OpenVas 8 on Ubuntu Server 14.04

After a question on the OpenVas7 howto, I tried to do an updated with OpenVas 8 and Ubuntu Server 14.04

  • [2015-05-19]: Fixed som pebkap on my side..
  • [2015-04-09]: Moved up openvas-smb config/compile to the beginning of the installation, after a suggestion from Malcolm in the comments

Like the last guides –

This installation is not made for public facing servers, there is no build in security in my setup.
Everything is run as root in this example below, including daemons and web servers…
I take no responsibility if this guide bork you server, burn your house down to ashes or just messes up your life.. It’s under the “it worked for me[tm]” clause

# Firstly install the build deps.

sudo apt-get install -y build-essential devscripts dpatch libassuan-dev \
 libglib2.0-dev libgpgme11-dev libpcre3-dev libpth-dev libwrap0-dev libgmp-dev libgmp3-dev \
 libgpgme11-dev libopenvas2 libpcre3-dev libpth-dev quilt cmake pkg-config \
 libssh-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev \
 doxygen sqlfairy xmltoman sqlite3 libsqlite3-dev wamerican redis-server libhiredis-dev libsnmp-dev \
 libmicrohttpd-dev libxml2-dev libxslt1-dev xsltproc libssh2-1-dev libldap2-dev autoconf nmap libgnutls-dev \
libpopt-dev heimdal-dev heimdal-multidev libpopt-dev mingw32

# Fix redis-server for some openvas default install settings.
cp /etc/redis/redis.conf /etc/redis/redis.orig ;\
echo "unixsocket /tmp/redis.sock" >> /etc/redis/redis.conf ;\
service redis-server restart

# Move in to the right place to download some tarballs.
cd /usr/local/src

# Become almighty root (remember: safety off, segmented internal build on)
sudo su

# Download ‘all the things’
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2015/openvas-libraries-8.0.1.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2016/openvas-scanner-5.0.1.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2017/openvas-manager-6.0.1.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2018/greenbone-security-assistant-6.0.1.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/1987/openvas-cli-1.4.0.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/1975/openvas-smb-1.0.1.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/1999/ospd-1.0.0.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2005/ospd-ancor-1.0.0.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2003/ospd-ovaldi-1.0.0.tar.gz ;\
wget --no-check-certificate https://wald.intevation.org/frs/download.php/2004/ospd-w3af-1.0.0.tar.gz

# unpack
find . -name \*.gz -exec tar zxvfp {} \;

# Configure and install openvas-smb:
cd openvas-smb* ;\
 mkdir build ;\
 cd build/ ;\
 cmake .. ;\
 make ;\
 make doc-full ;\
 make install ;\
 cd /usr/local/src

# config and build libraries
 cd openvas-libraries-* ;\
 mkdir build ;\
 cd build ;\
 cmake .. ;\
 make ;\
 make doc-full ;\
 make install ;\
 cd /usr/local/src

# config and build scanner
 cd openvas-scanner-* ;\
 mkdir build ;\
 cd build/ ;\
 cmake .. ;\
 make ;\
 make doc-full ;\
 make install ;\
 cd /usr/local/src

# reload libraries
ldconfig

#create cert
openvas-mkcert

# Sync nvt’s
openvas-nvt-sync

# Start openvassd
openvassd

# Check with ps or htop if the daemon is started. or perhaps..
root@hostilehamster:/usr/local/src# watch "ps -ef | grep openvassd"
 root 32078 1 27 16:09 ? 00:00:36 openvassd: Reloaded 6550 of 34309 NVTs (19% / ETA: 09:10)
 root 32079 32078 0 16:09 ? 00:00:00 openvassd (Loading Handler)
# Wait until "openvassd: Reloaded is done".. and switches to "Waiting for ingcoming..."

# config and build manager
cd openvas-manager-* ;\
 mkdir build ;\
 cd build/ ;\
 cmake .. ;\
 make ;\
 make doc-full ;\
 make install ;\
 cd /usr/local/src

# get scap feed
openvas-scapdata-sync

# get cert feed
openvas-certdata-sync

# create client cert..
openvas-mkcert-client -n -i

# Initialize the Database
openvasmd --rebuild --progress
 (This is going to take some time, pehaps time to get coffee?)

#create user
openvasmd --create-user=admin --role=Admin
 (write down the password)

# config and build cli
cd openvas-cli-* ;\
 mkdir build ;\
 cd build/ ;\
 cmake .. ;\
 make ;\
 make doc-full ;\
 make install ;\
 cd /usr/local/src

# configure and install gsa
cd greenbone-security-assistant-* ;\
 mkdir build ;\
 cd build/ ;\
 cmake .. ;\
 make ;\
 make doc-full ;\
 make install ;\
 cd /usr/local/src

# Start the all the stuff.
openvasmd --rebuild --progress
 openvasmd
 gsad --http-only

# check installation
wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup --no-check-certificate
 chmod 0755 openvas-check-setup
 ./openvas-check-setup --v8 --server

This should be a working default installation of OpenVas 8.
To try is out, go to http://serverip and login with Admin and your generated password.

