Install OpenVAS on Debian based Linux

Hello,

In this small post, I will explain how to install and setup OpenVAS on a Kali Linux.

First, be sure to have your system up to date.

# sudo apt-get update && sudo apt-get upgrade --yes

After that, you can install openVAS.

# sudo apt-get install openvas

If you run Debian 10 Buster, please also install the following packages:

# sudo apt install rsync sqlite3 xsltproc

Once done, just run the setup to perform an initial configuration

# openvas-setup

This step takes a lot of time because the setup will download all the latest threat definition, configure the certificate and so on. Once done, I suggest you to create a new custom user using the following command:

# openvasmd --create-user=superman --new-password=mysecret1234$

By default, OpenVAS only listen on the loopback interface. If you want to be able to remotely access to the OpenVAS’ web interface, you must perform some changes. If you  want to allow openVAs to listen on all interface, you must use 0.0.0.0 instead of 127.0.0.1.

Since we are on systemd, you actually need to modify 3 .service files. To make it quicky, you can use sed command to remplace 127.0.0.1 by 0.0.0.0.

# cd /lib/systemd/system
# sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service

This command only display the futur changes. If you are ok with this, simply add the option -i at the end of the previous command:

# sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service -i

After that, you need to reload systemd deamons and restart the OpenVAS services.

# systemcl deamon-reload
# openvas-stop && openvas-start

If you want to hosting this service on a VPS system, you should add the following in the service file

# sudo ExecStart=/usr/sbin/gsad –foreground –listen=0.0.0.0 –port=9392 –mlisten=0.0.0.0 –mport=9390 –allow-header-host=HOST OR IP –timeout=1440

That it. Now you should be able to access to the web interface of your server using https://<ip-address>:9392

Bookmark the permalink.

4 Comments

  1. Should you add this info on artivle if hosting in a vps try add this parameters like:

    ExecStart=/usr/sbin/gsad –foreground –listen=0.0.0.0 –port=9392 –mlisten=0.0.0.0 –mport=9390 –allow-header-host=HOST OR IP –timeout=1440

    thanks!

  2. For Debian 10 Buster you also need

    apt install rsync sqlite3 xsltproc

    before starting openvas-setup

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.