OpenVAS Vulnerability Scanner Installation

OpenVAS (Open Vulnerability Assessment Scanner) is a comprehensive vulnerability scanning and management platform that identifies security weaknesses in networks and systems. Based on the Greenbone Vulnerability Management architecture, OpenVAS provides sophisticated scanning capabilities, detailed vulnerability assessment, compliance checking, and remediation recommendations. This guide covers installing the Greenbone Vulnerability Manager, synchronizing vulnerability feeds, configuring scan targets, scheduling automated scans, and generating comprehensive reports.

Table of Contents

System Requirements

OpenVAS requires substantial system resources for scanning and data processing:

  • 64-bit processor (4+ cores recommended)
  • 8 GB RAM minimum (16 GB+ for large deployments)
  • 100 GB disk space (more for feed storage and historical data)
  • Linux kernel 4.4 or newer
  • Stable internet connectivity for feed updates
  • GCC compiler and development libraries

Verify system capabilities:

uname -r
nproc
free -h
df -h /

Installation

Install OpenVAS using the official Greenbone repositories.

For Ubuntu 22.04 LTS:

sudo apt-get update
sudo apt-get install -y curl gnupg software-properties-common
curl -fsSL https://openvas.org/release-key.asc | sudo gpg --dearmor -o /usr/share/keyrings/greenbone.gpg
echo "deb [signed-by=/usr/share/keyrings/greenbone.gpg] http://openvas.org/packages/ubuntu focal main" | sudo tee /etc/apt/sources.list.d/openvas.list
sudo apt-get update
sudo apt-get install -y openvas

For Debian 11:

sudo apt-get update
sudo apt-get install -y curl gnupg
curl -fsSL https://openvas.org/release-key.asc | sudo gpg --dearmor -o /usr/share/keyrings/greenbone.gpg
echo "deb [signed-by=/usr/share/keyrings/greenbone.gpg] http://openvas.org/packages/debian bullseye main" | sudo tee /etc/apt/sources.list.d/openvas.list
sudo apt-get update
sudo apt-get install -y openvas

For CentOS/RHEL 8:

sudo yum install -y openvas

Alternatively, install from source:

cd /tmp
wget https://github.com/greenbone/openvas-scanner/archive/v21.4.0.tar.gz
tar xzf v21.4.0.tar.gz
cd openvas-scanner-21.4.0
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Release ..
make -j$(nproc)
sudo make install

Enable and start services:

sudo systemctl enable openvas-scanner
sudo systemctl enable openvas-manager
sudo systemctl enable gsad
sudo systemctl start openvas-scanner
sudo systemctl start openvas-manager
sudo systemctl start gsad

Verify installation:

sudo openvas --version
sudo systemctl status openvas-manager

Access the web interface at https://localhost:9392:

firefox https://localhost:9392 &

Default credentials:

  • Username: admin
  • Password: admin (change on first login)

Initial Configuration

Configure OpenVAS after installation for optimal performance.

Create administrator user:

sudo openvasmd --create-user=admin --role=Admin

Set password:

sudo openvasmd --user=admin --new-password=SecurePassword123

Configure the scanner:

sudo nano /etc/openvas/openvas.conf

Key settings:

# Network access
listen = 0.0.0.0
port = 9391

# Certificate generation
cert_key_file = /etc/openvas/private/scanner_key.pem
cert_file = /etc/openvas/certs/scanner_cert.pem

# Maximum concurrent NVT (Network Vulnerability Test)
max_concurrent_nvts = 4

# Logging
log_level = 4
log_file = /var/log/openvas/scanner.log

Generate certificates:

sudo openvas-manager -generate-certs

Enable remote authentication (optional):

sudo nano /etc/openvas/openvasmd.conf

Add:

allow_insecure = 0
serve_web = yes

Restart services:

sudo systemctl restart openvas-scanner
sudo systemctl restart openvas-manager

Feed Synchronization

Download and maintain the latest vulnerability definitions for accurate scanning.

Synchronize feeds manually:

sudo openvas-nvt-sync
sudo openvas-cert-sync
sudo openvas-scapdata-sync

Check feed update status:

sudo openvasmd --rebuild

View NVT count:

openvasmd --list-nvts | wc -l

Configure automatic feed updates via cron:

sudo crontab -e

Add:

0 */6 * * * /usr/bin/openvas-nvt-sync > /dev/null 2>&1
0 1 * * * /usr/bin/openvas-cert-sync > /dev/null 2>&1
0 2 * * * /usr/bin/openvas-scapdata-sync > /dev/null 2>&1

Monitor sync progress:

tail -f /var/log/openvas/openvasmd.log | grep -i sync

Verify feed age:

ls -la /var/lib/openvas/nvts/

Update frequencies vary by subscription level:

  • Community feeds: Daily updates
  • Paid subscriptions: Multiple times daily

Scan Targets

Define the systems and networks to scan.

