OpenVAS Vulnerability Scanner Instalación

OpenVAS (Open Vulnerability Assessment Scanner) is a comprehensive vulnerability scanning and management platform that identifies security weaknesses in redes and systems. Basado en the Greenbone Vulnerability Gestión architecture, OpenVAS proporciona sophisticated scanning capabilities, detailed vulnerability assessment, compliance checking, and remediation recommendations. Esta guía cubre installing the Greenbone Vulnerability Manager, synchronizing vulnerability feeds, configuring scan targets, scheduling automated scans, and generating comprehensive reports.

Tabla de Contenidos

• System Requirements
• Instalación
• Initial Configuración
• Feed Synchronization
• Scan Targets
• Scan Configurations
• Creating and Running Scans
• Scan Scheduling
• Reports and Results
• Avanzado Features
• Conclusión

System Requirements

OpenVAS requires substantial system resources for scanning and data processing:

• 64-bit processor (4+ cores recommended)
• 8 GB RAM minimum (16 GB+ for large deployments)
• 100 GB disk space (more for feed almacenamiento and historical data)
• Linux kernel 4.4 or newer
• Stable internet connectivity for feed updates
• GCC compiler and development libraries

Verifica system capabilities:

uname -r
nproc
free -h
df -h /

Instalación

Instala OpenVAS using the official Greenbone repositories.

For Ubuntu 22.04 LTS:

sudo apt-get update
sudo apt-get install -y curl gnupg software-properties-common
curl -fsSL https://openvas.org/release-key.asc | sudo gpg --dearmor -o /usr/share/keyrings/greenbone.gpg
echo "deb [signed-by=/usr/share/keyrings/greenbone.gpg] http://openvas.org/packages/ubuntu focal main" | sudo tee /etc/apt/sources.list.d/openvas.list
sudo apt-get update
sudo apt-get install -y openvas

For Debian 11:

sudo apt-get update
sudo apt-get install -y curl gnupg
curl -fsSL https://openvas.org/release-key.asc | sudo gpg --dearmor -o /usr/share/keyrings/greenbone.gpg
echo "deb [signed-by=/usr/share/keyrings/greenbone.gpg] http://openvas.org/packages/debian bullseye main" | sudo tee /etc/apt/sources.list.d/openvas.list
sudo apt-get update
sudo apt-get install -y openvas

For CentOS/RHEL 8:

sudo yum install -y openvas

Alternatively, install from source:

cd /tmp
wget https://github.com/greenbone/openvas-scanner/archive/v21.4.0.tar.gz
tar xzf v21.4.0.tar.gz
cd openvas-scanner-21.4.0
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Release ..
make -j$(nproc)
sudo make install

Habilita and start servicios:

sudo systemctl enable openvas-scanner
sudo systemctl enable openvas-manager
sudo systemctl enable gsad
sudo systemctl start openvas-scanner
sudo systemctl start openvas-manager
sudo systemctl start gsad

Verifica installation:

sudo openvas --version
sudo systemctl status openvas-manager

Access the web interface at https://localhost:9392:

firefox https://localhost:9392 &

Default credentials:

• Username: admin
• Password: admin (change on first login)

Initial Configuración

Configura OpenVAS after installation for optimal performance.

Crea administrator user:

sudo openvasmd --create-user=admin --role=Admin

Set password:

sudo openvasmd --user=admin --new-password=SecurePassword123

Configura the scanner:

sudo nano /etc/openvas/openvas.conf

Key settings:

# Red access
listen = 0.0.0.0
puerto = 9391

# Certificate generation
cert_key_file = /etc/openvas/private/scanner_key.pem
cert_file = /etc/openvas/certs/scanner_cert.pem

# Maximum concurrent NVT (Red Vulnerability Prueba)
max_concurrent_nvts = 4

# Logging
log_level = 4
log_file = /var/log/openvas/scanner.log

Generate certificates:

sudo openvas-manager -generate-certs

Habilita remote authentication (optional):

sudo nano /etc/openvas/openvasmd.conf

Add:

allow_insecure = 0
serve_web = yes

Reinicia servicios:

sudo systemctl restart openvas-scanner
sudo systemctl restart openvas-manager

Feed Synchronization

Download and maintain the latest vulnerability definitions for accurate scanning.

Synchronize feeds manually:

sudo openvas-nvt-sync
sudo openvas-cert-sync
sudo openvas-scapdata-sync

Check feed update status:

sudo openvasmd --rebuild

View NVT count:

openvasmd --list-nvts | wc -l

Configura automatic feed updates via cron:

sudo crontab -e

Add:

0 */6 * * * /usr/bin/openvas-nvt-sync > /dev/null 2>&1
0 1 * * * /usr/bin/openvas-cert-sync > /dev/null 2>&1
0 2 * * * /usr/bin/openvas-scapdata-sync > /dev/null 2>&1

Monitorea sync progress:

tail -f /var/log/openvas/openvasmd.log | grep -i sync

Verifica feed age:

ls -la /var/lib/openvas/nvts/

Actualiza frequencies vary by subscription level:

• Community feeds: Daily updates
• Paid subscriptions: Multiple times daily

Scan Targets

Define the systems and redes to scan.

