Installing the OpenVAS vulnerability scanner on Debian

OpenVAS describes itself as “The world’s most advanced Open Source vulnerability scanner and manager”.

Installing the OpenVAS vulnerability scanner on Debian (as of this writing the current stable release of Debian is version 7 “Wheezy”) is fairly straightforward.

You can just follow the directions here:
openvas.org: Quick-Setup and Quick-Start OpenVAS-6 Packages: OpenVAS for Debian via OBS

By following these instructions you will install and run the administrative web interface called Greenbone Security Assistant which is accessible via https at port 9392.

When you log in to the interface there are various tabs available for tasks and options for scanning, configuration, and administration of OpenVAS. Under the SecInfo (i.e. Security Info) tab there is an option NVTs which stands for Network Vulnerability Tests. Your installation of OpenVAS should periodically sync itself with feed.openvas.org:/nvt-feed using the rsync protocol to maintain the latest updated vulnerability tests. This is also what the command openvas-nvt-sync does.

However, when selecting the NVTs option under the SecInfo tab, I was getting an error that said “warning: secinfo database missing” and could not find any information on how to fix the issue until I saw this post.

Using that information, my solution was to do the following. This requires the command-line browser links to be installed:

(apt-get install links)
mkdir /usr/local/src/openvas
cd /usr/local/src/openvas
links https://it-nuggets.net/2014/08/23/openvas-installation-debian-wheezy

Now in links press the down arrow to highlight each of the three files he mentions, cert_db_init.sql, dfn_cert_getbyname.xsl, and dfn_cert_update.xsl. With each one highlighted in links press the “d” key to download the file. Do this for all three files. (Note: these three files are linked from the SVN trunk page for the OpenVAS project at https://scm.wald.intevation.org/svn/openvas/trunk/openvas-manager/tools/)

Then create the directory /usr/share/openvas/cert and move the files there then run the openvas-certdata-sync command.

Now when you browse to the NVTs link under the SecInfo tab in Greenbone Security Assistant you’ll be able to view all the vulnerability tests that are available (as of this writing there are 32,762 available!). You can use the Filter: box to search for particular filters or change the default “sort-reverse=created rows=10 first=1” to something like “sort-reverse=created rows=200 first=1” to list the first 200.

After running a quick scan of a host you will see the scan listed under “Immediate scan of IP ….” under the Name column. If you click on that, or click on the little purple magnifying glass icon under the Actions column, it will take you to a page with information about that Task. A task is not just a one-time thing, its something that can (and usually should at periodic intervals) be run again.

At the bottom of the Task page is the Reports section. Under the Actions column in the Reports section click the little purple magnifying glass icon to see the Details of that scan. Here you will see the actual scan report which includes highly valuable security information and usually recommendations on how to alleviate any vulnerabilities that are found. This is what OpenVAS is all about: getting detailed information about security threats so that they can be mitigated.

According to the Wikipedia page “All OpenVAS products are Free Software.”