Sunday, November 13, 2011

Getting started with OpenVas in BackTrack 5

Content

  • 1 Installing OpenVAS
  • 2 Location of OpenVAS menu entries
  • 3 Openvas check setup
  • 4 Setting up OpenVAS
    • 4.1 Step 1. Adding a user
    • 4.2 Step 2. Making the Certificate
    • 4.3 Step 3. Syncing the NVT's
    • 4.4 Step 4. Starting the scanner
    • 4.5 Step 5. Setup OpenVAS manager
    • 4.6 Step 6. Setup OpenVAS Administrator
  • 5 Starting OpenVAS Manager
  • 6 Starting OpenVAS Administrator
  • 7 Starting Greenbone Security Assistant
  • 8 OpenVAS user interfaces
    • 8.1 Greenbone security desktop
    • 8.2 Web interface
  • 9 Once you have completed the setup process
    • 9.1 Starting OpenVAS with greenbone security desktop as the scanning interface
    • 9.2 Starting OpenVAS with a web browser as the scanning interface

      Installing OpenVAS

      The simplest way of installing all of required parts of the openvas suite is to issue the following commands in a terminal window.
      root@bt:~#apt-get update
      root@bt:~#apt-get install openvas
      
      The package openvas is a "master" package that holds all of the info required to automatically download all of the other packages that make up the full openvas suite of tools.

      Location of OpenVAS menu entries

      Once openvas has been installed you will find all the of menu entries in this location.
      Openvas3.png

      Openvas check setup

      openvas-check-setup is a very useful tool, here it is showing how it can help diagnose problems and give advice on how to fix them.
      Openvas4.png

      Setting up OpenVAS

      Step 1. Adding a user

      From the menu, select Openvas Adduser and follow instructions.
      Openvas5.png
      Note that you can use any username you like but in this case I have just used root. I have left it at the default of password authentication as I am going to be using this on a local machine and to save having to worry about the users having certs to worry about, but this is entirely up to you. You cannot have an empty password so I have used toor in this case. For the rules applied to this user I have left them blank by pressing ctrl-d This means that this user will be able to perform any tasks without any restrictions.

      Step 2. Making the Certificate

      From the menu, select Openvas mkcert and follow instructions.
      Here we create the SSL cert This is used if you decided to use cert instead of pass when you created the user, but you are required to create it anyway even if you decide not to use certs.

      Step 3. Syncing the NVT's

      At this point we need to get the latest set of nvt's. These are what the scanner uses to detect the vulnerabilities in what you are scanning. Please note you will need to do this quite regularly, and the first time you do it could take a while depending on the speed of your computer and internet.
      So select OpenVAS NVT Sync from the menu

      Step 4. Starting the scanner

      Start Openvas scanner
      Now we are ready to start the scanner
      This WILL take a while the first time you start it as it checks and loads the new NVT's you have downloaded in the previous step.
      Openvas8.png

      Openvas9.png
      Note the time in the corner ! This was in a VM so it should be much quicker for you.
      Subsequent starts will be quick unless you have not updated in quite some time
      Please remember that the scanner runs as a daemon in the background and will keep running until you reboot or stop it with the menu entry provided.

      Step 5. Setup OpenVAS manager

      Setting up openvas manager
      First thing we need to do is make a client cert for Openvas manager, This is done by running the following command
      openvas-mkcert-client -n om -i
      
      Openvas10.png
      now we need to rebuild the database as it is now out of date with the added nvt's and we would otherwise get errors about the database. You should do this each time you update the NVT's. This is done with a simple command
      openvasmd --rebuild
      
      This process will only take a few seconds if using openvas-libraries version 4.0.3 or below.
      This process can take much longer if using openvas-libraries version 4.0.5 or above. The tradeoff for this extra time is much greater scanning capabilities, so it is worth it.