Add a scan target via web interface:

Configuración → Targets
Click "New Target"
Name: Production Servers
Permite Simultaneous Scanning: checked
Hosts: 192.168.1.0/24
Puerto List: Default
Save

Crea targets via command line:

openvasmd --create-target --make-overrides --name="Web Servers" --hosts="192.168.1.10,192.168.1.11,192.168.1.12"

Configura puerto lists:

Configuración → Puerto Lists
Click "New Puerto List"
Name: Web Puertos
Puertos: 80,443,8080,8443
Save

Crea credential profiles for authenticated scanning:

Configuración → Credentials
Click "New Credential"
Name: Domain Admin
Type: Username + Password
Username: administrator
Password: SecurePassword
Save

Alternatively, add SSH credentials for deeper scanning:

Configuración → Credentials
Click "New Credential"
Name: SSH Access
Type: Username + Private Key
Username: root
Private Key: (upload key file)
Passphrase: (if encrypted)
Save

Scan Configurations

Crea and customize scan profiles for different scanning scenarios.

View available scan configurations:

Scans → Scan Configs
Shows predefined configurations

Common configurations:

- Full and very deep
- Full and deep
- Full
- Discovery
- Mobile (Android)
- Compliance: PCI DSS
- Compliance: GDPR

Crea custom configuration:

Scans → Scan Configs
Click "New Scan Config"
Name: Internal Red Full Scan
Base Config: Full and Very Deep
NVTs to run: All
Timeout: 300 seconds
Permite simultaneous scanning: checked
Save

Configura scanning options:

Scans → Scan Configs → Edit
Preferences:
  - Timeout per host: 300 seconds
  - Timeout per NVT: 30 seconds
  - Maximum number of checks: 10
  - Max number of parallel checks per host: 4
  - Open puertos only: checked
Save

Creating and Running Scans

Ejecuta vulnerability scans against defined targets.

Crea a new scan:

Scans → Scans
Click "New Scan"
Name: Weekly Production Scan
Tarea: Crea a new tarea
Scan Config: Internal Red Full Scan
Target: Production Servers
Credentials: (select if available)
Schedule: Weekly (if scheduling)
Inicia immediately: checked
Save

Monitorea scan progress:

Scans → Scans
Shows percentage complete and time elapsed

View real-time scan activity:

tail -f /var/log/openvas/openvasmd.log

Watch for completed scans:

Scans → Scans
Column "Severity" shows vulnerability counts

View scan details:

Scans → Scans → (select scan)
Shows timeline, results, tarea details

Export scan results:

Scans → Scans → (select scan)
Download as: PDF, XML, CSV, TXT

Scan Scheduling

Automate regular vulnerability scanning.

Crea a scheduled scan:

Scans → Scans
Click "New Scan"
Schedule: Crea new schedule
Name: Daily Scan
Period: Daily
Inicia Time: 02:00
Duration: Ejecuta indefinitely
Save

Configura recurring schedules:

Schedules → Schedules
Click "New Schedule"
Name: Weekly Friday Scan
Period: Weekly
Day of Week: Friday
Time: 22:00
Duration: 12 hours
Save

Assign schedule to scan:

Scans → Scans → (select scan) → Edit
Schedule: Weekly Friday Scan
Apply

Monitorea scheduled scan execution:

Scans → Tareas
Shows all scheduled tareas and last execution

View schedule history:

grep "Starting tarea" /var/log/openvas/openvasmd.log | tail -20

Reports and Results

Generate and analyze vulnerability reports.

View scan results:

Scans → Scans → (select scan)
Shows all vulnerabilities discovered

Filtra results by severity:

Scans → Scans → (select scan)
Filtra by: High, Medium, Low
Shows only selected severity levels

Export comprehensive report:

Scans → Scans → (select scan) → Download
Format options:
  - PDF Report
  - XML Report
  - CSV Table
  - TXT Text

Crea detailed vulnerability assessment report:

openvasmd --get-nvts | openvasmd --create-report

View vulnerability details:

Scans → Scans → (select scan) → (select vulnerability)
Shows:
  - Description
  - CVSS Score
  - Solution/Remediation
  - References (CVE, CWE)
  - Affected systems

Generate compliance report:

Reports → Reports
Click "New Report"
Configuración: Compliance: PCI DSS
Target: Production Servers
Scan: (select completed scan)
Download

Avanzado Features

Implement advanced OpenVAS features for comprehensive security management.

Configura OpenVAS for multi-site environments:

sudo nano /etc/openvas/openvasmd.conf

Add:

# High availability
ha_mode = enabled
sqlite_extensions_path = /usr/lib/sqlite3/

# Performance
task_limit = 0
scheduler_enabled = yes

Habilita role-based access control:

Administration → Users
Crea user: analyst
Role: User
Can access: Specific organizations

Configura TLS certificate pinning for secure communication:

sudo openvas-manager -generate-certs --cert-lifetime=3650

Integrate with external tools:

Administration → Settings
OpenVAS API: Habilita
API Puerto: 9392

Configuración email notifications:

Configuración → System Settings
Email Server: smtp.example.com
Email Puerto: 587
Email From: [email protected]

Configura backup and restore:

sudo openvasmd --backup=/tmp/openvas-backup.xml
sudo openvasmd --restore=/tmp/openvas-backup.xml

Conclusión

OpenVAS proporciona comprehensive vulnerability assessment and management capabilities for identifying and remediating security weaknesses. By following this guide, you've installed and configured the Greenbone Vulnerability Manager, synchronized vulnerability feeds for current threat data, defined scan targets and credentials for accurate assessment, created and customized scan configurations, executed automated scanning, scheduled recurring assessments, and generated detailed vulnerability reports. Regular vulnerability scanning combined with prompt remediation creates a strong security posture. Whether protecting small redes or large enterprises, OpenVAS scales with flexible scheduling, detailed reporting, and integration capabilities for comprehensive vulnerability management.