Vulnerability Assessment Using OpenVAS
OpenVAS (Open Vulnerability Assessment System) is a network security scanner that includes a central server and a graphical user front-end. It’s core component is the server, with a set of network vulnerability tests (NVTs), written in the Nessus Attack Scripting Language (NASL), which OpenVAS updates frequently. The NVT’s detect security problems in remote systems and applications.
Installation and Configurations:
OpenVAS needs four major components installed at the server end:
This is the core component of OpenVAS, which provides the functionality of scanning a large number of target servers at a high speed.
This module contains the functionalities that are used by the OpenVAS-Server.
The NVT’s are written in the “Nessus Attack Scripting Language” (NASL). This module contains the functionalities required by OpenVAS-Server to interface with NASL.
This module contains a base set of NVT’s. And then, we also need an OpenVAS Client to access the Open VAS server and run the scans.
Before installing the OpenVAS-Server package, the following components should be installed in sequence:
You can install the packages either from source or using RPM’s. Let us proceed with rpm based installation.
Packages for RPM-Based Distributions are available at unofficial repositories that can be found at
On a Centos 5.2 machine, with a 32 bit processor, you can use the following steps to install the packages.
[root@ipareplica ~]#wget http://www.atomicorp.com/channels/atomic/centos/5/i386/RPMS/ openvas-libraries-2.0.2-1.el5.art.i386.rpm [root@ipareplica ~]#rpm -ivh openvas-libraries-2.0.2-1.el5.art.i386.rpm [root@ipareplica ~]#wget http://www.atomicorp.com/channels/atomic/centos/5/i386/RPMS/ openvas-libnasl-2.0.1-1.el5.art.i386.rpm [root@ipareplica ~]#rpm -ivh openvas-libnasl-2.0.1-1.el5.art.i386.rpm [root@ipareplica ~]#wget http://www.atomicorp.com/channels/atomic/centos/5/i386/RPMS/ openvas-plugins-1.0.5-2.el5.art.i386.rpm [root@ipareplica ~]#rpm -ivh openvas-plugins-1.0.5-2.el5.art.i386.rpm [root@ipareplica ~]#wget http://www.atomicorp.com/channels/atomic/centos/5/i386/RPMS/ openvas-server-2.0.1-1.el5.art.i386.rpm [root@ipareplica ~]#rpm -ivh openvas-server-2.0.1-1.el5.art.i386.rpm
After installing the OpenVAS-Server, some additional steps are to be done to get your OpenVAS installation up and running.
Generating a Server Certificate:-
If the machine that the OpenVAS-Server is running on, does not have a certificate, we have to generate this for the communication between the OpenVAS server and the client.
You can create an OpenVAS Server SSL certifcate as follows:
Creation of the OpenVAS SSL Certificate
This script will now ask you for the relevant information required to create the SSL certificate of OpenVAS. Note that this information will *NOT* be sent to anybody (everything stays local). However, anyone with the ability to connect to your OpenVAS daemon will be able to retrieve this information. CA certificate life time in days : Server certificate life time in days : Your country (two letter code) [FR]: Your state or province name [none]: Your location (e.g. town) [Paris]: London Your organization [OpenVAS Users United]:
Creation of the OpenVAS SSL Certificate
Congratulations. Your server certificate was properly created. /etc/openvas/openvasd.conf updated The following files were created: . Certification authority: Certificate = /var/lib/openvas/CA/cacert.pem Private key = /var/lib/openvas/private/CA/cakey.pem . OpenVAS Server : Certificate = /var/lib/openvas/CA/servercert.pem Private key = /var/lib/openvas/private/CA/serverkey.pem Press [ENTER] to exit
Adding New Users
In order to use an OpenVAS server, a client should have a proper user account on the server. The OpenVAS-Server package provide the openvas-adduser script which helps to simplify the creation of user accounts. Using this script, you can specify whether the user should use a password or a certificate to authenticate himself and also optionally restrict the access rights of the user.
