursday, 14 July 2011

openvas 4 how to setup guide

Yet another how to guide to hopefully save people some time when setting up openvas4
For this guide i have installed and configured openvas4 running on centos 5.2

Installation

download and install centos which can be found here(i used centos 5.2) once installed setup your yum repositories for openvas4
[root@localhost ~]#wget -q -O - http://www.atomicorp.com/installers/atomic | sh
[root@localhost ~]#yum update
[root@localhost ~]#yum upgrade

[root@localhost ~]# yum search openvas
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * atomic: www6.atomicorp.com
 * base: mirror.optus.net
 * extras: mirror.optus.net
 * updates: mirror.optus.net
=============================== Matched: openvas ===============================
greenbone-security-assistant.i386 : GSA
openvas.noarch : The Open Vulnerability Assessment (OpenVAS) suite
openvas-administrator.i386 : The Open Vulnerability Assessment (OpenVAS)
                           : Administrator
openvas-cli.i386 : The Open Vulnerability Assessment (OpenVAS) CLI
openvas-glib2.i386 : A library of handy utility functions
openvas-glib2-devel.i386 : The GIMP ToolKit (GTK+) and GIMP Drawing Kit (GDK)
                         : support library
openvas-libraries.i386 : Support libraries for Open Vulnerability Assessment
                       : (OpenVAS) Server
openvas-libraries-devel.i386 : Development files for openvas-libraries
openvas-manager.i386 : The Open Vulnerability Assessment (OpenVAS) Manager
openvas-scanner.i386 : The Open Vulnerability Assessment (OpenVAS) Server
[root@localhost ~]#
install openvas4
[root@localhost ~]# yum install openvas
 [root@localhost ~]# yum install openvas-administrator
[root@localhost ~]# /etc/init.d/openvas-scanner status
 openvassd (pid 5796) is running...
 [root@localhost ~]# /etc/init.d/openvas-manager status
 -l (pid 4550) is running...
 [root@localhost ~]# /etc/init.d/openvas-administrator status
 -l (pid 4931) is running...
 [root@localhost ~]# /etc/init.d/gsad status
 gsad (pid 4587) is running...
 [root@localhost ~]#

Configure Openvas4

Once you have openvas4 installed and running its time to configure. Start off by creating an user which is used to access the web interface
[root@localhost ~]# openvas-adduser
Using /var/tmp as a temporary file holder.
Add a new openvassd user
---------------------------------
Login : openvas
Authentication (pass/cert) [pass] :
Login password :
Login password (again) : 

User rules
---------------
openvassd has a rules system which allows you to restrict the hosts that openva has the right to test.
For instance, you may want him to be able to scan his own host only.

Please see the openvas-adduser(8) man page for the rules syntax.

Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)

Login             : openvas
Password          : ***********

Rules             : 

Is that ok? (y/n) [y] y
user added.
[root@localhost ~]#
I had to elevate the users privileges to be able to login and use the web interface (Greenbone security assistant)
[root@localhost ~]# openvasad --enable-modify-settings -c set_role -u openvas -r Admin
ad   main:MESSAGE:2684:2011-06-30 10h28.20 EST: The role of user openvas has been successfully changed.
[root@localhost ~]#
Update your signatures to ensure you have all the latest vulnerability tests
[root@localhost auth]# openvas-nvt-sync
[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.
[i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'.
[i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed.html'.
[i] NVT dir: /var/lib/openvas/plugins
[i] Will use rsync
[i] Using rsync: /usr/bin/rsync
[i] Configured NVT rsync feed: rsync://feed.openvas.org:/nvt-feed
OpenVAS feed server - http://openvas.org/
This service is hosted by Intevation GmbH - http://intevation.de/
All transactions are logged.
Please report problems to admin@intevation.de

receiving file list ...
43805 files to consider
./

sent 43 bytes  received 742045 bytes  87304.47 bytes/sec
total size is 96498257  speedup is 130.04
[i] Checking dir: ok
[i] Checking MD5 checksum: ok

[root@localhost ~]# /etc/init.d/openvas-scanner restart
Add the following to cron if you would like your signatures automatically updated
#update signatures on the 27th of each month at 1am
#crontab -e
0 1 27 * * /usr/sbin/openvas-nvt-sync-cron

Using Openvas4

Once all the above is done you can setup a scan by doing the following:
browse to the openvas4 web interface on: https://localhost:9392 and log in with your credentials you created above.



