How to install and configure OpenVAS on Red Hat

Home > Search > How-to
  by

Install bzip2, nano, net-tools, anf wget. OpenVAS setup requires these tools.

[root@server1 ~]# yum install bzip2 nano net-tools wget

 

Enable the Atomicorp repository:

[root@server1 ~]# wget -q -O - http://www.atomicorp.com/installers/atomic |sh
[root@server1 ~]# yum -y upgrade

 

Install OpenVAS:

[root@server1 ~]# yum install openvas

 

Setup VAS:

[root@server1 ~]# openvas-setup


The server is now installed and ready for use.

 


On another computer in the LAN that has a Web browser, navigate to https://<ip address>:9392 to use the OpenVAS Web utility. If you are unable to connect:

  • Ensure OpenVAS is status running (service openvas status)
  • Ensure firewalld is not blocking the connection (service firewalld status)
  • Ensure iptables is not blocking the connection (service iptables status)
  • Use Nmap to determine if port 9392 is open

You will be prompted to enter the username and password that you created when running openvas-setup. Sign in. Try to scan a computer in the network.  An error will appear. To resolve the error, install redis:

[root@server1 ~]# yum install redis

 

Modify the redis.conf file:

  1. Type vi /etc/redis.conf and press enter
  2. Navigate to the bottom of the file
  3. Press i to switch to insert mode
  4. Place double-quotes around unixsocket /tmp/redis.sock (example: "unixsocket /tmp/redis.sock")
  5. Press esc to switch to command mode
  6. Press :w (to write the change)
  7. Press :q (to exit the vi editor)

 

Configure redis:

[root@server1 ~]# sed -i 's/enforcing/disabled/g' /etc/selinux/config /etc/selinux/config
[root@server1 ~]# systemctl enable redis.service
[root@server1 ~]# reboot

Scan using the command line.

The options are listed in help:

[root@server1 ~]# omp --help

 

Use the -g or --get-configs option to view the types of scans that can be done.

[root@server1 ~]# omp -u admin -w password -p 9390 -g
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Discovery
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx empty
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Full and fast
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Full and fast ultimate
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Full and very deep
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Full and very deep ultimate
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Host Discovery
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx System Discovery

 

Use the -T or --get-targets option to create a list of targets that can be scanned:

[root@server1 ~]# omp -u admin -w password -p 9390 -T
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Localhost
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Target for immediate scan of IP 192.168.0.30

 

  • Use the --create-task option to create a task
  • Use thme --name="name" option to give the new task a name
  • Use the --target="target" option to select a target PC (select a string from the --get-targets output)
  • Use the --config="config" option to select a config type (select a string from the --get-configs output)

Running this command will produce a new string, which is 123456789-1234-5678-9876-987654321 in this example. This is the unique ID number of the new task.

[root@server1 ~]# omp -u admin -w password -p 9390 --create-task --name="new_task" --target="xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx" --config="xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
123456789-1234-5678-9876-987654321

 

Use the --start-task option followed by the unique ID number of the task to start the task. The task will run.

[root@server1 ~]# omp -u admin -w password -p 9390 --start-task 123456789-1234-5678-9876-987654321

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments