26. JUN, 2009 CATEGORIES: TOOLS BY ADMIN VIEW COMMENTS<\/p>\n
This guide is the second in a 3 part series. Part 1 covers the Installation of Nessus 4 on the Jaunty Jackalope \u2013 Ubuntu 9.04. Part 2 is the installation of OpenVas 2 on Ubuntu 9.04 and Part 3 will be a show down between the two vulnerability scanners. A full review with comparison scan results from a number of sample systems. Nessus is a commercial product from Tenable while OpenVas is an open source product that branched from the original Nessus open source project releasing version 1.0 in August 2008.<\/p>\n
This guide will cover the installation of the following OpenVas components on Ubuntu 9.04 (Jaunty Jackalope). While specific to 64bit, other versions of Ubuntu should have no trouble with the following steps.<\/p>\n
apt-get install build-essential libgtk2.0-dev libglib2.0-dev libssl-dev htmldoc libgnutls-dev libpcap0.8-dev bison libgpgme11-dev libsmbclient-dev snmp pnscan<\/p>\n
wget http:\/\/wald.intevation.org\/frs\/download.php\/595\/openvas-client-2.0.4.tar.gz
wget http:\/\/wald.intevation.org\/frs\/download.php\/561\/openvas-libnasl-2.0.1.tar.gz
wget http:\/\/wald.intevation.org\/frs\/download.php\/600\/openvas-libraries-2.0.3.tar.gz
wget http:\/\/wald.intevation.org\/frs\/download.php\/607\/openvas-manager-0.6.1.tar.gz
wget http:\/\/wald.intevation.org\/frs\/download.php\/588\/openvas-plugins-1.0.7.tar.gz
wget http:\/\/wald.intevation.org\/frs\/download.php\/593\/openvas-server-2.0.2.tar.gz<\/p>\n
As stated in the docs, the components you have downloaded should now be installed in the following order:<\/p>\n
1. openvas-libraries
2. openvas-libnasl
3. openvas-server
4. openvas-plugins<\/p>\n
tar zxvf openvas-libraries-2.0.3.tar.gz
cd openvas-libraries-2.0.3
.\/configure
makeGuide to OpenVas on Ubuntu 9.04
make install<\/p>\n
openvas-libraries has been sucessfully installed.
Make sure that \/usr\/local\/bin is in your PATH before you
continue
Be sure to add \/usr\/local\/lib in \/etc\/ld.so.conf and type \u2018ldconfig\u2019<\/p>\n
Ubuntu is already good to go with these so move onto the libnasl<\/p>\n
tar zxvf openvas-libnasl-2.0.1.tar.gz
cd openvas-libnasl-2.0.1
.\/configure
make
make install
Guide to OpenVas on Ubuntu 9.04
tar zxvf openvas-server-2.0.2.tar.gz
cd openvas-server-2.0.2
.\/configure
make
make install<\/p>\n
tar zxvf openvas-plugins-1.0.7.tar.gz
cd openvas-plugins-1.0.7
.\/configure
make
make install<\/p>\n
tar zxvf openvas-client-2.0.4.tar.gz
cd openvas-client-2.0.4
.\/configure
make
make install<\/p>\n
Type:<\/p>\n
ldconfig<\/p>\n
Create an SSL certificate for the openvas server:<\/p>\n
openvas-mkcert<\/p>\n
Create a user account on the openvas server:<\/p>\n
openvas-adduser<\/p>\n
Update your plugins:<\/p>\n
openvas-nvt-sync<\/p>\n
Start the server:<\/p>\n
openvasd -D<\/p>\n
Running from a server (no gui) works well and thats how we do it here at (HT). To run a scan you need to create a text file with your target IP\u2019s or ranges.
