Kali Linux 2016.2(Rolling) 安裝 OpenVAS

OpenVAS是開放式漏洞評估系統，也能夠說它是一個包含着相關工具的網絡掃描器。其核心部件是一個服務器，包括一套網絡漏洞測試程序，能夠檢測遠程系統和應用程序中的安全問題。

• 最新版本 Kali Linux 2016.2 中再也不自帶OpenVAS,須要本身安裝和配置

系統要求

• 源配置正確 參考

安裝

更新系統

apt-get update
apt-get upgrade
apt-get dist-upgrade

安裝OpenVAS

apt-get install openvas

安裝配置OpenVAS (這一步須要的時間很是久，須要下載不少文件，建議最好掛個國外代理進行這一步操做，否則你能夠喝10幾杯咖啡了，嘿嘿)

openvas-setup

檢查安裝 (若有提示錯誤的請按提示修復)

openvas-check-setup

.如我安裝時運行 openvas-check-setup 後 step 2 有報錯

......
OK: OpenVAS Manager database is at revision 146.
OK: OpenVAS Manager expects database at revision 146.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 51943 NVTs.
OK: At least one user exists.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
ERROR: No OpenVAS CERT database found. (Tried: /var/lib/openvas/cert-data/cert.db)
FIX: Run a CERT synchronization script like openvas-certdata-sync or greenbone-certdata-sync.
ERROR: Your OpenVAS-8 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation....
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
根據提示運行 openvas-check-setup 後解決
root@kalitest:~# openvas-certdata-sync
[i] This script synchronizes a CERT advisory directory with the OpenVAS one.
[i] This script is for the SQLite3 backend.
[i] CERT dir: /var/lib/openvas/cert-data
[i] Will use rsync
[i] Using rsync: /usr/bin/rsync
[i] Configured CERT data rsync feed: rsync://feed.openvas.org:/cert-data
OpenVAS community feed server - http://www.openvas.org/
This service is hosted by Greenbone Networks - http://www.greenbone.net/
All transactions are logged.
If you have any questions, please use the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.
By using this service you agree to our terms and conditions.
Only one sync per time, otherwise the source ip will be blocked.
receiving incremental file list
./
CB-K13.xml

1,430,197 100%   24.15kB/s    0:00:57 (xfr#1, to-chk=34/36)

CB-K13.xml.asc

181 100%  176.76kB/s    0:00:00 (xfr#2, to-chk=33/36)

CB-K14.xml

4,772,286 100%   22.20kB/s    0:03:29 (xfr#3, to-chk=32/36)

CB-K14.xml.asc

181 100%  176.76kB/s    0:00:00 (xfr#4, to-chk=31/36)

CB-K15.xml

6,117,922 100%   22.58kB/s    0:04:24 (xfr#5, to-chk=30/36)

CB-K15.xml.asc

181 100%  176.76kB/s    0:00:00 (xfr#6, to-chk=29/36)

.....
修復後再次運行 openvas-check-setup 檢查安裝
.....
看到 It seems like your OpenVAS-8 installation is OK.
安裝完成

還記得在運行 openvas-setup 這步最後一行顯示的 User created with password '47a7baeb-2f48-4fb9-9177-f6ba1fb058d8'. 嘛,這個密碼顯然不符合咱們的使用習慣，改之

openvasmd --user admin --new-password xxxxxx

升級

openvas-feed-update

啓動OpenVAS

openvas-start

查看 GSAD services，OpenVAS manager， OpenVAS manager 端口狀況

netstat -antp | grep 939
tcp        0      0 127.0.0.1:9392          0.0.0.0:*               LISTEN      20764/gsad
tcp        0      0 127.0.0.1:9390          0.0.0.0:*               LISTEN      20769/openvasmd
tcp        0      0 127.0.0.1:9391          0.0.0.0:*               LISTEN      20773/openvassd: Wa

一切OK後使用瀏覽器訪問 https://127.0.0.1:9392 應該能夠看到

登陸帳號 admin 和你前面設置的密碼

配置

設置OpenVAS服務器的地址

OpenVAS 在默認配置下，僅容許 127.0.0.1 地址本地鏈接

openvas-stop

編輯 /lib/systemd/system/greenbone-security-assistant.service

nano /lib/systemd/system/greenbone-security-assistant.service
[Unit]
Description=Greenbone Security Assistant
Documentation=man:gsad(8) http://www.openvas.org/
Wants=openvas-manager.service

[Service]
Type=simple
PIDFile=/var/run/gsad.pid
ExecStart=/usr/sbin/gsad --foreground --listen=127.0.0.1 --port=9392 --mlisten=127.0.0.1 --mport=9390

[Install]
WantedBy=multi-user.target

修改 --listen=127.0.0.1 爲 --listen=0.0.0.0

[Unit]
Description=Greenbone Security Assistant
Documentation=man:gsad(8) http://www.openvas.org/
Wants=openvas-manager.service

[Service]
Type=simple
PIDFile=/var/run/gsad.pid
ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=127.0.0.1 --mport=9390

[Install]
WantedBy=multi-user.target

啓動服務查看

systemctl daemon-reload
openvas-start
netstat -antp | grep 9392
tcp        0      0 0.0.0.0:9392            0.0.0.0:*               LISTEN      23158/gsad