# If you want to have pdf reports and such, you can always install:

apt-get install texlive-full
(this is not optimal thou, this installs a bunch of packets..)

# And some autostart script for ubuntu 14.04. and OpenVas8
# Nothing fancy, I took the init.d scripts from the debs for OpenVas5 and changed some stuff to make it work in the above setup.
# So all credits goes to the creators of the scripts that are mentioned in the scripts comments..
# This below downloads my modded init.d, default, logrotate.d scripts
# Unpack the tarball, copy the thingies to etc/
# Create the symlink to /var/log/openvas
# Create the symlinks for the autostart jobs..
cd /usr/local/src
wget http://www.mockel.se/wp-content/uploads/2015/04/openvas-startupscripts-v8.tar.gz
tar zxvfp openvas-startupscripts-v8.tar.gz
cd openvas-startupscripts-v8
cp etc/* /etc/ -arvi
update-rc.d openvas-manager defaults
update-rc.d openvas-scanner defaults
update-rc.d greenbone-security-assistant defaults

If you have any questions, answers or anything else regarding this article..
Don’t hesitate to ask in the comments.

I plan to do a little howto install the ospd package also.. But that will be later[tm] 🙂

Share on Google+Share on LinkedInTweet about this on TwitterEmail this to someoneShare on FacebookShare on Reddit
Leave a comment ?

45 Comments.

  1. OpenVas 7 on Ubuntu Server 14.04 | Mockel.SE - pingback on April 9, 2015 at 14:18
  2. Excellent instructions, everything works! Thank you for sharing your knowledge and experience.

  3. Excellent guide, thanks for putting it up.

    Only suggestion would be to put compiling the smb package at the beginning. For me the libraries complained that the smb package wasn’t available so I don’t know if it will link in properly if you compile it after the fact.

    Thanks again!

  4. Very helpful. Thank you.

    Install went fine, but I keep getting this error when I try to scan: WARNING: Cannot connect to KB at ‘/tmp/redis.sock’: Connection refused’

    Any idea as to why?

    • Hi,

      Sound like that the redis conf didn’t work.
      Do you have unixsocket /tmp/redis.sock
      on the last row of /etc/redis/redis.conf?

      Regards Falk

      • Same issue, I get “WARNING: Cannot connect to KB at ‘/var/run/redis/redis.sock’: Connection refused'” and the redis.conf file is pointing to /var/run/redis/redis.sock. I’ve tried to change it to /tmp/redis.sock and comment the previous path and I get the same result. Any idea? Thanks!

  5. Hi falk,

    nice tut as always… very well explained!

    just wondering, do openvas have an upgrade option? or we have to remove previous installation and start everything from scratch to install new version?

    • Hi,

      I think that there is an upgrade way.
      But I haven’t tried it myself yet.

      Would be nice thou to keep all the reports.


      Regards Falk

  6. You can also install openvas 8 on ubuntu 14.04 from this PPA:

    https://launchpad.net/~mrazavi/+archive/ubuntu/openvas

    after adding the PPA, “apt-get install openvas” will install all the requirements.

  7. Great post! Thank you.

  8. Thank you for doing this! One issue I’m having I’m following the steps exactly (I think) but when I get to “#config and build scanner” I get “bash: cd: openvas-scanner-*: No such file or directory” Under /usr/local/src I have folders for build, greenbone, cli, libraries, smb, ancor and ovaldi but not scanner. The other issue I had was in the first step it couldn’t find libxm12-dev Any ideas? Thank you!

    • Hi,

      Tnx for the kind words..
      And it looks like the download of openvas-scanner-5.0.1.tar.gz didn’t succeed.
      If you do “wget –no-check-certificate https://wald.intevation.org/frs/download.php/2016/openvas-scanner-5.0.1.tar.gz” does it download then?

