About OpenVAS Server
The OpenVAS Server is the core application of the OpenVAS project. It is a scanner that runs many network vulnerability tests against many target hosts and delivers the results. It uses a communication protocol to have client tools (graphical end-user or batched) connect to it, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which need to be updated to cover recently identified security issues.
The server consists of 4 modules: openvas-libraries, openvas-libnasl, openvas-server and openvas-plugins. All need to be installed for a fully functional server.
OpenVAS server is a forked development of Nessus 2.2. The fork happened because the major development (Nessus 3) changed to a proprietary license model and the development of Nessus 2.2.x is practically closed for third party contributors. OpenVAS continues as Free Software under the GNU General Public License with a transparent and open development style.
Installing OpenVAS Server
Recommended: Once you installed OpenVAS Server, you should subscribe to the openvas-announce mailing list. It is a low-traffic list which helps you to follow all OpenVAS news and important changes.
ATTENTION: The current release still conflicts for some files with an installation of Nessus. Therefore you should either remove Nessus from your system or use "--prefix" to define a different location for installation.
ALSO NOTE: This documentation for OpenVAS-Server is still in an early
stage and might not cover all issues regarding server installation and
configuration. You should be able to install OpenVAS-Server if
you have ever worked with the "configure; make; make install"
mechanism. If you have trouble installing OpenVAS-Server, you are welcome to
join the openvas
mailing list and ask for support there.
Readily available installation packages
Debian "Sid" (unstable) and "Lenny" (testing)
OpenVAS server is currently being integrated into Debian. The following modules are already available:
- Debian Sid libopenvas1 package
- Debian Sid libopenvas1-dev package
- Debian Lenny libopenvas1 package
- Debian Lenny libopenvas1-dev package
You can install these modules with the following commands:
# apt-get install libopenvas1
# apt-get install libopenvas1-dev
ATTENTION: For the remaining modules you need to get the latest source tar-balls and compile them on your own.
Debian 4.0 "Etch" (stable)
The OpenVAS-Server modules are not official packages for the Debian 4.0 release ("Etch"). To help you to run OpenVAS-Server on Debian Etch, the OpenVAS project provides backports for some modules for Etch. You can install these modules on Debian Etch by following these steps:
Select the following resource and add the line to the file /etc/apt/sources.list on your system:
deb http://apt.intevation.de/ etch openvas
Then, update your package list and install the available modules: (Please note that some modules are not yet available as backports. You have to compile the remaining modules on your own.)
# apt-get update
# apt-get install libopenvas1
# apt-get install libopenvas1-dev
Note: If you know of further sources of backports, let the OpenVAS team know and they will be added to this list.
GentooThe ebuilds are in the Gentoo portage. To get the most recent packages simply run:
#emerge --sync
Because all OpenVAS packages are masked, you need to unmask the packages by keyword using one of the following ways:
- Edit /etc/portage/package.keywords and add the packages:
net-analyzer/openvas ~x86
net-analyzer/openvas-client ~x86
net-analyzer/openvas-libnasl ~x86
net-analyzer/openvas-libraries ~x86
net-analyzer/openvas-plugins ~x86
net-analyzer/openvas-server ~x86After that you can run:
#emerge net-analyzer/openvas # this will install the server and the client
#emerge net-analyzer/openvas-server #will only install the server with dependencies
#emerge net-analyzer/openvas-client #will only install the client with dependencies
- To emerge all masked OpenVAS packages together you can use the
following command:
# ACCEPT_KEYWORDS="~x86" emerge openvas
For the server package there are the following "USE-Flags": gtk tcpd debug prelude
Set them in the /etc/make.conf to enable the support e.g. for prelude:
USE="prelude"
or run it via the command line:
# ACCEPT_KEYWORDS="~x86" USE="prelude -debug" emerge openvas
OpenSUSE 10.2
In the download area you will find the files
- openvas-libraries-N.N.N-M.suse102.openvas.i586.rpm
- openvas-libnasl-N.N.N-M.suse102.openvas.i586.rpm
- openvas-server-N.N.N-M.suse102.openvas.i586.rpm
- openvas-plugins-N.N.N-M.suse102.openvas.i586.rpm
where N.N.N stands for the version of OpenVAS-Client and M for the package release number.
For installation follow these steps as user "root" (insert the most
current version numbers):
# rpm -i openvas-libraries-N.N.N-M.suse102.openvas.i586.rpm
Note that you need to restart openvasd after each reboot
and after each NVT synchronization.
