Why is OpenVAS so necessary to install on centos 7?

Server security is a key factor in the hosting industry. There are many tools available that help us to ensure the proper level of security to our servers. One of them that can protect the server from unauthenticated access is the Open Vulnerability Assessment System

In this article, we discuss how we support our customers to install OpenVAS as part of our Server Management Services.

What is the OpenVAS Vulnerability Scanner?

OpenVAS is a vulnerability scanner that is provided by Greenbone Networks. It has many built-in tests used to find any vulnerability on the server.

Also, it has a specially designed Web interface that is capable of setting up and running vulnerability scans fastly.

Moreover, OpenVAS has the following features.

1. Unauthenticated testing and authenticated testing.
2. Various high level and low-level Internet and industrial protocols.
3. Performance tuning for large-scale scans.

How we install OpenVAS on CentOS

Here, let see how our Support Engineers install OpenVAS on CentOS.

Before getting into the installation procedure, we ensure that the following requirements set up with the server.

• Disable SELinux.
• Permit TCP port 9392, 443 and 80.

1. After that, we download a script by using the following command.

wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh

2. Then, we clear YUM and install OpenVAS with the following command

yum clean all

yum install openvas

4. After that, we start the OpenVAS setup and follow the prompts.

openvas-setup

5. Next, we configure the admin user.

openvasmd --user=admin --new-password=MySecretPassword

6. Also, we set the NVT signature check value from “YES to No” in /etc/openvas/openvassd.conf.

nasl_no_signature_check = no

6. Finally, we restart the following services too.

systemctl enable redis
systemctl enable gsad
systemctl enable gvmd
systemctl enable openvas-manager
systemctl enable openvas-scanner

systemctl restart redis
systemctl restart gsad
systemctl restart gvmd
systemctl restart openvas-manager
systemctl restart openvas-scanner

That’s it!.

Now, we can access OpenVAS via https://localhost:9392 or https://localhost with the username and password that we’ve previously set.

Install OpenVAS on CentOS – Common errors and fix

Now, let’s see the major reasons for OpenVAS error and how our  Support Engineers fix the top errors.

Problem with Redis

Often, many customers face an error after installing the OpenVAS on the system.

This is mainly due to a failure to start the Open Vulnerability Assessment System Scanner Daemon. Also,  when checks the status, it looks like,

It shows that openvas-scanner doesn’t communicate with Redis.

So, we recreate the/var/run/redis-openvas/redis-server.sock file to solve the error.

mv /var/run/redis-openvas/redis-server.sock redis-server.sock.bk

touch /var/run/redis-openvas/redis-server.sock

Finally, we restart the openvas-scanner.

systemctl restart openvas-scanner

The service has been activated now.

NVT collection

Mostly, the script openvas-setup causes errors at the end of the NVT downloading. And, the log shows the below error.

(openvassd:2272): lib kb_redis-CRITICAL **: get_redis_ctx: redis connection error: No such file or directory. openvassd: no process found

(openvassd:2272): lib kb_redis-CRITICAL **: redis_new: cannot access redis at '/var/run/redis/redis.sock'

Luckily, we have a command like openvas-check-setup to see what component is causing this error.  Also, it gives a detailed description of the error.

ERROR: The number of NVTs in the OpenVAS Manager database is too low.
FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT collection and run 'openvasmd --rebuild'.

Therefore, rebuilding the NVT collection solve the error.

openvasmd --rebuild

[Need assistance to manage OpenVAS? We’ll help you.]

Conclusion

In short, OpenVAS is a vulnerability scanner that helps to protect the server from unauthenticated accesses. Today, we saw how our Support Engineers install OpenVAS on CentOS 7 and fix the related errors.