OpenVas 8 on Ubuntu Server 14.04

OpenVas 8 on Ubuntu Server 14.04

This installation is not made for public facing servers, there is no build in security in my setup.
Everything is run as root in this example below, including daemons and web servers…
I take no responsibility if this guide bork you server, burn your house down to ashes or just messes up your life.. It’s under the “it worked for me[tm]” clause

首先来安装各种支持库

sudo apt-get install -y build-essential devscripts dpatch libassuan-dev  libglib2.0-dev libgpgme11-dev libpcre3-dev libpth-dev libwrap0-dev libgmp-dev libgmp3-dev libgpgme11-dev libopenvas2 libpcre3-dev libpth-dev quilt cmake pkg-config  libssh-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev  doxygen sqlfairy xmltoman sqlite3 libsqlite3-dev wamerican redis-server libhiredis-dev libsnmp-dev  libmicrohttpd-dev libxml2-dev libxslt1-dev xsltproc libssh2-1-dev libldap2-dev autoconf nmap libgnutls-dev libpopt-dev heimdal-dev heimdal-multidev libpopt-dev mingw32

# Fix redis-server for some openvas default install settings.

cp /etc/redis/redis.conf /etc/redis/redis.origecho "unixsocket /tmp/redis.sock" >> /etc/redis/redis.confservice redis-server restart

# Move in to the right place to download some tarballs.

cd /usr/local/src

# Become almighty root (remember: safety off, segmented internal build on)

sudo su

# Download ‘all the things’

wget --no-check-certificate https://wald.intevation.org/frs/download.php/2015/openvas-libraries-8.0.1.tar.gz wget --no-check-certificate https://wald.intevation.org/frs/download.php/2016/openvas-scanner-5.0.1.tar.gz wget --no-check-certificate https://wald.intevation.org/frs/download.php/2017/openvas-manager-6.0.1.tar.gz wget --no-check-certificate https://wald.intevation.org/frs/download.php/2018/greenbone-security-assistant-6.0.1.tar.gz wget --no-check-certificate https://wald.intevation.org/frs/download.php/1987/openvas-cli-1.4.0.tar.gz wget --no-check-certificate https://wald.intevation.org/frs/download.php/1975/openvas-smb-1.0.1.tar.gzwget --no-check-certificate https://wald.intevation.org/frs/download.php/1999/ospd-1.0.0.tar.gzwget --no-check-certificate https://wald.intevation.org/frs/download.php/2005/ospd-ancor-1.0.0.tar.gzwget --no-check-certificate https://wald.intevation.org/frs/download.php/2003/ospd-ovaldi-1.0.0.tar.gzwget --no-check-certificate https://wald.intevation.org/frs/download.php/2004/ospd-w3af-1.0.0.tar.gz

# unpack

find . -name \*.gz -exec tar zxvfp {} \;

# Configure and install openvas-smb:

cd openvas-smb* mkdir build cd build/ cmake .. make make doc-full make install cd /usr/local/src

# config and build libraries

 cd openvas-libraries-*  mkdir build  cd build  cmake ..  make  make doc-full make install cd /usr/local/src

# config and build scanner

 cd openvas-scanner-*  mkdir build  cd build/  cmake ..  make  make doc-full  make install  cd /usr/local/src

# reload libraries

ldconfig

#create cert

openvas-mkcert

# Sync nvt’s

openvas-nvt-sync

# Start openvassd

openvassd

# Check with ps or htop if the daemon is started. or perhaps..

# watch "ps -ef | grep openvassd"root 32078 1 27 16:09 ? 00:00:36 openvassd: Reloaded 6550 of 34309 NVTs (19% / ETA: 09:10)root 32079 32078 0 16:09 ? 00:00:00 openvassd (Loading Handler)# Wait until "openvassd: Reloaded is done".. and switches to "Waiting for ingcoming..."

# config and build manager

cd openvas-manager-* mkdir build cd build/ cmake .. make make doc-fullmake installcd /usr/local/src

# get scap feed

openvas-scapdata-sync

# get cert feed

openvas-certdata-sync

# create client cert..

openvas-mkcert-client -n -i

# Initialize the Database

openvasmd --rebuild --progress (This is going to take some time, pehaps time to get coffee?)

#create user

openvasmd --create-user=admin --role=Admin (write down the password)

# config and build cli

cd openvas-cli-*mkdir buildcd build/cmake ..makemake doc-fullmake installcd/usr/local/src

# configure and install gsa

cd greenbone-security-assistant-*mkdir buildcd build/cmake ..makemake doc-fullmake installcd/usr/local/src

如果提示缺失libmicrohttpd，我们来安装

cd /var/tmpwget http://ftpmirror.gnu.org/libmicrohttpd/libmicrohttpd-0.9.34.tar.gztar zxf libmicrohttpd-0.9.34.tar.gzcd libmicrohttpd-*./configuremakemakeinstall

然后重新继续上一步

# Start the all the stuff.

openvasmd --rebuild --progress openvasmdgsad --http-only

# check installation

wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup --no-check-certificatechmod 0755 openvas-check-setup./openvas-check-setup --v8 --server

This should be a working default installation of OpenVas 8.
To try is out, go to http://serverip and login with Admin and your generated password.

# If you want to have pdf reports and such, you can always install:

apt-get install texlive-full(this is not optimal thou, this installs a bunch of packets..)

# And some autostart script for ubuntu 14.04. and OpenVas8
# Nothing fancy, I took the init.d scripts from the debs for OpenVas5 and changed some stuff to make it work in the above setup.
# So all credits goes to the creators of the scripts that are mentioned in the scripts comments..
# This below downloads my modded init.d, default, logrotate.d scripts
# Unpack the tarball, copy the thingies to etc/
# Create the symlink to /var/log/openvas
# Create the symlinks for the autostart jobs..

cd /usr/local/srcwget http://www.mockel.se/wp-content/uploads/2015/04/openvas-startupscripts-v8.tar.gztar zxvfp openvas-startupscripts-v8.tar.gzcd openvas-startupscripts-v8cp etc/* /etc/ -arviupdate-rc.d openvas-manager defaultsupdate-rc.d openvas-scanner defaultsupdate-rc.d greenbone-security-assistant defaults