# rpm -i openvas-libnasl-N.N.N-M.suse102.openvas.i586.rpm
# rpm -i openvas-server-N.N.N-M.suse102.openvas.i586.rpm
# rpm -i openvas-plugins-N.N.N-M.suse102.openvas.i586.rpm
# openvas-mkcert
# openvas-adduser
# openvas-nvt-sync
# openvasd -D
The corresponding source RPM files are named openvas-MODULE-N.N.N-M.suse102.openvas.src.rpm (where MODULE is "libraries", "libnasl", "server" and "plugins"). You will need these files only if you plan to rebuild the actual installation package.
Finally, you will find the files openvas-MODULE-devel-N.N.N-M.suse102.openvas.i586.rpm (except for module "plugins"). These packages will install some files that are needed to compile some of the packages or rebuild packages from the source RPM packages. For simply running the OpenVAS server, it is not necessary to install the -devel- packages.
OpenSUSE 10.2, 10.3, 11.0 (also Fedora 8, 9 and Mandriva 2007, 2008)
There is an unofficial repository containing RPMs for 10.2, 10.3 and 11.0 at http://download.opensuse.org/repositories/home:/bitshuffler:/openvas/.
See http://en.opensuse.org/Add_Package_Repositories_to_YaST on how to add a repository and http://opensuse-community.org/Installing_Software on how to install Software with YaST.
Fedora 8In the download area you will find the files
- openvas-libraries-N.N.N-M.fc8.openvas.i586.rpm
- openvas-libnasl-N.N.N-M.fc8.openvas.i586.rpm
- openvas-server-N.N.N-M.fc8.openvas.i586.rpm
- openvas-plugins-N.N.N-M.fc8.openvas.i586.rpm
where N.N.N stands for the version of OpenVAS-Client and M for the package release number.
For installation follow these steps as user "root" (insert the most current version numbers):
# rpm -i openvas-libraries-N.N.N-M.fc8.openvas.i586.rpm
# rpm -i openvas-libnasl-N.N.N-M.fc8.openvas.i586.rpm
# rpm -i openvas-server-N.N.N-M.fc8.openvas.i586.rpm
# rpm -i openvas-plugins-N.N.N-M.fc8.openvas.i586.rpm
# openvas-mkcert
# openvas-adduser
# openvas-nvt-sync
# openvasd -D
Note that you need to restart openvasd after each reboot and after each NVT synchronization.
Also note that you may need to open the OpenVAS
port to allow OpenVAS-Client to connect from other machines.
This could be done by switching off the firewall (not recommended)
or by adding a line like this to the file /etc/sysconfig/iptables at the
appropriate position (after the change run /etc/init.d/iptables
restart):
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1241 -j ACCEPT
The corresponding source RPM files are named openvas-MODULE-N.N.N-M.fc8.openvas.src.rpm (where MODULE is "libraries", "libnasl", "server" and "plugins"). You will need these files only if you plan to rebuild the actual installation package.
Finally, you will find the files openvas-MODULE-devel-N.N.N-M.fc8.openvas.i586.rpm (except for module "plugins"). These packages will install some files that are needed to compile some of the packages or rebuild packages from the source RPM packages. For simply running the OpenVAS server, it is not necessary to install the -devel- packages.
Latest source code release
The download link for the latest source code release can be found in the "Download" box to the right.
Download the 4 ".tar.gz" source code archives and unpack with "tar -xzf openvas-MODULE-N.N.N.tar.gz". Compiling from source is currently geared towards GNU/Linux systems, but may work as well in other environments.
You have to compile and install the packages in the the following sequence:
- openvas-libraries
- openvas-libnasl
- openvas-server
- openvas-plugins
Now read the file INSTALL_README inside the directory "openvas-libraries" for the next steps.
Repeat for each module and read the corresponding INSTALL or README files.
Most current state of development (directly from the source code management system)
You need subversion to retrieve the code.
Stable 1.0 branch
Note: Due to the current state of development, three modules needed to run OpenVAS-Server have already been branched into a stable branch while openvas-plugins is not affected by the major development efforts that required the branching and can be used with both branches.
$ svn checkout https://svn.wald.intevation.org/svn/openvas/branches/openvas-libraries-1-0
$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libnasl-1-0
$ svn checkout https://svn.wald.intevation.org/svn/openvas/branches/openvas-server-1-0
$ svn checkout
https://svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins
Current state of development
$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libraries
$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libnasl
$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-server
$ svn checkout
https://svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins
Now read the file INSTALL_README inside the directory "openvas-libraries" for the next steps.
Repeat for each module and read the corresponding INSTALL or README files.
Although the OpenVAS team is committed to maintaining a high code quality, please be aware that you are using a development state that may be incomplete and unstable and should not be used in production environments.