      About the libxm12-dev is a openmotif thing I think, so I think that is an old dependency from when there was a desktop client in openvas. If someone know pls correct me 🙂
      And I guess that you are using a newer Ubuntu flavor or perhaps a Debian version, so that the package isn’t there?


      Regards Falk

  9. You are the ONE !!!! Thank you very very much 😉

  10. hi falk, i’m finished with openvas installer, and then when i want to login.. why in the gsa interface always show the text failed “login failed. OMP service is down?” .

    thx b4

    • Hi,

      Do you have these processes running if you do this below?

      root@kalilinux:~# netstat -anpt | grep 'gsad\|vas'
      tcp        0      0 0.0.0.0:9390            0.0.0.0:*               LISTEN      3671/openvasmd  
      tcp        0      0 0.0.0.0:9391            0.0.0.0:*               LISTEN      3659/openvassd: Wai
      tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      3773/gsad  

    • I got this..

      netstat -anpt | grep ‘gsad\|vas’
      tcp 0 0 192.168.2.139:9390 0.0.0.0:* LISTEN 1131/openvasmd
      tcp 0 0 192.168.2.139:9392 0.0.0.0:* LISTEN 1135/gsad
      tcp 0 0 192.168.2.139:9392 192.168.2.109:64894 ESTABLISHED 1135/gsad

  11. hi falk, i’m just wondering how to upgrade openvas package?

    Eg:
    currently installed openvas-libraries is version 8.0.1
    if new version eg: 8.0.3 come, then how to upgrade?

    Thanks.

  12. If you get the following:

    
    [ 26%] Building C object src/CMakeFiles/gsad_xslt_ext.dir/xslt_i18n.c.o
    In file included from /usr/local/src/greenbone-security-assistant-6.0.4/src/xslt_i18n.h:30:0,
                     from /usr/local/src/greenbone-security-assistant-6.0.4/src/xslt_i18n.c:26:
    /usr/include/glib-2.0/glib/gstring.h:29:2: error: #error "Only <glib.h> can be included directly."
     #error "Only <glib.h> can be included directly."
    

    The problem is that in “greenbone-security-assistant-6.0.4/src/xslt_i18n.h” they are importing only part of the glib library when, evidently, you have to pull in the whole thing. Just edit that import line to be glib.h instead of gstring.h (or whatever it was trying to import).

  13. OpenVAS Open Source vulnerability scanner | Andreas' Blog - pingback on July 16, 2015 at 09:59
  14. Falk, you are the one!!
    Great walktrough.
    I see in the comments issues with redis-server probably because they just cut and paste the commandline. Concerning file system delays if running on a slow machine or virtual the conf file are not closed when echoing in the line. Suggestion: Do the commands one by one as root ( then you will not have accesproblems eigther).

    Then adding alien and nsis as prerequsits packages ar just nice. On a newly installed ubuntu they are of course not installed. Thanks again Falk you are just great!!

  15. For advanced scans ( deepscans ) suggestion to add:

    Adding DIRB:
    http://prithak.blogspot.se/2011/08/brute-force-directory-and-files-on-web.html
    apt-get install libcurl4-gnutls-dev
    wget -c ‘http://sourceforge.net/projects/dirb/files/dirb/2.03/dirb203.tar.gz/download’ -O dirb203.tar.gz
    tar -zxvf dirb203.tar.gz
    cd dirb
    ./configure
    make
    make install

    Test installation:
    /usr/local/bin/dirb

    Adding nikto:
    sudo apt-get install nikto

    Fix w3af:
    sudo apt-get install w3af-console

    Add wapiti:
    sudo apt-get install python-setuptools
    wget -O wapiti-2.3.0.tar.gz “http://downloads.sourceforge.net/project/wapiti/wapiti/wapiti-2.3.0/wapiti-2.3.0.tar.gz?r=http://sourceforge.net/projects/wapiti/files/wapiti/wapiti-2.3.0/&ts=1391931386&use_mirror=heanet”
    tar zxvf wapiti-2.3.0.tar.gz
    cd wapiti-2.3.0
    python setup.py install

    • Pasted wget were truncated “&amp” missing in string

      “quote wget -O wapiti-2.3.0.tar.gz “http://downloads.sourceforge.net/project/wapiti/wapiti/wapiti-2.3.0/wapiti-2.3.0.tar.gz?r=http://sourceforge.net/projects/wapiti/files/wapiti/wapiti-2.3.0/&ts=1391931386&use_mirror=heanet” quote”

      There will be schema error otherwise.
      /Ice

  16. Brobably blog form html issue. It is missing in the reply aswell. Google it up on the wget string and you will get the right things.