Guide to OpenVas on Ubuntu 9.04
echo \u201c192.168.1.100\u2033 >> iptoscan.txt<\/p>\n
OpenVAS-Client \u2013help
Usage:
OpenVAS-Client [OPTION…] \u2013 client for the OpenVAS security scanner<\/p>\n
Help Options:
-?, \u2013help Show help options
\u2013help-all Show all help options
\u2013help-gtk Show GTK+ Options<\/p>\n
Application Options:
-v, \u2013version Display version information
-n, \u2013no-pixmap No pixmaps
-q, \u2013batch-mode= Batch-mode scan
-c, \u2013config-file=<.rcfile> Configuration file
-T, \u2013output-type=[nbe|html|text|xml|tex] Output format
-V, \u2013verbose Display statGuide to OpenVas on Ubuntu 9.04us messages in batch mode
-p, \u2013list-plugins Obtain list of plugins installed on the server
-P, \u2013list-prefs Obtain list of server and plugin preferences
-i, \u2013in-report= Input file (report conversion)
-o, \u2013out-report= Output file (report conversion)
-x, \u2013dont-check-ssl-cert Override SSL \u201cparanoia\u201d question preventing OpenVAS-Client from checking certificates
-S, \u2013sqlize-output Issue SQL output for -p and -P (experimental)
-s, \u2013list-sessions= List sessions
-R, \u2013restore-session= Restore session
\u2013display=DISPLAY X display to use<\/p>\n
OpenVAS-Client -q 127.0.0.1 1241 admin password iptoscan.txt scanresults.html -T html<\/p>\n
Well the server is not listeGuide to OpenVas on Ubuntu 9.04ning here so a quick cGuide to OpenVas on Ubuntu 9.04
26. JUN, 2009 CATEGORIES: TOOLS BY ADMIN VIEW COMMENTS<\/p>\n
This guide is the second in a 3 part series. Part 1 covers the Installation of Nessus 4 on the Jaunty Jackalope \u2013 Ubuntu 9.04. Part 2 is the installation of OpenVas 2 on Ubuntu 9.04 and Part 3 will be a show down between the two vulnerability scanners. A full review with comparison scan results from a number of sample systems. Nessus is a commercial product from Tenable while OpenVas is an open source product that branched from the original Nessus open source project releasing version 1.0 in August 2008.<\/p>\n
This guide will cover the installation of the following OpenVas components on Ubuntu 9.04 (Jaunty Jackalope). While specific to 64bit, other versions of Ubuntu should have no trouble with the following steps.<\/p>\n
apt-get install build-essential libgtk2.0-dev libglib2.0-dev libssl-dev htmldoc libgnutls-dev libpcap0.8-dev bison libgpgme11-dev libsmbclient-dev snmp pnscan<\/p>\n
wget http:\/\/wald.intevation.org\/frs\/download.php\/595\/openvas-client-2.0.4.tar.gz
wget http:\/\/wald.intevation.org\/frs\/download.php\/561\/openvas-libnasl-2.0.1.tar.gz
wget http:\/\/wald.intevation.org\/frs\/download.php\/600\/openvas-libraries-2.0.3.tar.gz
wget http:\/\/wald.intevation.org\/frs\/download.php\/607\/openvas-manager-0.6.1.tar.gz
wget http:\/\/wald.intevation.org\/frs\/download.php\/588\/openvas-plugins-1.0.7.tar.gz
wget http:\/\/wald.intevation.org\/frs\/download.php\/593\/openvas-server-2.0.2.tar.gz<\/p>\n
As stated in the docs, the components you have downloaded should now be installed in the following order:<\/p>\n
1. openvas-libraries
2. openvas-libnasl
3. openvas-server
4. openvas-plugins<\/p>\n
tar zxvf openvas-libraries-2.0.3.tar.gz
cd openvas-libraries-2.0.3
.\/configure
make
make install<\/p>\n
openvas-libraries has been sucessfully installed.
