Install bzip2, nano, net-tools, anf wget. OpenVAS setup requires these tools.
[root@server1 ~]# yum install bzip2 nano net-tools wget
Enable the Atomicorp repository:
[root@server1 ~]# wget -q -O - http://www.atomicorp.com/installers/atomic |sh
[root@server1 ~]# yum -y upgrade
Install OpenVAS:
[root@server1 ~]# yum install openvas
Setup VAS:
[root@server1 ~]# openvas-setup
The server is now installed and ready for use.
On another computer in the LAN that has a Web browser, navigate to https://<ip address>:9392 to use the OpenVAS Web utility. If you are unable to connect:
- Ensure OpenVAS is status running (service openvas status)
- Ensure firewalld is not blocking the connection (service firewalld status)
- Ensure iptables is not blocking the connection (service iptables status)
- Use Nmap to determine if port 9392 is open
You will be prompted to enter the username and password that you created when running openvas-setup. Sign in. Try to scan a computer in the network. An error will appear. To resolve the error, install redis:
[root@server1 ~]# yum install redis
Modify the redis.conf file:
- Type vi /etc/redis.conf and press enter
- Navigate to the bottom of the file
- Press i to switch to insert mode
- Place double-quotes around unixsocket /tmp/redis.sock (example: "unixsocket /tmp/redis.sock")
- Press esc to switch to command mode
- Press :w (to write the change)
- Press :q (to exit the vi editor)
Configure redis:
[root@server1 ~]# sed -i 's/enforcing/disabled/g' /etc/selinux/config /etc/selinux/config
[root@server1 ~]# systemctl enable redis.service
[root@server1 ~]# reboot
Scan using the command line.
The options are listed in help:
[root@server1 ~]# omp --help
Use the -g or --get-configs option to view the types of scans that can be done.
[root@server1 ~]# omp -u admin -w password -p 9390 -g
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Discovery
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx empty
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Full and fast
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Full and fast ultimate
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Full and very deep
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Full and very deep ultimate
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Host Discovery
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx System Discovery
Use the -T or --get-targets option to create a list of targets that can be scanned:
[root@server1 ~]# omp -u admin -w password -p 9390 -T
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Localhost
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx Target for immediate scan of IP 192.168.0.30
- Use the --create-task option to create a task
- Use thme --name="name" option to give the new task a name
- Use the --target="target" option to select a target PC (select a string from the --get-targets output)
- Use the --config="config" option to select a config type (select a string from the --get-configs output)
Running this command will produce a new string, which is 123456789-1234-5678-9876-987654321 in this example. This is the unique ID number of the new task.
[root@server1 ~]# omp -u admin -w password -p 9390 --create-task --name="new_task" --target="xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx" --config="xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
123456789-1234-5678-9876-987654321
Use the --start-task option followed by the unique ID number of the task to start the task. The task will run.
[root@server1 ~]# omp -u admin -w password -p 9390 --start-task 123456789-1234-5678-9876-987654321
Did you find this article helpful?
If so, consider buying me a coffee over at 