Install OpenVAS on Debian based Linux

Hello,

In this small post, I will explain how to install and setup OpenVAS on a Kali Linux.

First, be sure to have your system up to date.

# sudo apt-get update && sudo apt-get upgrade --yes

After that, you can install openVAS.

# sudo apt-get install openvas

If you run Debian 10 Buster, please also install the following packages:

# sudo apt install rsync sqlite3 xsltproc

Once done, just run the setup to perform an initial configuration

# openvas-setup

This step takes a lot of time because the setup will download all the latest threat definition, configure the certificate and so on. Once done, I suggest you to create a new custom user using the following command:

# openvasmd --create-user=superman --new-password=mysecret1234$

By default, OpenVAS only listen on the loopback interface. If you want to be able to remotely access to the OpenVAS’ web interface, you must perform some changes. If you ¬†want to allow openVAs to listen on all interface, you must use 0.0.0.0 instead of 127.0.0.1.

Since we are on systemd, you actually need to modify 3 .service files. To make it quicky, you can use sed command to remplace 127.0.0.1 by 0.0.0.0.

# cd /lib/systemd/system
# sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service

This command only display the futur changes. If you are ok with this, simply add the option -i at the end of the previous command:

# sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service -i

After that, you need to reload systemd deamons and restart the OpenVAS services.

# systemcl daemon-reload
# openvas-stop && openvas-start

If you want to hosting this service on a VPS system, you should add the following in the service file

# sudo ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --allow-header-host=HOST OR IP --timeout=1440

That it. Now you should be able to access to the web interface of your server using https://<ip-address>:9392

Bookmark the permalink.

6 Comments

  1. Should you add this info on artivle if hosting in a vps try add this parameters like:

    ExecStart=/usr/sbin/gsad –foreground –listen=0.0.0.0 –port=9392 –mlisten=0.0.0.0 –mport=9390 –allow-header-host=HOST OR IP –timeout=1440

    thanks!

  2. For Debian 10 Buster you also need

    apt install rsync sqlite3 xsltproc

    before starting openvas-setup

  3. Typos in:
    # systemcl deamon-reload

    should be

    # systemctl daemon-reload

    and the VPS options should be prefixed with ‘–‘ and not ‘-‘

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.