openvas 配置更新

配置最快源

本次環境爲ubuntu 14.04 32bit 本次實驗用的是mirrors.163.com

sudo vim /etc/apt/sources.list

用所有替換命令替換原有的網址

%s/mirrors.163.com/mirror.ubuntu.org/g

替換後更新下

apt-get update

安裝openvas

下面所有摘抄自：這裏

root模式配置安裝源

echo "deb http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/ ./" >> /etc/apt/sources.list
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/Release.key
apt-key add ./Release.key
sudo apt-get update

快速安裝openvas

apt-get -y install greenbone-security-assistant openvas-cli openvas-manager openvas-scanner openvas-administrator sqlite3 xsltproc rsync
apt-get -y install texlive-latex-base texlive-latex-extra texlive-latex-recommended htmldoc
apt-get -y install alien rpm nsis fakeroot

快速啓動openvas

test -e /var/lib/openvas/CA/cacert.pem  || openvas-mkcert -q
openvas-nvt-sync
test -e /var/lib/openvas/users/om || openvas-mkcert-client -n om -i
/etc/init.d/openvas-manager stop
/etc/init.d/openvas-scanner stop
openvassd
openvasmd --rebuild
openvas-scapdata-sync
openvas-certdata-sync

下面是設置openvas密碼的，記得輸入密碼

test -e /var/lib/openvas/users/admin || openvasad -c add_user -n admin -r Admin

killall openvassd
sleep 15
/etc/init.d/openvas-scanner start
/etc/init.d/openvas-manager start
/etc/init.d/openvas-administrator restart
/etc/init.d/greenbone-security-assistant restart

更新漏洞庫

參照這裏

支持在線以及離線更新兩種模式，可根據實際狀況選擇，建議使用定時任務在線更新。

在線更新

使用以下命令，增量更新：

openvas-nvt-sync

該命令支持rsync，wget，curl

離線更新

只需按期下載漏洞庫壓縮包解壓覆蓋到以下目錄：

/var/lib/openvas/plugins/

壓縮包地址（約14.6Mb）：http://www.openvas.org/openvas-nvt-feed-current.tar.bz2

商業支持

一、opevas培訓

二、openvas框架開發

三、openvas NVT漏洞庫開發

四、基於openvas的掃描設備：特殊定製設備，能夠在10分鐘完成500~5000個ip掃描，具體能夠參見：這裏

其餘設置

添加Slave

配置端口監聽IP（old）

'注意下面設置已經被新設置替換，注意下一條New 按照以上步驟，安裝一臺openvas機器，須要注意的是，openvas默認是監聽127.0.0.1的端口，以下所示：

/usr/sbin/openvasmd --database=/var/lib/openvas/mgr/tasks.db --listen=127.0.0.1 --port=9390 --slisten=127.0.0.1 --sport=9391
/usr/sbin/openvasad --listen=127.0.0.1 --port=9393 --users-dir=/var/lib/openvas/users --scanner-config-file=/etc/openvas/openvassd.conf --sync-script=/usr/sbin/openvas-nvt-sync
/usr/sbin/gsad --listen=127.0.0.1 --port=9392 --alisten=0.0.0.0 --aport=9393 --mlisten=127.0.0.1 --mport=9390

能夠經過kill掉原有進程，而後將上述監聽IP改爲0.0.0.0便可（測試環境，生產環境可設置對應的監聽ip）以下所示：

openvassd
/usr/sbin/openvasmd --database=/var/lib/openvas/mgr/tasks.db --listen=0.0.0.0 --port=9390 --slisten=0.0.0.0 --sport=9391
/usr/sbin/openvasad --listen=0.0.0.0 --port=9393 --users-dir=/var/lib/openvas/users --scanner-config-file=/etc/openvas/openvassd.conf --sync-script=/usr/sbin/openvas-nvt-sync
/usr/sbin/gsad --listen=0.0.0.0 --port=9392 --alisten=0.0.0.0 --aport=9393 --mlisten=0.0.0.0 --mport=9390

也能夠經過編輯其服務文件中listen項爲固定值，例如：

[ "$DATABASE_FILE" ]   && DAEMONOPTS="--database="$DATABASE_FILE
[ "$MANAGER_ADDRESS" ] && DAEMONOPTS="$DAEMONOPTS --listen=$MANAGER_ADDRESS"
[ "$MANAGER_PORT" ]    && DAEMONOPTS="$DAEMONOPTS --port=$MANAGER_PORT"
[ "$SCANNER_ADDRESS" ] && DAEMONOPTS="$DAEMONOPTS --slisten=$SCANNER_ADDRESS"
[ "$SCANNER_PORT" ]    && DAEMONOPTS="$DAEMONOPTS --sport=$SCANNER_PORT"

配置端口監聽IP（new）

經過查找發現這裏有詳細說明，原來openvass的默認配置文件位於/etc/default下面：

openvas-administrator  openvas-manager  openvas-scanner  greenbone-security-assistant

共四個文件，描述以下：

/etc/default/openvas-administrator //管理員：負責管理配置信息，用戶受權等相關工做，默認監聽地址爲127.0.0.1，端口爲9393

/etc/default/openvas-manager //管理器：與接口通訊，分配掃描任務，並根據掃描結果生成評估報告，默認端口爲9390

/etc/default/openvas-scanner //掃描器：調用各類漏洞測試插件，執行分配的掃描操做，默認端口爲9391

/etc/default/greenbone-security-assistant //訪問web 端接口(gsad):訪問opebvas 服務層的web 接口，默認監聽地址爲127.0.0.1，端口爲9392

下面是各個文件的具體內容，只須要把127.0.0.1改爲須要的ip便可，容許全部就使用0.0.0.0

root@ubuntu:/etc/default# grep -v "^#" openvas-manager
DATABASE_FILE=/var/lib/openvas/mgr/tasks.db
MANAGER_ADDRESS=127.0.0.1
MANAGER_PORT=9390
SCANNER_ADDRESS=127.0.0.1
SCANNER_PORT=9391

root@ubuntu:/etc/default# grep -v "^#" openvas-administrator
ADMINISTRATOR_ADDRESS=127.0.0.1
ADMINISTRATOR_PORT=9393
USER_DATA=/var/lib/openvas/users
SCANNER_CONFIG=/etc/openvas/openvassd.conf
SYNC_SCRIPT=/usr/sbin/openvas-nvt-sync

root@ubuntu:/etc/default# grep -v "^#" openvas-scanner
SCANNER_ADDRESS=127.0.0.1
SCANNER_PORT=9391

root@ubuntu:/etc/default# grep -v "^#" greenbone-security-assistant
GSA_ADDRESS=127.0.0.1
GSA_PORT=9392
ADMINISTRATOR_ADDRESS=127.0.0.1
ADMINISTRATOR_PORT=9393
MANAGER_ADDRESS=127.0.0.1
MANAGER_PORT=9390

登陸web控制檯添加slave

訪問主服務器https://masterip:9392，登陸後打開Configuration--Slaves項，然點擊「五角星」標誌進入添加界面，輸入slave的IP、端口、帳戶、密碼便可添加成功