Make sure that \/usr\/local\/bin is in your PATH before you
continue
Be sure to add \/usr\/local\/lib in \/etc\/ld.so.conf and type \u2018ldconfig\u2019<\/p>\n
Ubuntu is already good to go with these so move onto the libnasl<\/p>\n
tar zxvf openvas-libnasl-2.0.1.tar.gz
cd openvas-libnasl-2.0.1
.\/configure
make
make install<\/p>\n
tar zxvf openvas-server-2.0.2.tar.gz
cd openvas-server-2.0.2
.\/configure
make
make install<\/p>\n
tar zxvf openvas-plugins-1.0.7.tar.gz
cd openvas-plugins-1.0.7
.\/configure
make
make install<\/p>\n
tar zxvf openvas-client-2.0.4.tar.gz
cd openvas-client-2.0.4
.\/configure
make
make install<\/p>\n
Type:<\/p>\n
ldconfig<\/p>\n
Create an SSL certificate for the openvas server:<\/p>\n
openvas-mkcert<\/p>\n
Create a user account on the openvas server:<\/p>\n
openvas-adduser<\/p>\n
Update your plugins:<\/p>\n
openvas-nvt-sync<\/p>\n
Start the server:<\/p>\n
openvasd -D<\/p>\n
Running from a server (no gui) works well and thats how we do it here at (HT). To run a scan you need to create a text file with your target IP\u2019s or ranges.<\/p>\n
echo \u201c192.168.1.100\u2033 >> iptoscan.txt<\/p>\n
OpenVAS-Client \u2013help
Usage:
OpenVAS-Client [OPTION…] \u2013 client for the OpenVAS security scanner<\/p>\n
Help Options:
-?, \u2013help Show help options
\u2013help-all Show all help options
\u2013help-gtk Show GTK+ Options<\/p>\n
Application Options:
-v, \u2013version Display version information
-n, \u2013no-pixmap No pixmaps
-q, \u2013batch-mode= Batch-mode scan
-c, \u2013config-file=<.rcfile> Configuration file
-T, \u2013output-type=[nbe|html|text|xml|tex] Output format
-V, \u2013verbose Display status messages in batch mode
-p, \u2013list-plugins Obtain list of plugins installed on the server
-P, \u2013list-prefs Obtain list of server and plugin preferences
-i, \u2013in-report= Input file (report conversion)
-o, \u2013out-report= Output file (report conversion)
-x, \u2013dont-check-ssl-cert Override SSL \u201cparanoia\u201d question preventing OpenVAS-Client from checking certificates
-S, \u2013sqlize-output Issue SQL output for -p and -P (experimental)
-s, \u2013list-sessions= List sessions
-R, \u2013restore-session= Restore session
\u2013display=DISPLAY X display to use<\/p>\n
OpenVAS-Client -q 127.0.0.1 1241 admin password iptoscan.txt scanresults.html -T html<\/p>\n
Well the server is not listening here so a quick check to find the port its on:<\/p>\n
netstat -nap | grep openvas<\/p>\n
tcp 0 0 0.0.0.0:9390 0.0.0.0:* LISTEN 11265\/openvasd: wai<\/p>\n
Listening on 9390 so change the client line to the correct port!<\/p>\n
OpenVAS-Client -q 127.0.0.1 9390 admin password iptoscan.txt scanresults.html -T html<\/p>\n
Accept the certificate when prompted.<\/p>\n
Once the scan is completed take a look at scanresults.html for your complete report.<\/p>\n
There are many benefits to running the OpenVas Client from a command line, you can easily schedule tasks and script using simple bash much of your vulnerability assessment requirements. Run a scan against your servers each week or each month and quickly pickup any new services and vulnerabilities.<\/p>\n
