Sunday, April 11, 2010

Installing OpenVAS 3.0.x on Ubuntu Linux...

This is a follow-up to my earlier article on Installing OpenVAS 2.0.x on Ubuntu Linux...

Updating your Ubuntu Setup

Before we begin, it is best that we update our Ubuntu libraries and applications to the latest versions by typing the following in a terminal:

sudo apt-get update
sudo apt-get upgrade


Installing the libraries that OpenVAS uses

Once you have updated your machine, we will need to install the following libraries and applications to compile and install OpenVAS. Again, in the terminal:

sudo apt-get install cmake build-essential libgtk2.0-dev libglib2.0-dev libssl-dev htmldoc libgnutls-dev libpcap0.8-dev bison libgpgme11-dev libsmbclient-dev snmp pnscan


Downloading the source code and compiling them

Now that the machine is ready to work with the OpenVAS sources, you then need to download the following source codes from the OpenVAS website. You can find the sources at URL http://wald.intevation.org/frs/?group_id=29

Download the latest version of the following:

openvas-libraries (latest v3.0.x, I used 3.0.4)
openvas-scanner (latest v3.0.x, I used 3.0.2)
openvas-client (latest v3.0.x, I used 3.0.0)

You will need to install OpenVAS in the above listed order. To install each component, you will need to do the following:

tar -zxvf [filename of .tar.gz file]
cd [sub-folder of same name as .tar.gz file]
./configure
make
sudo make install
cd ..

If you are using the 64-bit version of Ubuntu, you may get an error message ("/usr/bin/ld: cannot find -lcrypto") when you 'make' the openvas-client. You can fix this by typing:

sudo ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so

Once all three components are compiled and installed, you will then need to let Ubuntu know about the new libraries you have just compiled before the can be used by typing in:

sudo ldconfig -v


First time OpenVAS users

For the first time use of OpenVAS, you will need to create a new cert and add in the first user that can login into the OpenVAS server by running both:

sudo openvas-mkcert
sudo openvas-adduser


Updating the latest plug-ins

Periodically (I usually run it once every day, or just before I am about to use OpenVAS), you will need to update the plugins that OpenVAS uses to detect newer vulnerabilities which are found everyday. You can do that by typing:

sudo openvas-nvt-sync

Note: There is a bug in the update script and you will get an error message (as of today, 11-Apr-2010). A quick look at the OpenVAS forums showed a typo made by one of the developers and the way to fix this is do the following (in a terminal):

gksu gedit /usr/local/sbin/openvas-nvt-sync

Search for the string (my script had it on line 63):

SYNC_TMP_DIR='mktemp -d openvas-nvt-sync'

and change it to:

SYNC_TMP_DIR='mktemp -d openvas-nvt-sync.XXXXXXXXXX -t'

To start the OpenVAS server, activate the server by typing in:

sudo openvassd

And running the OpenVAS client by typing:

sudo OpenVAS-Client

If you want to learn or know more about OpenVAS, visit them at http://www.openvas.org/

Note: Tested on Ubuntu 9.10, and I assume you are doing all this with user access (that is why, some root only commands have the "sudo" command in front of them) and am running the kernel in i386 (32-bit) mode. Also, as I did not test this on a 64-bit system, the 64-bit only error/solution mentioned in my article comes from the forums and I have not tested them myself.

No comments:

Post a Comment