具體能夠參見：這裏

配置slave掃描任務

Scan Management項中選擇New Task，而後再Slave中選中須要的slave主機便可。

掃描結果

slave在掃描完成後，不保存掃描結果，而是在主服務器上查看。每一個掃描有一個單獨的掃描報告。

配置告警

在Configuration中的Alerts配置郵件等方式告警

配置定時掃描

在Configuration中的Schedules配置定時掃描任務

查看openvassd.conf配置文件

root@ubuntu:/home/aj# openvassd -s
plugins_folder = /var/lib/openvas/plugins
cache_folder = /var/cache/openvas
include_folders = /var/lib/openvas/plugins
max_hosts = 30
max_checks = 10
be_nice = no
logfile = /var/log/openvas/openvassd.messages
log_whole_attack = no
log_plugins_name_at_load = no
dumpfile = /var/log/openvas/openvassd.dump
rules = /usr/share/openvas/openvassd.rules
cgi_path = /cgi-bin:/scripts
port_range = default
optimize_test = yes
checks_read_timeout = 5
network_scan = no
non_simult_ports = 139, 445
plugins_timeout = 320
safe_checks = yes
auto_enable_dependencies = yes
silent_dependencies = no
use_mac_addr = no
save_knowledge_base = no
kb_restore = no
only_test_hosts_whose_kb_we_dont_have = no
only_test_hosts_whose_kb_we_have = no
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
slice_network_addresses = no
nasl_no_signature_check = yes
drop_privileges = no
unscanned_closed = yes
vhosts = 
vhosts_ip = 
report_host_details = yes
cert_file = /var/lib/openvas/CA/servercert.pem
key_file = /var/lib/openvas/private/CA/serverkey.pem
ca_file = /var/lib/openvas/CA/cacert.pem
reverse_lookup = no
config_file = /etc/openvas/openvassd.conf

常見問題

在這裏將遇到的相關問題記錄，解決方法並未確認是很是準確的。

Openvas Service Temporarily Down(503)

參見這裏 503 - Service temporarily down

openvas-mkcert-client -n om -i
openvas-nvt-sync --wget
/etc/init.d/openvas-scanner stop; /etc/init.d/openvas-manager stop;
openvassd
rm /var/lib/openvas/mgr/tasks.db
openvasmd --progress --rebuild -v

SecInfo Database Missing

打開SecInfo欄，下面全部NVTs、CVEs均顯示數據庫丟失，以下所示：

SecInfo Management---CVEs
Warning: SecInfo Database Missing
SCAP and/or CERT database missing on OMP server.

經過官方郵件列表找到解決方法，首先下載三個文件，放到/usr/share/openvas/cert/目錄下面：

sudo wget https://scm.wald.intevation.org/svn/openvas/trunk/openvas-manager/tools/cert_db_init.sql --no-check-certificate
sudo wget https://scm.wald.intevation.org/svn/openvas/trunk/openvas-manager/tools/dfn_cert_getbyname.xsl --no-check-certificate
sudo wget https://scm.wald.intevation.org/svn/openvas/trunk/openvas-manager/tools/dfn_cert_update.xsl --no-check-certificate

而後用root帳戶運行下面命令：

openvas-certdata-sync

更新後重啓openvas-scanner服務

/etc/init.d/openvas-scannerrestart

發送郵件失敗

檢測openvas服務器是否安裝sendmail，如未安裝，請按照sendmail配置便可

附件大於1M沒法發送

配置掃描完成後，自動發送pdf格式掃描報告到郵箱，若掃描報告超過1MB，則提示以下：

Note: The report exceeds the maximum attachment length of 1048576 bytes.

開始判斷是sendmail問題，經過調整sendmail附件大小，問題依舊，經過grep搜索關鍵字，在/usr/sbin/openvasmd中搜索到相應關鍵字：

... (report truncated after 20000 characters)
^@Note: This report exceeds the maximum length of ^@^@^@^@^@^@^@^@Note: The report exceeds the maximum attachment length of ^@^@^@^@^@^@--=-=-=-=-=    
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Disposition: inline

無具體大小修改，因而下載openvas-manager源碼包，解壓，查找10048576值

wget http://wald.intevation.org/frs/download.php/1795/openvas-manager-5.0.5.tar.gz
tar zxvf openvas-manager-5.0.5.tar.gz 
cd openvas-manager-5.0.5
grep -nr 1048576 *

而後在manage_sql.c的7661行找到最大附件值：

src/manage_sql.c:7661:#define MAX_ATTACH_LENGTH 1048576

打開查看上下文，肯定是郵件附件限制參數，修改1048576增長兩個零，以下：

7658 /**
7659  * @brief Default max number of bytes of reports attached to email alerts. 
7660  */ 
7661 #define MAX_ATTACH_LENGTH 104857600 
7662  
7663 /** 
7664  * @brief Maximum number of bytes of reports attached to email alerts. 
7665  * 
7666  * A value less or equal to 0 allows any size. 
7667  */
7668 static int max_attach_length = MAX_ATTACH_LENGTH;