If you wish to use the GUI client, check your gnome menu\u2019s you should have a new program. Not too difficult from there to work out the client. heck to find the port its on:<\/p>\n
netstat -nap | grep openvas<\/p>\n
tcp 0 0 0.0.0.0:9390 0.0.0.0:* LISTEN 11265\/openvasd: wai<\/p>\n
Listening on 9390 so change the client line to the correct port!<\/p>\n
OpenVAS-Client -q 127.0.0.1 9390 admin password iptoscan.txt scanresults.html -T html<\/p>\n
Accept the certificate when prompted.<\/p>\n
Once the scan is completed take a look at scanresults.html for your complete report.<\/p>\n
There are many benefits to running the OpenVas Client from a command line, you can easily schedule tasks and script using simple bash much of your vulnerability assessment requirements. Run a scan against your servers each week or each month and quickly pickup any new services and vulnerabilities.<\/p>\n
If you wish to use the GUI client, check your gnome menu\u2019s you should have a new program. Not too difficult from there to work out the client. <\/p>\n
===============================<\/p>\n
\u4e0b\u6765\uff0c\u6211\u4eec\u9700\u8981\u4e3aOpenVAS\u521b\u5efa\u4e00\u4e2a\u670d\u52a1\u5668\u8bc1\u4e66\u3002<\/p>\n
\u3000\u3000$ sudo openvas-mkcert<\/p>\n
\u3000\u3000\u6309\u7167\u5c4f\u5e55\u4e0a\u7684\u6307\u793a\uff0c\u53bb\u521b\u5efa\u60a8\u7684\u8bc1\u4e66\u3002<\/p>\n
\u3000\u3000\u73b0\u5728\uff0c\u6211\u4eec\u9700\u8981\u4f7f\u7528openvas-adduser\u547d\u4ee4\u53bb\u4e3aOpenVAS\u7684\u8fd0\u884c\u521b\u5efa\u4e00\u4e2a\u7528\u6237\u3002<\/p>\n
\u3000\u3000$ sudo openvas-adduser<\/p>\n
\u3000\u3000\u540c\u6837\u5730\uff0c\u6309\u7167\u5c4f\u5e55\u4e0a\u7684\u6307\u793a\uff0c\u4e3aOpenVAS\u7528\u6237\u63d0\u4f9b\u4e00\u4e2a\u7528\u6237\u540d\u5b57\u548c\u7528\u6237\u5bc6\u7801\u3002\u6700\u540e\uff0c\u6211\u4eec\u9700\u8981\u5b89\u88c5\u6211\u4eec\u7528\u6765\u626b\u63cf\u7684\u7f51\u7edc\u6f0f\u6d1e\u6d4b\u8bd5\uff08NVTs\uff09\u3002OpenVAS\u7684\u547d\u4ee4\u4e3a\uff1a<\/p>\n
\u3000\u3000$ sudo openvas-nvt-sync<\/p>\n
\u3000\u3000\u7b2c\u4e00\u6b21\u8fd0\u884c\u4f1a\u6301\u7eed\u4e00\u6bb5\u65f6\u95f4\uff0c\u800c\u4e14\u60a8\u9700\u8981\u5b9a\u671f\u5730\u8fd0\u884c\u5b83\u4ee5\u4fbf\u6536\u5230\u66f4\u65b0\u548c\u65b0\u7684\u6d4b\u8bd5\u3002\u6211\u4e00\u822c\u901a\u8fc7cron\uff0c\u4e00\u5929\u8fd0\u884c\u5b83\u4e00\u6b21\u3002<\/p>\n
\u3000\u3000\u8fd0\u884cOpenVAS\u626b\u63cf\u5668<\/p>\n
\u3000\u3000\u5f53\u5b89\u88c5\u5b8c\u4ee5\u540e\uff0c\u60a8\u5c31\u53ef\u4ee5\u8fd0\u884cOpenVAS\u626b\u63cf\u5668\u5b88\u62a4\u8fdb\u7a0b\uff1a<\/p>\n
\u3000\u3000$ sudo openvassd<\/p>\n
\u3000\u3000\u7531\u4e8e\u5b88\u62a4\u8fdb\u7a0b\u4f1a\u5c06\u6240\u6709\u7684\u7f51\u7edc\u6f0f\u6d1e\u6d4b\u8bd5\u90fd\u52a0\u8f7d\u5230\u626b\u63cf\u5668\u4e2d\uff0c\u6240\u4ee5\u6839\u636e\u4f60\u626b\u63cf\u7528\u7684\u4e3b\u673a\u7684\u6027\u80fd\uff0c\u4f1a\u82b1\u4e00\u70b9\u65f6\u95f4\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"