Once logged in create a new target by selecting targets from the left hand menu. Fill in appropriate details (you can also use /subnet masks on the end of the network) and create target


Next create a task by selecting New Task from the left hand menu. Fill in the appropriate fields and select your newly created target. Click on create task



Once you have created your new task you can launch the scan manually by clicking on the little play icon. This will launch the scan of the target machine. You can also see the progress of this scan with the progress bar





You can also create a scan schedule which will automatically kick off your scan at the specific time / interval. To setup a schedule select schedules from the left hand menu, fill in the appropriate details and frequency then select create schedule.



To add your schedule to a task, select Tasks from the left hand menu then click on the little spanner icon to edit your task.



Change the schedule drop down to your newly created scheduled time / frequency and save task.



You can now see you cannot manually run your task, a clock icon has replaced the play button which will start your task at the specified time.


Troubleshooting

NIKTO
I had issues with nikto when scanning saying: “Could not find a valid nikto config file” so i had to create the following configuration
/etc/nikto.conf

#########################################################################################################
# CONFIG STUFF
# $Id: config.txt 94 2009-01-21 22:47:25Z deity $
#########################################################################################################

# default command line options, can't be an option that requires a value.  used for ALL runs.
# CLIOPTS=-g -a

# ports never to scan
SKIPPORTS=21 111

# User-Agent variables:
 # @VERSION     - Nikto version
 # @TESTID      - Test identifier
 # @EVASIONS    - List of active evasions
USERAGENT=Mozilla/5.00 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID)

# RFI URL. This remote file should return a phpinfo call, for example: 
# You may use the one below, if you like.
RFIURL=http://cirt.net/rfiinc.txt?

# IDs never to alert on (Note: this only works for IDs loaded from db_tests)
#SKIPIDS=

# if Nikto is having difficulty finding the 'plugins', set the full install path here
EXECDIR=/usr/share/nikto

# The DTD
NIKTODTD=docs/nikto.dtd

# the default HTTP version to try... can/will be changed as necessary
DEFAULTHTTPVER=1.0

# Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should
# send updates because it makes the data better for everyone ;)   *NO* server specific information
# such as IP or name is sent, just the relevant version information.
# UPDATES=yes   - ask before each submission if it should send
# UPDATES=no    - don't ask, don't send
# UPDATES=auto  - automatically attempt submission *without prompting*
UPDATES=yes

# Warning if MAX_WARN OK or MOVED responses are retrieved
MAX_WARN=20

# Prompt... if set to 'no' you'll never be asked for anything. Good for automation.
#PROMPTS=no

# cirt.net : set the IP so that updates can work without name resolution -- just in case
CIRT=174.142.17.165

# Proxy settings -- still must be enabled by -useproxy
#PROXYHOST=127.0.0.1
#PROXYPORT=8080
#PROXYUSER=proxyuserid
#PROXYPASS=proxypassword

# Cookies: send cookies with all requests
# Multiple can be set by separating with a semi-colon, e.g.:
# "cookie1"="cookie value";"cookie2"="cookie val"
#STATIC-COOKIE=

# The below allows you to vary which HTTP methods are used to check whether an HTTP(s) server
# is running. Some web servers, such as the autopsy web server do not implement the HEAD method
CHECKMETHODS=HEAD GET

# If you want to specify the location of any of the files, specify them here
# EXECDIR=/opt/nikto
# PLUGINDIR=/opt/nikto/plugins
# TEMPLATEDIR=/opt/nikto/templates
# DOCDIR=/opt/nikto/docs

# Default plugin macros
@@MUTATE=dictionary;subdomain
@@DEFAULT=@@ALL;-@@MUTATE;tests(report:500)

#Choose SSL libs
# Options:
# SSLeay        - use Net::SSLeay
# SSL           - use Net::SSL
# auto          - automatically choose whats available
#                 (SSLeay wins if both are available)
LW_SSL_ENGINE=auto
The following was needed to update nikto
[root@localhost nikto]# mkdir docs
[root@localhost nikto]# touch docs/CHANGES.txt
[root@localhost nikto]# nikto.pl -update

No comments:

Post a Comment