Author: Martin Dvorsky
Greenbone Vulnerability Manager (formerly OpenVAS) is the most popular open source vulnerability scanner.
In this tutorial we will install, configure and prepare GVM v10 for use with CLI only.
OS: Debian 9.8.0
OpenVAS (scanner): 6.0
OpenVAS SMB: 1.0.5
sudo apt install -y git xmltoman doxygen gcc cmake pkg-config gcc-mingw-w64 libgnutls28-dev perl-base heimdal-dev libpopt-dev libglib2.0-dev libgpgme11-dev uuid-dev libssh-gcrypt-dev libhiredis-dev libpcap-dev bison libksba-dev libsnmp-dev libgcrypt20-dev libradcli-dev libldap2-dev clang-format libical-dev postgresql postgresql-contrib postgresql-server-dev-all xsltproc python3-pip redis-server gnutls-bin python3-paramiko python3-lxml python3-defusedxml haveged
Git clone and install following source codes from GitHub
Note: At the time of writing this article (10/2019) we weren’t successful in installing the latest versions (master branches) of following components. There were cross dependencies that were impossible to meet and according to developers at Greenbone community portal: “The master branch is used for development and could break at any time”, so we stayed away from that.
We used versions (branches) mentioned in the beginning of the article.
git clone -b <branch_name> <package_URL> cd <package_name> cmake . sudo make install
Install gvm-tools using pip3
pip3 install gvm-tools
Edit config file for Redis DB server /etc/redis/redis.conf
Change listening port to 0 (don’t listen, use Unix socket instead)
Enable Unix socket
unixsocket /tmp/redis.sock unixsocketperm 700
Edit systemd service file for Redis DB server /lib/systemd/system/redis-server.service
Don’t create separate file system namespace
Grant access to Unix socket (add line into [Service] section)
Reload service files
sudo systemctl daemon-reload
Restart Redis DB server
sudo systemctl restart redis-server.service
ls -l /tmp should give you sock file redis.sock
Update signatures (NVTs, SCAP data, CERT data)
greenbone-nvt-sync sudo greenbone-scapdata-sync sudo greenbone-certdata-sync
Create GVM admin account and change password
sudo gvmd --create-user=admin --role=Admin sudo gvmd --user=admin --new-password=V3ry$3cur3P@$$w0rd
(Optional) Modify OpenVAS scanner configuration
Config file for OpenVAS scanner by default doesn’t exists. You can check default configuration using command:
sudo openvas -s
If you want to modify any of this configuration (for example number of concurrently scanned vulnerabilities or hosts), use the following command and then edit the created file:
sudo openvas -s > /usr/local/etc/openvas/openvas.conf
Enable GVMD and OpenVAS scanner services and start them:
sudo systemctl enable openvas.service sudo systemctl enable gvmd.service sudo systemctl start openvas.service sudo systemctl start gvmd.service
Signatures are now probably loading (check using ps -ef). Loading SCAP data can take more than one hour. After the loading is complete, restart the system and enjoy GVM.
(Optional) Web GUI
For Web GUI you will need Greenbone Security Assistant (GSA) and probably a few dependencies (not tested).