  17. Another framework that earlier fitted in the GSA are Arachni.
    Plugs still there but not working i GSA since long time back.
    But combined with GSA analyses there are really nice findings to do.
    It is commandline and early webbased but worth trying.

    Add arachni:
    Download from.
    http://www.arachni-scanner.com/download/#Linux

    Unpack then.

    Add to path i.e.
    /root/arachni/arachni-1.2.1-0.5.7.1/bin

    Then start webgui or commandline.

  18. Hi falk!

    out of topic question…… may i ask, do you have installed/implemented ‘Openstack’ in your environment?

    I hope that you can come out with Openstack step-by-step tutorial on your blog.
    Nowadays, cloud computing is getting important and is very big thing.

  19. Falk,

    This “How to” installed flawlessly! Thank you very much for posting it. I also learned a few more Linux commands.

    I’m sure that numerous other people have used this post and appreciate it.

    Mark

  20. Jeroen van Drongelen

    On Ubuntu 14.04.3, this instruction worked great, thanks for that.

  21. Excellent but I got a question How install pluggins like DIRB,Arachni,Nikto,wapiti?? pliss I nedd your help wit that??
    Thanks

  22. Stuck at this …. 🙁
    Pls assist ….

    root@openvas:/usr/local/src# openvas-scapdata-sync
    [i] This script synchronizes a SCAP data directory with the OpenVAS one.
    [i] This script is for the SQLite3 backend.
    [i] SCAP dir: /usr/local/var/lib/openvas/scap-data
    [i] Will use rsync
    [i] Using rsync: /usr/bin/rsync
    [i] Configured SCAP data rsync feed: rsync://feed.openvas.org:/scap-data
    rsync: failed to connect to feed.openvas.org (78.47.251.61): Connection refused
    (111)
    rsync error: error in socket IO (code 10) at clientserver.c(128) [Receiver=3.1.0
    ]
    [e] Error: rsync failed. Your SCAP data might be broken now.

  23. Hi Falk!
    Can you help?
    root@openvas:/usr/src# openvasmd –rebuild –progress
    Rebuilding NVT cache… failed.

    prior to this command, install went without errors

  24. hi thank you for this great post, I’m trying to install openvas 8 on Ubuntu 15.10. I have installed all required packages but when I try to build the libraries I get these errors:

    xxxx/usr/local/src/openvas-libraries-8.0.1/build# make
    [ 2%] Built target openvas_omp_shared
    [ 20%] Built target openvas_base_shared
    [ 41%] Built target openvas_misc_shared
    Linking C executable test-hosts
    libopenvas_base.so.8.0.1: undefined reference to `log_legacy_write’
    libopenvas_base.so.8.0.1: undefined reference to `openvas_server_close’
    libopenvas_base.so.8.0.1: undefined reference to `openvas_server_vsendf’
    ../omp/libopenvas_omp.so.8.0.1: undefined reference to `openvas_server_sendf’
    ../omp/libopenvas_omp.so.8.0.1: undefined reference to `openvas_server_sendf_xml_quiet’
    ../omp/libopenvas_omp.so.8.0.1: undefined reference to `openvas_server_sendf_xml’
    libopenvas_base.so.8.0.1: undefined reference to `openvas_server_open_with_cert’
    collect2: error: ld returned 1 exit status
    base/CMakeFiles/test-hosts.dir/build.make:88: recipe for target ‘base/test-hosts’ failed
    make[2]: *** [base/test-hosts] Error 1
    CMakeFiles/Makefile2:178: recipe for target ‘base/CMakeFiles/test-hosts.dir/all’ failed
    make[1]: *** [base/CMakeFiles/test-hosts.dir/all] Error 2
    Makefile:146: recipe for target ‘all’ failed
    make: *** [all] Error 2

  25. well done
    very helpful
    but the scan on the greenbone interface does not work
    help!

  26. Hi

    i got rebuild failed what should i do ?

  27. root@test-VirtualBox:/usr/local/src# openvasmd –rebuild –progress
    Rebuilding NVT cache… failed.

  28. I got an error like this.Please help.
    Ubuntu 14.04

    root@test-VirtualBox:~# openvasmd –rebuild –progress
    Rebuilding NVT cache… failed.

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre lang="" line="" escaped="" cssfile="">

Trackbacks and Pingbacks: