OpenVAS

Install

To install openvas, emerge it:

root # emerge openvas

Configure

Create a certificate for the server, choosing the default values if desired:

root # openvas-mkcert

Create a client certificate::

root # openvas-mkcert-client -n -i

Update the plugins and vulnerability data:

root # openvas-nvt-sync
root # openvas-scapdata-sync
root # openvas-certdata-sync

Start OpenvVas Scanner (Required for next steps):

root # /etc/init.d/openvassd start

This step can load for few minutes, use ps aux to check when done (Waiting for incoming connections) :

root # ps aux

Initializing OpenVas Manager Database:

root # /usr/sbin/openvasmd --rebuild --progress

Add an administrator user account:

root #  openvasmd --create-user=admin --role=Admin
root #  openvasmd --user=admin --new-password=your_new_password

Configure Redis (Required Since OpenVas Manager 6)

Configure redis as perscribed by the OpenVAS redis configuration. In summary, amend the following to your /etc/redis.conf

unixsocket /tmp/redis.sock
port 0
timeout 0

Start Redis:

root #  /etc/init.d/redis start

Check your Installation, Settings and Start Services

Check you Install Settings with default utility:

root #  openvas-check-setup --v8

Check your service settings

root #  nano /etc/conf.d/openvassd
root #  nano /etc/conf.d/openvasmd
root #  nano /etc/conf.d/gsad

Start your services:

root #/etc/init.d/openvasmd start
root #/etc/init.d/gsad start

Good Practices to Install and expand your OpenVas Setting

Set a Password Policy for OpenVas:

root #  nano /etc/openvas/pwpolicy.conf

Enable NVT signature checking: See http://www.openvas.org/trusted-nvts.html

Install RPM and Alien (for LSC credential package generation support on target systems):

root # emerge app-arch/alien app-arch/rpm

Install Haveged entropy (for speed up some actions):

root # emerge sys-apps/haveged
root # rc-update add haveged defaul
root #  /etc/init.d/haveged start