Deploy OpenVAS Vulnerability Detection System

OpenVAS is an open vulnerability assessment tool used to detect the security of the target network or host. Similar to the X-Scan tool of security focus, OpenVAS uses some open plug-ins earlier than Nessus. OpenVAS can work based on the C/S (Client/Server) and B/S (Browser/Server) architecture. The administrator can issue scanning tasks through a browser or a dedicated client program, server-side load authorization, perform scan operations and provide scan results.

A complete OpenVAS system includes multiple components on the server and client. For example:

1. server layer components (recommended for installation)

Openvas-scanner: Used to call various Vulnerability Detection plug-ins to complete the actual scanning operations.

Openvas-manager: allocates scan tasks and generates evaluation reports based on scan results.

Openvas-administrator: Manages configuration information and user authorization.

2. Customer layer components (choose one of them)

Openvas-cli: provides access to the OpenVAS service layer program from the command line.

Greenbone-security-assistant (installation assistant): provides web interfaces for accessing the OpenVAS service layer to facilitate scanning tasks through a browser.

Greenbone-Desktop-Suite: Provides graphical program interfaces for accessing the OpenVAS service layer, mainly in Windows clients.

 

In addition to the above components, there is also a core link, that is, the vulnerability test plug-in update. There are two sources of plug-ins in the OpenVAS system: 1. NVT free plug-ins officially provided; 2. Greenbone Sec commercial plug-ins.

 

Build OpenVAS Server

Before installing various components of OpenVAS, a series of dependent software packages must be installed in advance, some of which can be found on the system disc, and others must be downloaded. If the host on which the OpenVAS service is to be deployed can access the Internet, we recommend that you use the online installation method recommended on the official website (http://www.openvase.org/) for automatic dependency resolution; otherwise, download the required software package for offline installation (this document will be used as an example later ).

Note: This article focuses on RHEL5.5 systems. If you are using a non-RHEL5.5 system, the installed software is also different, so do not install it blindly.

1. Install the basic dependency package

Attach the software package to the system disk and install all the software packages listed below (written in one name for execution). If any dependency is prompted, install the corresponding software package as prompted.

2. Download and install other dependent packages

Download all dependent packages listed in the following code from the OpenVAS official website or http://www.atomicorp.com/and install them using the rpmcommand.

3. download and install the OpenVAS package

Download all the packages listed on the OpenVAS official website or http://www.atomicorp.com/and use the rpmcommand to install them.

4. Confirm the installation result.

After the installation is complete, run the following operations to view related programs, service scripts, configuration files, and log files.

5. Start the OpenVAS service component.

According to the operating structure of the OpenVAS system, you need to start three service layer components, ghost Scanner, Manager, administrator, and Greebone Security Assistant, a customer layer component that provides Web interfaces.

Start service layer components

System Service openvase-manager. Openvas-example is generally automatically enabled after installation, and another system service openvas-administrator needs to be manually enabled. The manager listening port is 9390, the manager listening port is 9391, and the administrator listening port is 9393.

Enable customer layer components

The system service corresponding to the Greenbone installation assistant is gsad, which is usually started automatically. By default, it only listens to the service on port 9392 of the IP address 127.0.0.1. R. If you want to access from other hosts in the network, we recommend that you change the listening address to the actual available IP address, or change it to 0.0.0.0 before starting the service.

[Root @ localhost/] # vim/etc/sysconfig/gsad

GSA_ADDRESS = 0.0.0.0

GSA_PORT = 9392

Some content is omitted.

[Root @ lcoalhost/] # service gsad restart

In addition, when you view the scan report in a browser, Openvas is executed as a nobody user by default, and may fail due to the nobody logon shell problem in Linux. Change/sbin/nologin of the nobody user's logon shell to/bin/bash to avoid this fault.

[Root @ locahost/] # usermod-s/bin/bash nobody

6. Obtain the scanning plug-in

Openvas provides a script named openvas-nvt-sync, which can be used to update plug-ins online. If the server can access the official website, directly execute this script for updates. This article copies the downloaded plug-in to the openvas System for offline installation. After installing the plug-in, restart the openvas-plugin service. It may take a long time. Please wait.

7. Add scan users

Openvas users include common users and administrator users. In addition to authorized scanning permissions, administrators can manage openvas system settings, evaluation reports, and configuration information.

Add an admin user to perform copper leakage detection for hosts in the 192.168.1.0/24,192.168 .2.0/24 CIDR blocks. If you press Ctrl + D to submit the confirmation without setting the rule, the user is unrestricted by default (any target can be scanned), and then enter yes to confirm.

To upgrade an admin user to an administrator user, you only need to copy an isadmin switch file to the directory of a common user.

[Root @ localhost/] # touch/var/lib/openvas/users/admin/isadmin

To delete a user, run the "openvas-rmuser" command. The syntax is "openvas-rmuser username ".

At this moment, even if the Openvas vulnerability detection system is deployed, you only need to enable the scan task to scan the target host. So how do we perform scanning? Please look down!

 

Perform a copper Leak Scan task

1. Connect to the Openvas Server

In the client, use a browser to connect to the gsad Service (Port 9392) of the openvas system. If you use the Greenbone desktop suite program, connect to the openvas-manager Service (Port 9390 ). The Greenbone desktop kit has similar operation ideas and methods.

By default, gsad provides web access interfaces based on the HTTPS protocol. Therefore, you must use the URL strength of "https: //..." and specify the gsad service port number to view the logon portal. For example:

After logging on to the specified scan user admin, you will be directed to the main operation interface of the Greenbone Security Assistant. Note: the system time between the client and the server cannot be too long; otherwise, the logon may fail. For example:

2. Define scan targets

Targets link in the left-side navigation pane of the standalone, enter the Target host name, IP address, and other information to be evaluated in the form on the right, and then click "Create Target. For example, you can define the scan target.

3. Create a scan task

Click the New Task link in the left-side Scan Management navigation bar, set the Task name in the right form, Scan the target, and Scan the "Full and fast" Scan configured by default, click "Create Task" to Create a new scan Task. For example:

4. Scan

To perform a scan, you only need to click the start button.

5. View scan results

To view the scan result, you only need to click the View button.