How to install OpenVAS on Red Hat Linux

OpenVAS is a framework of different services and tools for vulnerability scanning and vulnerability management. With vulnerability management, you look through the eyes of a potential attacker at your infrastructure. The goal is to find potential security issues before attackers will find them. In this tutorial, I show you how to install OpenVAS on Linux.

Table of Contents

Introduction

In this tutorial, we will use the free community edition of OpenVAS. For commercial use, I recommend getting the enterprise edition. It's also possible to get a fully installed VM from the website of the vendor but we will build it all from the scratch on a rocky-linux vm.

Installing Rocky Linux

First of all, you‘ll need to get the newest rocky-linux minimal image from the website of the project. Just download the image and install a new rocky VM. In our case, we use Oracle VirtualBox.

Preparing

First of all, we check for the latest update of the OS:

sudo dnf update -y

The installer will now install all the latest updates for our system. Dependent on your internet connection and build-state of the image it can take some time.

We‘ll also need to install wget. It’s not included in the minimal installation of rocky-Linux.

sudo dnf install wget -y

Enable Power Tools and Install Epel

Powertools provides developer-related tools and libraries. Some of the needed EPEL packages depend on PowerTools packages, so we need to enable them first.

sudo dnf config-manager – set-enabled powertools
Code language: JavaScript (javascript)

After this, we have to install EPEL (EPEL stands for Extra Packages for Enterprise Linux). This is the most important package source for RHEL and CentOS-Users.

sudo dnf install epel-release.noarch -y
Code language: CSS (css)

After this we run another update, just to be safe.

sudo dnf update -y

Install Atomic Yum Repository

The Atomic or A.R.T. (Atomic Rocket Turtle) RPM repository is an open-source unsupported archive of software packages specifically for the CentOS and Redhat communities.

wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh
Code language: JavaScript (javascript)
OpenVAS Tutorial

We agree to the terms of use with yes and enable the repo by default.

OpenVAS Tutorial

Install OpenVAS

Now it’s time to install the gvm-scanner.

sudo dnf install gvm -y

There are around 400 packages to install this can take some time. 

Configure GVM

Before we start to configure gvm it’s important to disable SELinux, otherwise, the configure-process will not continue.

sudo sed -i 's/=enforcing/=disabled/' /etc/selinux/config
Code language: JavaScript (javascript)

It’s time for a reboot so that changes take effect.

sudo shutdown –r now

After this, we start the configuration of gvm.

gvm-setup

During this process, gvm will update the Network Vulnerability Tests feed from the Greenbone Security Feed/Community Feed this can take some time depending on your internet connection.

Take a coffee-break ☺

After the update process, you’ll need to set an admin password for the web-gui.

OpenVAS Tutorial

Getting Started

And you’re ready to start. You can access the web interface with your server/vm-ip in your browser.

https://your-ip-adress

OpenVAS Tutorial

You can log in with the admin credentials that you set while the installation.

OpenVAS Tutorial

Conclusion

This is how to install OpenVAS on Red Hat Linux.

This article was written by Max Wilke, who regularly writes over at his own blog.

4 thoughts on “How to install OpenVAS on Red Hat Linux”

  1. Hi there, huge thanks for this tutorial!
    Though I've ran into a little problem. The feed status says for all types "Update in progres..." Any idea how I can check what is going wrong here?

    Reply
    • Hello!
      If I understand it right, does the update feed process hang off?
      Have you any output in the logs?

      You can come over to the ceos3c-discord, there we can have a short talk about your specific problem.

      Regards,
      Max

      Reply
      • Thank you for your response Max,

        It turned out to be a firewall setting that needed to be set. Problem solved!
        Will join the discord though 🙂

        Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.