26. JUN, 2009 CATEGORIES: TOOLS BY ADMIN VIEW COMMENTS
This guide is the second in a 3 part series. Part 1 covers the Installation of Nessus 4 on the Jaunty Jackalope – Ubuntu 9.04. Part 2 is the installation of OpenVas 2 on Ubuntu 9.04 and Part 3 will be a show down between the two vulnerability scanners. A full review with comparison scan results from a number of sample systems. Nessus is a commercial product from Tenable while OpenVas is an open source product that branched from the original Nessus open source project releasing version 1.0 in August 2008.
This guide will cover the installation of the following OpenVas components on Ubuntu 9.04 (Jaunty Jackalope). While specific to 64bit, other versions of Ubuntu should have no trouble with the following steps.
apt-get install build-essential libgtk2.0-dev libglib2.0-dev libssl-dev htmldoc libgnutls-dev libpcap0.8-dev bison libgpgme11-dev libsmbclient-dev snmp pnscan
wget http://wald.intevation.org/frs/download.php/595/openvas-client-2.0.4.tar.gz
wget http://wald.intevation.org/frs/download.php/561/openvas-libnasl-2.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/600/openvas-libraries-2.0.3.tar.gz
wget http://wald.intevation.org/frs/download.php/607/openvas-manager-0.6.1.tar.gz
wget http://wald.intevation.org/frs/download.php/588/openvas-plugins-1.0.7.tar.gz
wget http://wald.intevation.org/frs/download.php/593/openvas-server-2.0.2.tar.gz
As stated in the docs, the components you have downloaded should now be installed in the following order:
1. openvas-libraries
2. openvas-libnasl
3. openvas-server
4. openvas-plugins
tar zxvf openvas-libraries-2.0.3.tar.gz
cd openvas-libraries-2.0.3
./configure
makeGuide to OpenVas on Ubuntu 9.04
make install
openvas-libraries has been sucessfully installed.
Make sure that /usr/local/bin is in your PATH before you
continue
Be sure to add /usr/local/lib in /etc/ld.so.conf and type ‘ldconfig’
Ubuntu is already good to go with these so move onto the libnasl
tar zxvf openvas-libnasl-2.0.1.tar.gz
cd openvas-libnasl-2.0.1
./configure
make
make install
Guide to OpenVas on Ubuntu 9.04
tar zxvf openvas-server-2.0.2.tar.gz
cd openvas-server-2.0.2
./configure
make
make install
tar zxvf openvas-plugins-1.0.7.tar.gz
cd openvas-plugins-1.0.7
./configure
make
make install
tar zxvf openvas-client-2.0.4.tar.gz
cd openvas-client-2.0.4
./configure
make
make install
Type:
ldconfig
Create an SSL certificate for the openvas server:
openvas-mkcert
Create a user account on the openvas server:
openvas-adduser
Update your plugins:
openvas-nvt-sync
Start the server:
openvasd -D
Running from a server (no gui) works well and thats how we do it here at (HT). To run a scan you need to create a text file with your target IP’s or ranges.
Guide to OpenVas on Ubuntu 9.04
echo “192.168.1.100″ >> iptoscan.txt
OpenVAS-Client –help
Usage:
OpenVAS-Client [OPTION…] – client for the OpenVAS security scanner
Help Options:
-?, –help Show help options
–help-all Show all help options
–help-gtk Show GTK+ Options
Application Options:
-v, –version Display version information
-n, –no-pixmap No pixmaps
-q, –batch-mode= Batch-mode scan
-c, –config-file=<.rcfile> Configuration file
-T, –output-type=[nbe|html|text|xml|tex] Output format
-V, –verbose Display statGuide to OpenVas on Ubuntu 9.04us messages in batch mode
-p, –list-plugins Obtain list of plugins installed on the server
-P, –list-prefs Obtain list of server and plugin preferences
-i, –in-report= Input file (report conversion)
-o, –out-report= Output file (report conversion)
-x, –dont-check-ssl-cert Override SSL “paranoia” question preventing OpenVAS-Client from checking certificates
-S, –sqlize-output Issue SQL output for -p and -P (experimental)
-s, –list-sessions= List sessions
-R, –restore-session= Restore session
–display=DISPLAY X display to use
OpenVAS-Client -q 127.0.0.1 1241 admin password iptoscan.txt scanresults.html -T html
Well the server is not listeGuide to OpenVas on Ubuntu 9.04ning here so a quick cGuide to OpenVas on Ubuntu 9.04
26. JUN, 2009 CATEGORIES: TOOLS BY ADMIN VIEW COMMENTS
This guide is the second in a 3 part series. Part 1 covers the Installation of Nessus 4 on the Jaunty Jackalope – Ubuntu 9.04. Part 2 is the installation of OpenVas 2 on Ubuntu 9.04 and Part 3 will be a show down between the two vulnerability scanners. A full review with comparison scan results from a number of sample systems. Nessus is a commercial product from Tenable while OpenVas is an open source product that branched from the original Nessus open source project releasing version 1.0 in August 2008.
