OpenVAS (Open Vulnerability Assessment System) is an open-source vulnerability scanning tool that helps identify security risks in your systems. This guide explains how to install OpenVAS on an Ubuntu VPS, configure it for security scanning, and provides an example of how to use it to detect vulnerabilities.
12 min
Edited:13-10-2024
OpenVAS is part of the Greenbone Vulnerability Management (GVM) framework. It provides a full-fledged suite for vulnerability scanning, which includes automated detection, management, and reporting. OpenVAS is used by security professionals to scan systems for known vulnerabilities and security misconfigurations. It continuously updates its database with the latest vulnerability information, making it a reliable tool for maintaining server security.
Enforcing: SELinux policy is enforced, and access violations are denied.
Open-Source: Free and open-source, making it accessible for small and large businesses alike.
Regular Updates: The vulnerability database is regularly updated to include newly discovered security flaws.
Detailed Reporting: Generates comprehensive reports that make it easier to understand vulnerabilities and take action to resolve them.
Before diving into the use of OpenVAS, we need to install and configure it on an Ubuntu VPS. The installation process involves setting up the OpenVAS package, starting its services, and configuring the system.
Before installing any software, ensure that your Ubuntu system is up to date:
1. sudo apt update sudo apt upgrade
Ubuntu does not include OpenVAS in its default repositories, so you need to add the appropriate repository from the Greenbone project.
1. sudo add-apt-repository ppa:mrazavi/gvm
Update the repository list after adding it:
1. sudo apt update
Now, install the Greenbone Vulnerability Manager (GVM), which includes OpenVAS and related services:
1. sudo apt install gvm
After installation, OpenVAS needs to initialize its setup. This includes configuring the database, downloading vulnerability feeds, and setting up the necessary services. Run the following command to start the initialization process:
1. sudo gvm-setup
This step might take some time as OpenVAS needs to download and synchronize the vulnerability feeds from the Greenbone community.
Once the setup is complete, start the OpenVAS services:
1. sudo gvm-start
You can check the status of OpenVAS using:
1. sudo gvm-check-setup
This command will check if all services are running and report any issues.
By default, OpenVAS provides a web-based interface (GSA – Greenbone Security Assistant) for managing scans. You can access it by navigating to:
1. https://<your-server-ip>:9392
The default login credentials are:
1 - Username: admin
2 - Password: The password is generated during the setup process and can be retrieved using the following command:
1. sudo cat /var/lib/gvm/users/admin/password
Once logged in, you’ll be presented with the OpenVAS dashboard, where you can start running scans and view reports.
Before running scans, it’s useful to configure OpenVAS to ensure that it is tailored to your needs.
Make sure that your OpenVAS installation is using the latest vulnerability feeds. You can update the feeds manually using the following command:
1. sudo greenbone-nvt-sync
This command updates the Network Vulnerability Tests (NVT) database, which is used to detect vulnerabilities.
A target in OpenVAS is the system or network that you want to scan for vulnerabilities. To create a target:
1 - In the OpenVAS web interface, click on Scans from the sidebar.
2 - Select New Target.
3 - Enter a name for your target and specify the IP address or hostname of the system you want to scan (e.g., your VPS IP).
4 - Save the target.
After defining a target, you can create a scan task to start scanning:
1 - In the OpenVAS interface, go to Scans > Tasks.
2 - Click New Task.
3 - Give the task a name, select the target created earlier, and choose the type of scan (e.g., Full and Fast).
4 - Click Create to save the task.
Now that OpenVAS is installed and configured, let's walk through an example of running a vulnerability scan on your Ubuntu VPS.
1- From the Tasks page, locate the scan task you created.
2- Click the play button to start the scan.
OpenVAS will begin scanning the target system for known vulnerabilities. The time it takes to complete the scan depends on the size of the target and the selected scan type.
You can monitor the progress of the scan in real-time. The interface will show the status, including the number of vulnerabilities detected during the scan.
Once the scan is complete, you can view detailed reports by:
1- Going to Scans > Reports.
2- Selecting the completed task.
3- Clicking View Report.
The report will contain detailed information about each vulnerability found, including its severity (Low, Medium, High, or Critical), a description of the vulnerability, and suggestions for remediation.
A typical scan report might look like this:
1. Task Name: Full and Fast
2. Status: Completed
3. Vulnerabilities Detected: 5
4. Severity Level:
5. - 1 Critical
6. - 2 High
7. - 1 Medium
8. - 1 Low
9. Example Vulnerability:
10. - Title: Apache HTTP Server Outdated Version Detected
11. - Severity: High
12. - Description: The target system is running an outdated version of Apache HTTP Server that is vulnerable to various attacks.
13. - Solution: Update Apache to the latest version.
The report will provide a detailed breakdown of each detected vulnerability, along with its impact and recommended mitigation steps.
To regularly scan your systems, you can schedule automated scans. OpenVAS allows you to schedule scans at regular intervals (e.g., daily, weekly, or monthly).
To schedule a scan:
1. In the Tasks section, select the task you want to schedule.
2. Click on the Schedule tab.
3. Set the time and frequency for the scan.
4. Save the schedule.
OpenVAS will now run the scan automatically according to your specified schedule, ensuring regular vulnerability assessments of your systems.
OpenVAS is a powerful and comprehensive tool for securing your Ubuntu VPS by identifying vulnerabilities and security weaknesses. With the step-by-step instructions provided in this guide, you can install and configure OpenVAS, run scans, and analyze reports to protect your server from potential threats. Regular vulnerability assessments with OpenVAS can help you stay ahead of emerging security risks and ensure that your systems remain secure.
14-10-2024
This article offers a detailed guide on installing and configuring IPTables on an Ubuntu VPS. IPTables is a powerful firewall tool that helps secure your server by controlling inbound and outbound traffic. Learn how to set up rules for traffic filtering, configure basic security policies, and apply custom rules to protect your VPS.
IPtables
security
12 min
This article offers a comprehensive guide on installing and configuring ModSecurity, a powerful web application firewall (WAF), on an Ubuntu VPS. Learn how to secure your server by filtering and monitoring HTTP requests, set up ModSecurity with Nginx or Apache, and apply rules to protect against common web attacks.
Modsecurity
security
10 min
14-10-2024
This article provides a comprehensive guide on installing and configuring PHP-FPM (FastCGI Process Manager) on an Ubuntu VPS. Learn how to optimize PHP performance for your web applications by configuring PHP-FPM with Nginx or Apache, managing pools, and fine-tuning settings for efficient processing of PHP scripts.
PHP-FPM
speed
optimise
12 min