Installation of OpenVAS is necessary on Ubuntu as it protects the server from unauthenticated access. OpenVAS is an open-source suite that can be used for vulnerability scanning and vulnerability management.
In this article, we discuss how we support our customers to install OpenVAS as part of our Server Management Services.
What is OpenVAS?
It stands for the Open Vulnerability Assessment System which helps to find any vulnerability on the server. It is an excellent alternative to commercial security scanners such as Nessus, QualysGuard, etc.
Again, OpenVAS is divided into three parts: OpenVAS Scanner, OpenVAS Manager, and OpenVAS CLI.
OpenVAS consists of,
- Database that stores results and configurations.
- A regularly updated feed of Network Vulnerability Tests (NVTs).
- Scanner, which runs the NVTs.
- The Greenbone Security Assistant, a graphical interface that allows you to manage vulnerability scans from a web application.
How to install and Configure OpenVAS on Ubuntu
Here, let’s see how our Support Engineers install OpenVAS on Ubuntu.
1. Initially, update the system by running the following commands,
apt-get update apt-get upgrade
2. Then, install required dependencies, Before installing OpenVAS, the following dependencies need to install on the Ubuntu server. To install them, run the following command,
apt-get install python-software-properties
3. Next, install SQLite for OpenVAS manager,
apt-get install sqlite3
4. By default, the OpenVAS package is not available in the Ubuntu repository, so it needs to add OpenVAS PPA to the system’s repository list.
5. After that update the repository.
6. Finally, install OpenVAS.
apt-get install openvas
7. After the installation of OpenVAS, start the OpenVAS service with the following commands,
service openvas-scanner start service openvas-manager start service openvas-gsa start
In addition, to access the OpenVAS web interface, the vulnerability database should be updated. Update the vulnerability database by using the following command.
Once the database is up-to-date, OpenVAS can access via a web browser by typing the URL. The OpenVAS web interface looks like,
How we Configure OpenVAS Remote Access
To access the Greenbone Security Assistant web interface remotely, it must configure to listen to the public IP address.
Therefore, our Support Engineers edit the configuration file under the /etc/init.d/openvas-gsa, and specify the public IP address like below,
DAEMON_ARGS= --listen "IP_ADDRESS"
At last, we save the changes and restart openvas-gsa.
service openvas-gsa restart
Install OpenVAS on Ubuntu – Common error and fix
Now, let’s see the major reasons for OpenVAS error and how our Support Engineers fix the top errors.
Improper firewall configuration
Importantly, if the server has firewall protection like UFW, CSF, OpenVAS needs to allow through the system firewall.
By default, OpenVAS runs on port 443 and it is necessary to allow this port through the firewall.
For Example, in UFW firewall,
ufw allow https
[Need assistance to manage OpenVAS? We’ll help you.]
In short, OpenVAS is a powerful tool that uses for vulnerability scanning and management. Today, we saw how our Support Engineers install OpenVAS on Ubuntu and fix the related errors.