Bootstrap FreeKB - OpenVAS - Install OpenVAS on Red Hat
OpenVAS - Install OpenVAS on Red Hat

Updated:   |  OpenVAS articles

Install bzip2, nano, net-tools, anf wget. OpenVAS setup requires these tools.

[root@server1 ~]# yum install bzip2 nano net-tools wget

 

Enable the Atomicorp repository:

[root@server1 ~]# wget -q -O - http://www.atomicorp.com/installers/atomic |sh
[root@server1 ~]# yum -y upgrade

 

Install OpenVAS:

[root@server1 ~]# yum install openvas

 

Setup VAS:

[root@server1 ~]# openvas-setup


The server is now installed and ready for use.

 

On another computer in the LAN that has a Web browser, navigate to https://<ip address>:9392 to use the OpenVAS Web utility. If you are unable to connect:

  • Ensure OpenVAS is status running (service openvas status)
  • Ensure firewalld is not blocking the connection (service firewalld status)
  • Ensure iptables is not blocking the connection (service iptables status)
  • Use Nmap to determine if port 9392 is open

You will be prompted to enter the username and password that you created when running openvas-setup. Sign in. Try to scan a computer in the network.  An error will appear. To resolve the error, install redis:

[root@server1 ~]# yum install redis

 

Modify the redis.conf file:

  1. Type vi /etc/redis.conf and press enter
  2. Navigate to the bottom of the file
  3. Press i to switch to insert mode
  4. Place double-quotes around unixsocket /tmp/redis.sock (example: "unixsocket /tmp/redis.sock")
  5. Press esc to switch to command mode
  6. Press :w (to write the change)
  7. Press :q (to exit the vi editor)

 

Configure redis:

[root@server1 ~]# sed -i 's/enforcing/disabled/g' /etc/selinux/config /etc/selinux/config
[root@server1 ~]# systemctl enable redis.service
[root@server1 ~]# reboot

Scan using the command line.

The options are listed in help:

[root@server1 ~]# omp --help

 

Use the -g or --get-configs option to view the types of scans that can be done.

[root@server1 ~]# omp -u admin -w password -p 9390 -g
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Discovery
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx empty
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Full and fast
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Full and fast ultimate
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Full and very deep
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Full and very deep ultimate
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Host Discovery
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx System Discovery

 

Use the -T or --get-targets option to create a list of targets that can be scanned:

[root@server1 ~]# omp -u admin -w password -p 9390 -T
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Localhost
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Target for immediate scan of IP 192.168.0.30

 

  • Use the --create-task option to create a task
  • Use thme --name="name" option to give the new task a name
  • Use the --target="target" option to select a target PC (select a string from the --get-targets output)
  • Use the --config="config" option to select a config type (select a string from the --get-configs output)

Running this command will produce a new string, which is 123456789-1234-5678-9876-987654321 in this example. This is the unique ID number of the new task.

[root@server1 ~]# omp -u admin -w password -p 9390 --create-task --name="new_task" --target="xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx" --config="xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
123456789-1234-5678-9876-987654321

 

Use the --start-task option followed by the unique ID number of the task to start the task. The task will run.

[root@server1 ~]# omp -u admin -w password -p 9390 --start-task 123456789-1234-5678-9876-987654321

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter f228da in the box below so that we can be sure you are a human.