Add a scan target via web interface:

Configuration → Targets
Click "New Target"
Name: Production Servers
Allow Simultaneous Scanning: checked
Hosts: 192.168.1.0/24
Port List: Default
Save

Create targets via command line:

openvasmd --create-target --make-overrides --name="Web Servers" --hosts="192.168.1.10,192.168.1.11,192.168.1.12"

Configure port lists:

Configuration → Port Lists
Click "New Port List"
Name: Web Ports
Ports: 80,443,8080,8443
Save

Create credential profiles for authenticated scanning:

Configuration → Credentials
Click "New Credential"
Name: Domain Admin
Type: Username + Password
Username: administrator
Password: SecurePassword
Save

Alternatively, add SSH credentials for deeper scanning:

Configuration → Credentials
Click "New Credential"
Name: SSH Access
Type: Username + Private Key
Username: root
Private Key: (upload key file)
Passphrase: (if encrypted)
Save

Scan Configurations

Create and customize scan profiles for different scanning scenarios.

View available scan configurations:

Scans → Scan Configs
Shows predefined configurations

Common configurations:

- Full and very deep
- Full and deep
- Full
- Discovery
- Mobile (Android)
- Compliance: PCI DSS
- Compliance: GDPR

Create custom configuration:

Scans → Scan Configs
Click "New Scan Config"
Name: Internal Network Full Scan
Base Config: Full and Very Deep
NVTs to run: All
Timeout: 300 seconds
Allow simultaneous scanning: checked
Save

Configure scanning options:

Scans → Scan Configs → Edit
Preferences:
  - Timeout per host: 300 seconds
  - Timeout per NVT: 30 seconds
  - Maximum number of checks: 10
  - Max number of parallel checks per host: 4
  - Open ports only: checked
Save

Creating and Running Scans

Execute vulnerability scans against defined targets.

Create a new scan:

Scans → Scans
Click "New Scan"
Name: Weekly Production Scan
Task: Create a new task
Scan Config: Internal Network Full Scan
Target: Production Servers
Credentials: (select if available)
Schedule: Weekly (if scheduling)
Start immediately: checked
Save

Monitor scan progress:

Scans → Scans
Shows percentage complete and time elapsed

View real-time scan activity:

tail -f /var/log/openvas/openvasmd.log

Watch for completed scans:

Scans → Scans
Column "Severity" shows vulnerability counts

View scan details:

Scans → Scans → (select scan)
Shows timeline, results, task details

Export scan results:

Scans → Scans → (select scan)
Download as: PDF, XML, CSV, TXT

Scan Scheduling

Automate regular vulnerability scanning.

Create a scheduled scan:

Scans → Scans
Click "New Scan"
Schedule: Create new schedule
Name: Daily Scan
Period: Daily
Start Time: 02:00
Duration: Run indefinitely
Save

Configure recurring schedules:

Schedules → Schedules
Click "New Schedule"
Name: Weekly Friday Scan
Period: Weekly
Day of Week: Friday
Time: 22:00
Duration: 12 hours
Save

Assign schedule to scan:

Scans → Scans → (select scan) → Edit
Schedule: Weekly Friday Scan
Apply

Monitor scheduled scan execution:

Scans → Tasks
Shows all scheduled tasks and last execution

View schedule history:

grep "Starting task" /var/log/openvas/openvasmd.log | tail -20

Reports and Results

Generate and analyze vulnerability reports.

View scan results:

Scans → Scans → (select scan)
Shows all vulnerabilities discovered

Filter results by severity:

Scans → Scans → (select scan)
Filter by: High, Medium, Low
Shows only selected severity levels

Export comprehensive report:

Scans → Scans → (select scan) → Download
Format options:
  - PDF Report
  - XML Report
  - CSV Table
  - TXT Text

Create detailed vulnerability assessment report:

openvasmd --get-nvts | openvasmd --create-report

View vulnerability details:

Scans → Scans → (select scan) → (select vulnerability)
Shows:
  - Description
  - CVSS Score
  - Solution/Remediation
  - References (CVE, CWE)
  - Affected systems

Generate compliance report:

Reports → Reports
Click "New Report"
Configuration: Compliance: PCI DSS
Target: Production Servers
Scan: (select completed scan)
Download

Advanced Features

Implement advanced OpenVAS features for comprehensive security management.

Configure OpenVAS for multi-site environments:

sudo nano /etc/openvas/openvasmd.conf

Add:

# High availability
ha_mode = enabled
sqlite_extensions_path = /usr/lib/sqlite3/

# Performance
task_limit = 0
scheduler_enabled = yes

Enable role-based access control:

Administration → Users
Create user: analyst
Role: User
Can access: Specific organizations

Configure TLS certificate pinning for secure communication:

sudo openvas-manager -generate-certs --cert-lifetime=3650

Integrate with external tools:

Administration → Settings
OpenVAS API: Enable
API Port: 9392

Setup email notifications:

Configuration → System Settings
Email Server: smtp.example.com
Email Port: 587
Email From: [email protected]

Configure backup and restore:

sudo openvasmd --backup=/tmp/openvas-backup.xml
sudo openvasmd --restore=/tmp/openvas-backup.xml

Conclusion

OpenVAS provides comprehensive vulnerability assessment and management capabilities for identifying and remediating security weaknesses. By following this guide, you've installed and configured the Greenbone Vulnerability Manager, synchronized vulnerability feeds for current threat data, defined scan targets and credentials for accurate assessment, created and customized scan configurations, executed automated scanning, scheduled recurring assessments, and generated detailed vulnerability reports. Regular vulnerability scanning combined with prompt remediation creates a strong security posture. Whether protecting small networks or large enterprises, OpenVAS scales with flexible scheduling, detailed reporting, and integration capabilities for comprehensive vulnerability management.