Difference between revisions of "Package:OpenVAS"
(Created page with "{{Ebuild |Summary=OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. |Cat...") |
|||
| Line 2: | Line 2: | ||
|Summary=OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. | |Summary=OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. | ||
|CatPkg=net-analyzer/openvas | |CatPkg=net-analyzer/openvas | ||
}} | |||
== Install == | |||
To install openvas, emerge it: | |||
{{console|body= | |||
###i## emerge openvas | |||
}} | |||
== Configure == | |||
Create a certificate for the server, choosing the default values if desired: | |||
{{console|body= | |||
###i## openvas-mkcert | |||
}} | |||
Create a client certificate:: | |||
{{console|body= | |||
###i## openvas-mkcert-client -n -i | |||
}} | |||
Update the plugins and vulnerability data: | |||
{{console|body= | |||
###i## openvas-nvt-sync | |||
###i## openvas-scapdata-sync | |||
###i## openvas-certdata-sync | |||
}} | |||
Start OpenvVas Scanner (Required for next steps): | |||
{{console|body= | |||
###i## /etc/init.d/openvassd start | |||
}} | |||
This step can load for few minutes, use ps aux to check when done (Waiting for incoming connections) : | |||
{{console|body= | |||
###i## ps aux | grep openvassd | |||
###i## openvassd: Waiting for incoming connections | |||
}} | |||
Initializing OpenVas Manager Database: | |||
{{console|body= | |||
###i## /usr/sbin/openvasmd --rebuild --progress | |||
}} | |||
Add an administrator user account: | |||
{{console|body= | |||
###i## openvasmd --create-user=admin --role=Admin | |||
###i## openvasmd --user=admin --new-password=your_new_password | |||
}} | |||
== Configure Redis (Required Since OpenVas Manager 6) == | |||
Configure redis as perscribed by the [https://svn.wald.intevation.org/svn/openvas/tags/openvas-scanner-release-5.0.3/doc/redis_config.txt OpenVAS redis configuration]. In summary, amend the following to your /etc/redis.conf | |||
{{console|body= | |||
unixsocket /tmp/redis.sock | |||
port 0 | |||
timeout 0 | |||
}} | |||
== Check your Installation, Settings and Start Services == | |||
Check you Install Settings with default utility: | |||
{{console|body= | |||
###i## openvas-check-setup --v8 | |||
}} | |||
Check your de | |||
{{console|body= | |||
###i## nano /etc/conf.d/openvassd | |||
###i## nano /etc/conf.d/openvasmd | |||
###i## nano /etc/conf.d/gsad | |||
}} | |||
== Good Practices to Install and expand your OpenVas Setting == | |||
Set a Password Policy for OpenVas: | |||
{{console|body= | |||
###i## nano /etc/openvas/pwpolicy.conf | |||
}} | |||
Enable NVT signature checking: | |||
See http://www.openvas.org/trusted-nvts.html | |||
Install RPM and Alien (for LSC credential package generation support on target systems): | |||
{{console|body= | |||
###i## emerge app-arch/alien app-arch/rpm | |||
}} | |||
Install Haveged entropy (for speed up some actions): | |||
{{console|body= | |||
###i## emerge sys-apps/haveged | |||
###i## rc-update add haveged defaul | |||
###i## /etc/init.d/haveged start | |||
}} | }} | ||
{{EbuildFooter}} | {{EbuildFooter}} | ||
Revision as of 21:56, December 7, 2015
OpenVAS
We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.
Install
To install openvas, emerge it:
root # emerge openvas
Configure
Create a certificate for the server, choosing the default values if desired:
root # openvas-mkcert
Create a client certificate::
root # openvas-mkcert-client -n -i
Update the plugins and vulnerability data:
root # openvas-nvt-sync root # openvas-scapdata-sync root # openvas-certdata-sync
Start OpenvVas Scanner (Required for next steps):
root # /etc/init.d/openvassd start
This step can load for few minutes, use ps aux to check when done (Waiting for incoming connections) :
root # ps aux
Initializing OpenVas Manager Database:
root # /usr/sbin/openvasmd --rebuild --progress
Add an administrator user account:
root # openvasmd --create-user=admin --role=Admin root # openvasmd --user=admin --new-password=your_new_password
Configure Redis (Required Since OpenVas Manager 6)
Configure redis as perscribed by the OpenVAS redis configuration. In summary, amend the following to your /etc/redis.conf
unixsocket /tmp/redis.sock port 0 timeout 0
Check your Installation, Settings and Start Services
Check you Install Settings with default utility:
root # openvas-check-setup --v8
Check your de
root # nano /etc/conf.d/openvassd root # nano /etc/conf.d/openvasmd root # nano /etc/conf.d/gsad
Good Practices to Install and expand your OpenVas Setting
Set a Password Policy for OpenVas:
root # nano /etc/openvas/pwpolicy.conf
Enable NVT signature checking: See http://www.openvas.org/trusted-nvts.html
Install RPM and Alien (for LSC credential package generation support on target systems):
root # emerge app-arch/alien app-arch/rpm
Install Haveged entropy (for speed up some actions):
root # emerge sys-apps/haveged root # rc-update add haveged defaul root # /etc/init.d/haveged start