OpenVAS是开放式漏洞评估系统,也可以说它是一个包含着相关工具的网络扫描器。其核心部件是一个服务器,包括一套网络漏洞测试程序,可以检测远程系统和应用程序中的安全问题。

  • 最新版本 Kali Linux 2016.2 中不再自带OpenVAS,需要自己安装和配置

系统要求

安装

更新系统

apt-get update  
apt-get upgrade  
apt-get dist-upgrade  

安装OpenVAS

apt-get install openvas  

安装配置OpenVAS (这一步需要的时间非常久,需要下载很多文件,建议最好挂个国外代理进行这一步操作,不然你可以喝10几杯咖啡了,嘿嘿)

openvas-setup  

检查安装 (如有提示错误的请按提示修复)

openvas-check-setup  

.如我安装时运行 openvas-check-setup 后 step 2 有报错 ...... OK: OpenVAS Manager database is at revision 146.
OK: OpenVAS Manager expects database at revision 146.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 51943 NVTs.
OK: At least one user exists.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
ERROR: No OpenVAS CERT database found. (Tried: /var/lib/openvas/cert-data/cert.db)
FIX: Run a CERT synchronization script like openvas-certdata-sync or greenbone-certdata-sync.
ERROR: Your OpenVAS-8 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
根据提示运行 openvas-check-setup 后解决 root@kalitest:~# openvas-certdata-sync
[i] This script synchronizes a CERT advisory directory with the OpenVAS one. [i] This script is for the SQLite3 backend. [i] CERT dir: /var/lib/openvas/cert-data [i] Will use rsync [i] Using rsync: /usr/bin/rsync [i] Configured CERT data rsync feed: rsync://feed.openvas.org:/cert-data OpenVAS community feed server - http://www.openvas.org/
This service is hosted by Greenbone Networks - http://www.greenbone.net/
All transactions are logged.
If you have any questions, please use the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.
By using this service you agree to our terms and conditions.
Only one sync per time, otherwise the source ip will be blocked.
receiving incremental file list
./ CB-K13.xml
1,430,197 100% 24.15kB/s 0:00:57 (xfr#1, to-chk=34/36) CB-K13.xml.asc
181 100% 176.76kB/s 0:00:00 (xfr#2, to-chk=33/36) CB-K14.xml
4,772,286 100% 22.20kB/s 0:03:29 (xfr#3, to-chk=32/36) CB-K14.xml.asc
181 100% 176.76kB/s 0:00:00 (xfr#4, to-chk=31/36) CB-K15.xml
6,117,922 100% 22.58kB/s 0:04:24 (xfr#5, to-chk=30/36) CB-K15.xml.asc
181 100% 176.76kB/s 0:00:00 (xfr#6, to-chk=29/36) ..... 修复后再次运行 openvas-check-setup 检查安装 ..... 看到 It seems like your OpenVAS-8 installation is OK. 安装完成

还记得在运行 openvas-setup 这步最后一行显示的 User created with password '47a7baeb-2f48-4fb9-9177-f6ba1fb058d8'. 嘛,这个密码显然不符合我们的使用习惯,改之

openvasmd --user admin --new-password xxxxxx  

升级

openvas-feed-update  

启动OpenVAS

openvas-start  

查看 GSAD services,OpenVAS manager, OpenVAS manager 端口情况

netstat -antp | grep 939*  
tcp        0      0 127.0.0.1:9392          0.0.0.0:*               LISTEN      20764/gsad  
tcp        0      0 127.0.0.1:9390          0.0.0.0:*               LISTEN      20769/openvasmd  
tcp        0      0 127.0.0.1:9391          0.0.0.0:*               LISTEN      20773/openvassd: Wa  

一切OK后使用浏览器访问 https://127.0.0.1:9392 应该可以看到

登录账号 admin 和你前面设置的密码

配置

设置OpenVAS服务器的地址

OpenVAS 在默认配置下,仅允许 127.0.0.1 地址本地连接

openvas-stop  

编辑 /lib/systemd/system/greenbone-security-assistant.service

nano /lib/systemd/system/greenbone-security-assistant.service  
[Unit]
Description=Greenbone Security Assistant  
Documentation=man:gsad(8) http://www.openvas.org/  
Wants=openvas-manager.service

[Service]
Type=simple  
PIDFile=/var/run/gsad.pid  
ExecStart=/usr/sbin/gsad --foreground --listen=127.0.0.1 --port=9392 --mlisten=127.0.0.1 --mport=9390

[Install]
WantedBy=multi-user.target  

修改 --listen=127.0.0.1 为 --listen=0.0.0.0

[Unit]
Description=Greenbone Security Assistant  
Documentation=man:gsad(8) http://www.openvas.org/  
Wants=openvas-manager.service

[Service]
Type=simple  
PIDFile=/var/run/gsad.pid  
ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=127.0.0.1 --mport=9390

[Install]
WantedBy=multi-user.target  

启动服务查看

systemctl daemon-reload  
openvas-start  
netstat -antp | grep 9392  
tcp        0      0 0.0.0.0:9392            0.0.0.0:*               LISTEN      23158/gsad  

支付宝打赏 微信打赏

若您觉得我的文章对你有帮助 欢迎点击上方按钮对我打赏

扫描二维码 分享此文章

yagami
yagami