Openvas install

OpenVAS 6 installation can be a little confusing for those not familiar with the different OpenVAS components. Making it evenmore so is a little problem with libgnutls that is causing manypeople more than a little frustration.
This guide will step you through the installation of OpenVAS 6 on debian 7.6.0.
Here is an excellent diagram from the openvas project that covers the different OpenVAS components and where they fit in. The page also containsadditional information and mentions the library libgnutls package thatcaused some problems with TLS that has been resolved with the latest package updates.
First step is to install debian-7.6.0-amd64 from iso to a Virtualbox machine. I have used default settings on Virtualbox  for a Linux Debian 64 machine (I did upgrade the RAM to 1024mb, if  you have lots bump it up).
During the installation of Debian amd64 all defaults were selected, I also selected install openssh server. 10 minutes later I have a nice clean Debian install ready to go.
Now for the installation of OpenVAS 6. Grab the packages fromOpenVAS project site. Note I will use the .deb packages downloaded manually. There is an option toconfigure OBS repository for apt-get installation.
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/amd64/greenbone-security-assistant_4.0.1_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/amd64/libmicrohttpd10_0.9.26-1_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/amd64/libopenvas6_6.0.0-1_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/amd64/openvas-administrator_1.3.0-1_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/amd64/openvas-cli_1.2.0-1_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/amd64/openvas-manager_4.0.2_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/amd64/openvas-scanner_3.4.0-1_amd64.deb
Next step is to install a couple of extra packages thatare required for OpenVAS.apt-get install libgpgme11 libpth20 sqlite3 xsltproc nmap
Then install the different OpenVAS components that wedownloaded.dpkg -i greenbone-security-assistant_4.0.1_amd64.deblibmicrohttpd10_0.9.26-1_amd64.deb libopenvas6_6.0.0-1_amd64.debopenvas-administrator_1.3.0-1_amd64.debopenvas-cli_1.2.0-1_amd64.deb openvas-manager_4.0.2_amd64.debopenvas-scanner_3.4.0-1_amd64.deb
Since we are building a server based system for vulnerability scanning, we will be accessing the server components over the network. Tochange the default listen address from 127.0.0.1 localhost to the IP address of the local network interface we will change settings in these files.root@debian:~# vi /etc/default/greenbone-security-assistant
root@debian:~# vi /etc/default/openvas-manager
root@debian:~# vi /etc/default/openvas-administrator
root@debian:~# vi /etc/default/openvas-scannerThe init.d start scripts use these files toget the parameters for starting of the services.
The following steps are the straight from theOpenVAS project  website, it involves setting up the certificates and creating the users.test -e/var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q
sudo openvas-nvt-sync
test -e /var/lib/openvas/users/om ||sudo openvas-mkcert-client -n om -i
sudo /etc/init.d/openvas-managerstop
sudo /etc/init.d/openvas-scannerstop
sudo openvassd
sudo openvasmd --migrate
sudo openvasmd --rebuild
sudo killall openvassd
sleep 15
sudo /etc/init.d/openvas-scannerstart
sudo /etc/init.d/openvas-managerstart
sudo/etc/init.d/openvas-administrator restart
sudo/etc/init.d/greenbone-security-assistant restart
test -e /var/lib/openvas/users/admin || sudo openvasad -cadd_user -n admin -r Admin
It is likely that starting greenbone-security-assistant resulted in an error. This I believe is due to a TLS issue inlibmicrohttpd. Note that GSAD is only required if you wish to usethe web client, it is not necessary to run the GSD (GreenboneSecurity Desktop Client) and the OMP (command line client).

root@debian:~# /etc/init.d/greenbone-security-assistant start

Starting Greenbone Security Assistant: ERROR.
To make this work we will disable HTTPS under gsad. Take notethat this means the openvas username and password are transmitted over HTTP (unencrypted) when logging into gsad.Edit and add –http-only to the execute command like so:Change the line in /etc/init.d/greenbone-security-assistant  from:start_daemon() {
start-stop-daemon --start--exec $DAEMON -- $DAEMONOPTS 2>&1 >/dev/null

to:

start_daemon() {
start-stop-daemon --start --exec $DAEMON -- $DAEMONOPTS--http-only 2>&1 >/dev/null
Restarting greenbone security administrator, may now still result in an error but if you executenetstat -anpyou will see that gsad is now running on 9392.If all went well we should be able to use the omp command lineclient to authenticate against the OpenVAS manager. To do this the following command queries the manager and lists all tasks.omp -h 192.168.1.3 -p 9390 -u admin-w admin -T -v
---- snip lots of xml -----
b493b7a8-7489-11df-a3ec-002264764cea Localhost
Command completed successfully.This indicates that the OpenVAS manager is working, and we have gotten past the libgnutls problem.Now when connecting to http://192.168.1.113:9392/ in the browser, we are able to access the GSAD login screen. OpenVAS isnow working and we can access the scanner via either the gsad webclient, the gsd local client or the omp command line client.
A note about the OpenVAS configuration File
The openvas scanner has aconfiguration file /etc/openvas/openvas.conf however in a default installation of the Ubuntu packages this is not present after installation.
The file can be created from the running openvassd.
openvassd -s
This shows the current running configuration, so simply redirect the output from that command to a new file/etc/openvas/openvas.conf and you then have a configuration that can be modified to suit your requirements.Restart openvassd to have the configuration file read in.



Recommend:
http://www.openvas.org/install-packages-v6.html#openvas_debian_obs
http://hackertarget.com/install-openvas-5-in-ubuntu-12-04/
metasploit + openvas