      Step 6. Setup OpenVAS Administrator

      Setting up Openvas Administrator
      We need to create an administrative user that we will be using to perform all of our vulnerability assesments. This is done by running the following command
      openvasad -c 'add_user' -n openvasadmin -r Admin
      
      openvasadmin is the username I have chosen to become this user, you however can substitute that with something better suited to you if you so choose. Make sure you can remember this username and associated password as you WILL need it when running openvas.
      root@bt:~# openvasad -c 'add_user' -n openvasadmin -r Admin
      Enter password: 
      ad   main:MESSAGE:5871:2011-05-26 04h57.08 BST: No rules file provided, the new user will have no restrictions.
      ad   main:MESSAGE:5871:2011-05-26 04h57.08 BST: User openvasadmin has been successfully created.
      root@bt:~# 
      

      Starting OpenVAS Manager

      Now we need to start Openvas Manager
      This runs as a daemon in the background. As I am running everything from my local machine I will be using localhost to listen on and in this case the default port. This is done by running the following command.
      openvasmd -p 9390 -a 127.0.0.1
      

      Starting OpenVAS Administrator

      Now we need to start Openvas Administrator
      This also runs as a daemon in the background. As I am running everything from my local machine I will be using localhost to listen on and in this case the default port. This is done by running the following command.
      openvasad -a 127.0.0.1 -p 9393
      

      Starting Greenbone Security Assistant

      Now we need to start Greenbone security Assistant
      This again runs as a daemon in the background. As I am running everything from my local machine I will be using localhost to listen on and in this case the default port. This is done by running the following command.
      gsad --http-only --listen=127.0.0.1 -p 9392
      
      More info on the above commands and other options can be found by running their associated menu entry and by looking at the man pages. As all three of these run as a daemon and will continue running until you shutdown you computer, I have provided menu entries for you so as you can stop them when you no longer need them.


      At this point your installation is essentially complete, but as we have got this far we may as well continue to make sure everything is working as expected.

      OpenVAS user interfaces

      Greenbone security desktop

      Now we need to start an application to enable you to communicate with the scanner and other daemons.
      The first of these choices is greenbone security desktop
      Start this from the menu item and fill in the credentials and details we created earlier, then click the login button.
      Openvas11.png

      Once logged in you can use this as your scanning interface, or use the next choice of you prefer.

      Web interface

      This next method is via a web interface
      Open your favorite browser and enter the following address
      127.0.0.1:9392
      You will then be presented with a login page. login with the credentials we created earlier.
      Once you have logged in, you will notice that your CPU usage will hit the roof, don't worry, this will return to normal in short while.
      Openvas12.png
      Here you can perform and setup all of your scanning tasks. It is a good idea to set NoScript to Temporarily allow 127.0.0.1 or you may get unexpected results.
      There is much more to OpenVAS than I have included here, but this is only intended to get you up and running quickly. Scans and more advanced setups are beyond the scope of this simple tutorial. Don't forget about some of the other parts to openvas contained within the menu that I have not covered here and also the man pages.


      Once you have completed the setup process

      Starting OpenVAS with greenbone security desktop as the scanning interface

      From the menu select
      Openvas NVT sync
      Start Openvas scanner
      then in a terminal window
      openvasmd --rebuild
      openvasmd -p 9390 -a 127.0.0.1
      openvasad -a 127.0.0.1 -p 9393
      gsad --http-only --listen=127.0.0.1 -p 9392
      
      Then from the menu
      Start Greenbone Security Desktop
      and login
      You are now ready to setup your scanning tasks.

      Starting OpenVAS with a web browser as the scanning interface

      From the menu select
      Openvas NVT sync
      Start Openvas scanner
      then in a terminal window
      openvasmd --rebuild
      openvasmd -p 9390 -a 127.0.0.1
      openvasad -a 127.0.0.1 -p 9393
      gsad --http-only --listen=127.0.0.1 -p 9392
      
      Then open your browser to the address
      http://127.0.0.1:9392
      
      Login.
      You are now ready to setup your scanning tasks. 
    • Ref: http://www.backtrack-linux.org

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...