Restricted access rights comes to be useful when you need to prevent users from scanning arbitrary hosts or networks. Rules can be specified to restrict an user to certain hosts or subnets and even prevent them from scanning any host, but his own.
The following is the correct syntax for user rules:
accept|deny ip/mask (mask is the CIDR netmask of the rule) and default accept|deny
The default statement is to be the last rule and this defines the policy for the user.
[root@ipareplica rpms]# openvas-adduser Using /var/tmp as a temporary file holder. Add a new openvasd user --------------------------------- Login : bob1 Authentication (pass/cert) [pass] : Login password : Login password (again) : User rules --------------- openvasd provides a rules system that allows you to restrict the hosts that bob1 has the right to test. For instance, you can make him able to scan his own host only. Enter the rules for this user, and hit ctrl-D once you are done: (the user can have an empty rules set) default accept Login : bob1 Password : *********** Rules : default accept Is that ok? (y/n) [y] y user added.
To remove a user at a later time use,
[root@ipareplica rpms]# openvas-rmuser <username>
To make changes to the default OpenVAS-Server configuration, you need to do it in the configuration file which is located at: /etc/openvas/openvasd.conf.
Configuring NVT Feeds
An OpenVAS NVT Feed Service presents you with a set of NVT’s (i.e. “.nasl” and “.inc” files). These can be downloaded into your OpenVAS server installation.
In order to synchronize your NVT repository with an OpenVAS NVT Feed, you can use the script /usr/sbin/openvas-nvt-sync, which requires the RSYNC and md5sum tools installed.
You can invoke the script as follows:
[root@ipareplica rpms]# openvasd -D
Installing and Configuring OpenVAS-Client
Download and install the OpenVAS-Client using the steps below:
[root@ipareplica rpms]#wget http://www.atomicorp.com/channels/atomic/centos/5/i386/RPMS/ openvas-client-2.0.2-1.el5.art.i386.rpm [root@ipareplica rpms]#rpm -ivh openvas-client-2.0.2-1.el5.art.i386.rpm
To start the OpenVAS Client, use the command below:
[root@ipareplica rpms]OpenVAS-Client &
This will launch the Graphical User Interface, from where you can connect to the server, retrieve the available plugins and do the scan.
The main window of OpenVAS-Client is divided into two main sections. On the left-hand side is the tree list which gives you an overview of the locally stored tasks, scopes and reports. On the right-hand side is a notebook with space for comments, options and reports. This is where a security scan can be configured, commented upon and where it’s result can be reviewed.
Common Terms used:
Tasks are meant to cover all activities of a major topic.
A scope is seen as a sub-task. It defines a certain security scan and a connection to an OpenVAS server is established within the context of a specific scope. If a scope is connected to the server, a scan that is based on the settings for this scope can be executed. An icon that is present to the right of the scope title provides the connection status of the scope. This means that a task can contain a selection of scopes, which connect to different OpenVAS servers with different plugins.
When a scope is successfully executed, a report of the scan is generated and added to its list of reports.
In order to connect to the server, click Connect under the File menu or use the “Connect” icon. Enter your username and password that was just created to logon to the OpenVAS Server.
Now, the OpenVAS-Client is capable of handling multiple connections to different servers. Each scope has a connection of its own. Also, the global settings can be connected to an OpenVAS server in order to define a set of default plugin selections and plugin parameters. It should be noted that only explicitly saved Global Settings are used as defaults for new scopes.
OpenVas is indeed a great tool and alternative for the well known Nessus Vulnerability Assesment Scanner. It currently runs only on Linux platform, but you can run the client on Windows XP with SP2 machines.
So, try it now to secure your network!!!
About the Author :
Jitha K, works as a Senior Software Engineer in Bobcares. Ever since she joined Bobcares, Jitha primarily works on administering Linux servers and is a technical specialist when it comes to various control panels. She has interests towards installation and configuration of new systems and customizing them for specific requirements. Apart from that, she is passionate about music and movies.