Archive for May 2016

Building OpenVAS in Slackware

I’m a huge fan of OpenVAS. It is a great tool for probing your network and finding possible security holes. Many of you have probably heard of Nessus, another fantastic tool, but it can be pretty pricey. I would recommend it for business, but for home use, go for OpenVAS.

In many cases, I would recommend you setup a Linux distribution called Kali Linux. It has a lot of really good tools built right in, including OpenVAS, but I’ve started running into issues with it lately. I’ll run a scan, and the systems load gets so high it becomes completely unresponsive for days at a time, then fails to finish. I’m not sure what I’m doing wrong there, so I decided to wipe the machine and put my good ‘ol Slackware back on it. After using it for several weeks I have decided to leave it Slackware as those issues have disappeared. So now I’m going to point you in the direction to get OpenVAS installed, plus a few extras that will make things easier.

I’m going to assume you are familiar with slackbuilds.org and hopefully a wonderful tool called sbopkg, as some wonderful people over there have build script for OpenVAS that will make your life so much better. Kent Fritz has written a great guide on how to get going over on slackbuilds.org. Go through his steps then come back here.

FYI, I have build and used OpenVAS on both 32 and 64bit Slackware and even on ARM using a Raspberry Pi. I’ve only had one program (hiredis) fail to build using sbopkg, so I had to do it the old fashioned way and download the build script and source and build outside sbopkg.

Note that while going through the instructions over on slackbuilds.org, before running any type of sync command, stop the running processes like openvasmd and openvassd. This is because the first time you run them, they will require a large amount of memory and will crash on the Raspberry Pi (I’m not sure on the pi2, I haven’t tried yet). By ensuring those processes are not running, it will surely finish properly.

Welcome back… I’m assuming you followed the instructions over on slackbuilds.org and are ready to continue. Here are some tips and script to make like just a little easier.

First, edit some permissions:

chmod 755 /etc/rc.d/rc.redis
chmod 755 /etc/rc.d/rc.openvassd
chmod 755 /etc/rc.d/rc.openvasmd
chmod 755 /etc/rc.d/rc.gsad

Now we are going to create a bunch of scripts that will simplify everything.

/usr/bin/openvas-start

#!/bin/bash
echo "Starting OpenVAS Services"
/etc/rc.d/rc.redis start
/etc/rc.d/rc.gsad start
/etc/rc.d/rc.openvassd start
/etc/rc.d/rc.openvasmd start

/usr/bin/openvas-stop

#!/bin/bash
echo "Stopping OpenVAS Services"
/etc/rc.d/rc.gsad stop
/etc/rc.d/rc.openvassd stop
/etc/rc.d/rc.openvasmd stop
/etc/rc.d/rc.redis stop

/usr/bin/openvas-feed-update

#!/bin/bash
echo "Updating OpenVAS Feeds"
echo "Stopping OpenVAS if running..."
/usr/bin/openvas-stop
openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync
echo "Rebuilding Database"
openvasmd --rebuild
echo "You can start OpenVAS now if needed"

/usr/bin/openvas-setup

#!/bin/bash
test -e /var/lib/openvas/CA/cacert.pem  || openvas-mkcert -q
if (openssl verify -CAfile /var/lib/openvas/CA/cacert.pem \
    /var/lib/openvas/CA/servercert.pem |grep -q ^error); then
    openvas-mkcert -q -f
fi
openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync
if ! test -e /var/lib/openvas/CA/clientcert.pem || \
    ! test -e /var/lib/openvas/private/CA/clientkey.pem; then
    openvas-mkcert-client -n -i
fi
if (openssl verify -CAfile /var/lib/openvas/CA/cacert.pem \
    /var/lib/openvas/CA/clientcert.pem |grep -q ^error); then
    openvas-mkcert-client -n -i
fi
/etc/rc.d/rc.openvasmd stop
/etc/rc.d/rc.openvassd stop
/etc/rc.d/rc.openvassd start
openvasmd --migrate
openvasmd --rebuild
/etc/rc.d/rc.openvassd stop
killall openvassd
sleep 15
/etc/rc.d/rc.openvassd start
/etc/rc.d/rc.openvasmd start
/etc/rc.d/rc.gsad restart
/etc/rc.d/rc.redis restart
if ! openvasmd --get-users | grep -q ^admin$ ; then
    openvasmd --create-user=admin
fi

Here is a great program that can help find any issues while getting setup. This link is mentioned in Kent’s instructions. So hopefully you have it already.

wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup -o /usr/bin/openvas-check-setup

Here we are going to chmod those files:

chmod 755 /usr/bin/openvas-start
chmod 755 /usr/bin/openvas-stop
chmod 755 /usr/bin/openvas-feed-update
chmod 755 /usr/bin/openvas-setup
chmod 755 /usr/bin/openvas-check-setup

WOW! That is a lot! Alright, so several files have been created. Here is what each one does.
/usr/bin/openvas-start:
This will start all the services needed.
/usr/bin/openvas-stop:
This will stop all the services.
/usr/bin/openvas-feed-update:
This will update all your feeds.
/usr/bin/openvas-setup:
This script will help if you have any issues. Sometimes OpenVAS feeds cause an issue, and by running this command you will find it fixes the problem 99% of the time.
/usr/bin/openvas-check-setup:
This one will help you diagnose issues.

Give it time:
When starting OpenVAS, each part is thrown into the background to finish loading. Depending on your computers speed, it can take a while before you can do anything. Best to watch with top, htop, or iotop to see when everything has finished loading. Then proceed to use GreenBone.

Possible Issues:
When trying to log in to the GreenBone Security Assistant, You might get an error that says the OMP service could not be found. Try running the openvas-setup-check. If you get an error saying there are no users, run openvas-setup. This will fix it. This is a problem I have seen several times in the past on both Slackware and Kali, so I believe it to be a bug somewhere in OpenVAS.

I think that’s just about it. You should now be up and running with OpenVAS!