而後從新編譯openvas-manager便可解決問題

附編譯安裝openvas-manager

編譯安裝openvas-libraries

apt-get install pkg-config libssh-dev libgnutls-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev librarian-dev
wget http://wald.intevation.org/frs/download.php/1787/openvas-libraries-7.0.5.tar.gz
tar zxvf openvas-libraries-7.0.5.tar.gz
cd openvas-libraries-7.0.5
mkdir build
cd build
export PKG_CONFIG_PATH=/usr/local/openvas/lib/pkgconfig:$PKG_CONFIG_PATH
export CFGLAGS='-L/usr/local/openvas/lib -I/usr/local/openvas/include'
cmake -DCMAKE_INSTALL_PREFIX=/usr/local/openvas -DCMAKE_INSTALL_RPATH=/usr/local/openvas/lib ..
make
make install

編譯安裝openvas-manager

wget http://wald.intevation.org/frs/download.php/1795/openvas-manager-5.0.5.tar.gz
tar zxvf openvas-manager-5.0.5.tar.gz
cd openvas-manager-5.0.5
mkdir build
cd build
export CC='gcc -Wl,-rpath,/usr/local/openvas/lib64 -Wl,-rpath,/usr/local/openvas/lib'
export PKG_CONFIG_PATH=/usr/local/openvas/lib/pkgconfig:/usr/local/openvas/lib64/pkgconfig
export CFLAGS="-I/usr/local/openvas/include"
cmake -DCMAKE_INSTALL_PREFIX=/usr/local/openvas -DCMAKE_INSTALL_RPATH=/usr/local/openvas/lib ..
make
make install

運行omp失敗

root@eqx-sec-1:~# omp
Failed to setlocale

經過配置locale解決：

locale-gen en_US en_US.UTF-8 zh_CN.UTF-8
dpkg-reconfigure locales

omp命令

建立一個掃描目標：

aj@aj:~$ omp -u admin -w ajcheng --xml='
<create_target>
<name>Test</name>
<hosts>192.168.110.09</hosts>
</create_target>
'
<create_target_response id="947faab6-bc83-44f7-927a-aa78ada3c446" status_text="OK, resource created" status="201"></create_target_response>

建立一個掃描任務： 獲取掃描策略ID

aj@aj:~$ omp -u admin -w ajcheng -g
085569ce-73ed-11df-83c3-002264764cea  empty
daba56c8-73ec-11df-a475-002264764cea  Full and fast
698f691e-7489-11df-9d8c-002264764cea  Full and fast ultimate
708f25c4-7489-11df-8094-002264764cea  Full and very deep
74db13d6-7489-11df-91b9-002264764cea  Full and very deep ultimate

獲取掃描目標ID（建立時候返回ID）

947faab6-bc83-44f7-927a-aa78ada3c446

建立掃描任務

aj@aj:~$ omp -u admin -w ajcheng --xml='
<create_task>
>    <name>Scan Test</name>
>    <comment>Hourly scan of Test</comment>
>    <config id="daba56c8-73ec-11df-a475-002264764cea"/>
>    <target id="947faab6-bc83-44f7-927a-aa78ada3c446"/>
>  </create_task>
> '
<create_task_response id="e013ce8b-e822-4d9a-b784-a33f56874b1c" status_text="OK, resource created" status="201"></create_task_response>

建立一個定時掃描任務：

aj@aj:~$ omp -u admin -w ajcheng --xml='
 <create_schedule>
>    <name>Every night</name>
>    <first_time>
>      <day_of_month>9</day_of_month>
>      <hour>22</hour>
>      <minute>0</minute>
>      <month>12</month>
>      <year>2014</year>
>    </first_time>
>    <duration>
>      3
>      <unit>hour</unit>
>    </duration>
>    <period>
>      1
>      <unit>day</unit>
>    </period>
>  </create_schedule>
> '
<create_schedule_response id="9d85be5b-e621-41ba-a003-b974c33f0726" status_text="OK, resource created" status="201"></create_schedule_response>

開啓一個掃描任務

<start_task task_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>

獲取Report

omp -u admin -w openvas@vobile --xml='<get_reports report_id="60a7e37b-fd8b-462d-9cb1-8250ed59e79b"  format_id="c402cc3e-b531-11e1-9163-406186ea4fc5"/>' |tee ip.log