This guide will cover the installation of the following OpenVas components on Ubuntu 9.04 (Jaunty Jackalope). While specific to 64bit, other versions of Ubuntu should have no trouble with the following steps.
apt-get install build-essential libgtk2.0-dev libglib2.0-dev libssl-dev htmldoc libgnutls-dev libpcap0.8-dev bison libgpgme11-dev libsmbclient-dev snmp pnscan
wget http://wald.intevation.org/frs/download.php/595/openvas-client-2.0.4.tar.gz
wget http://wald.intevation.org/frs/download.php/561/openvas-libnasl-2.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/600/openvas-libraries-2.0.3.tar.gz
wget http://wald.intevation.org/frs/download.php/607/openvas-manager-0.6.1.tar.gz
wget http://wald.intevation.org/frs/download.php/588/openvas-plugins-1.0.7.tar.gz
wget http://wald.intevation.org/frs/download.php/593/openvas-server-2.0.2.tar.gz
As stated in the docs, the components you have downloaded should now be installed in the following order:
1. openvas-libraries
2. openvas-libnasl
3. openvas-server
4. openvas-plugins
tar zxvf openvas-libraries-2.0.3.tar.gz
cd openvas-libraries-2.0.3
./configure
make
make install
openvas-libraries has been sucessfully installed.
Make sure that /usr/local/bin is in your PATH before you
continue
Be sure to add /usr/local/lib in /etc/ld.so.conf and type ‘ldconfig’
Ubuntu is already good to go with these so move onto the libnasl
tar zxvf openvas-libnasl-2.0.1.tar.gz
cd openvas-libnasl-2.0.1
./configure
make
make install
tar zxvf openvas-server-2.0.2.tar.gz
cd openvas-server-2.0.2
./configure
make
make install
tar zxvf openvas-plugins-1.0.7.tar.gz
cd openvas-plugins-1.0.7
./configure
make
make install
tar zxvf openvas-client-2.0.4.tar.gz
cd openvas-client-2.0.4
./configure
make
make install
Type:
ldconfig
Create an SSL certificate for the openvas server:
openvas-mkcert
Create a user account on the openvas server:
openvas-adduser
Update your plugins:
openvas-nvt-sync
Start the server:
openvasd -D
Running from a server (no gui) works well and thats how we do it here at (HT). To run a scan you need to create a text file with your target IP’s or ranges.
echo “192.168.1.100″ >> iptoscan.txt
OpenVAS-Client –help
Usage:
OpenVAS-Client [OPTION…] – client for the OpenVAS security scanner
Help Options:
-?, –help Show help options
–help-all Show all help options
–help-gtk Show GTK+ Options
Application Options:
-v, –version Display version information
-n, –no-pixmap No pixmaps
-q, –batch-mode= Batch-mode scan
-c, –config-file=<.rcfile> Configuration file
-T, –output-type=[nbe|html|text|xml|tex] Output format
-V, –verbose Display status messages in batch mode
-p, –list-plugins Obtain list of plugins installed on the server
-P, –list-prefs Obtain list of server and plugin preferences
-i, –in-report= Input file (report conversion)
-o, –out-report= Output file (report conversion)
-x, –dont-check-ssl-cert Override SSL “paranoia” question preventing OpenVAS-Client from checking certificates
-S, –sqlize-output Issue SQL output for -p and -P (experimental)
-s, –list-sessions= List sessions
-R, –restore-session= Restore session
–display=DISPLAY X display to use
OpenVAS-Client -q 127.0.0.1 1241 admin password iptoscan.txt scanresults.html -T html
Well the server is not listening here so a quick check to find the port its on:
netstat -nap | grep openvas
tcp 0 0 0.0.0.0:9390 0.0.0.0:* LISTEN 11265/openvasd: wai
Listening on 9390 so change the client line to the correct port!
OpenVAS-Client -q 127.0.0.1 9390 admin password iptoscan.txt scanresults.html -T html
Accept the certificate when prompted.
Once the scan is completed take a look at scanresults.html for your complete report.
There are many benefits to running the OpenVas Client from a command line, you can easily schedule tasks and script using simple bash much of your vulnerability assessment requirements. Run a scan against your servers each week or each month and quickly pickup any new services and vulnerabilities.
If you wish to use the GUI client, check your gnome menu’s you should have a new program. Not too difficult from there to work out the client. heck to find the port its on:
netstat -nap | grep openvas
tcp 0 0 0.0.0.0:9390 0.0.0.0:* LISTEN 11265/openvasd: wai
Listening on 9390 so change the client line to the correct port!
OpenVAS-Client -q 127.0.0.1 9390 admin password iptoscan.txt scanresults.html -T html
Accept the certificate when prompted.
Once the scan is completed take a look at scanresults.html for your complete report.
There are many benefits to running the OpenVas Client from a command line, you can easily schedule tasks and script using simple bash much of your vulnerability assessment requirements. Run a scan against your servers each week or each month and quickly pickup any new services and vulnerabilities.
If you wish to use the GUI client, check your gnome menu’s you should have a new program. Not too difficult from there to work out the client.
===============================
下来,我们需要为OpenVAS创建一个服务器证书。
$ sudo openvas-mkcert
按照屏幕上的指示,去创建您的证书。
现在,我们需要使用openvas-adduser命令去为OpenVAS的运行创建一个用户。
$ sudo openvas-adduser
同样地,按照屏幕上的指示,为OpenVAS用户提供一个用户名字和用户密码。最后,我们需要安装我们用来扫描的网络漏洞测试(NVTs)。OpenVAS的命令为:
$ sudo openvas-nvt-sync
第一次运行会持续一段时间,而且您需要定期地运行它以便收到更新和新的测试。我一般通过cron,一天运行它一次。
运行OpenVAS扫描器
当安装完以后,您就可以运行OpenVAS扫描器守护进程:
$ sudo openvassd
由于守护进程会将所有的网络漏洞测试都加载到扫描器中,所以根据你扫描用的主机的性能,会花一点时间。