English | Deutsch
Home »

Howto: Perform local security checks

This text explains how to run local security checks with OpenVAS.

Create users for local security checks

First, you need a key with certificate:

$ ssh-keygen -t rsa -f ~/.ssh/id_rsa_sshovas

Now, for each target system:

# adduser --disabled-password sshovas
  Name: OpenVAS Local Security Checks
# su - sshovas
$ mkdir .ssh
$ cp /some/path/id_rsa_sshovas.pub .ssh/authorized_keys
$ chmod 500 .ssh
$ chmod 400 .ssh/authorized_keys

Configure the local security checks in OpenVAS-Clients

In Preferences, configure SSH Authorization:

SSH login name: sshovas
SSH private key: ~/.ssh/sshovas_rsa
SSH key passphrase: ********
SSH public key: ssh/id_rsa_sshovas.pub

Note: It is actually not necessary to submit the public key, but currently this is necessary due to a bug inherited from Nessus.

Next, make sure you select at least these NVTs:

Debian Local Security Checks/*
Misc/Determine List of installed packages via SSH login
Service Detection/Services
Settings/Global variable settings
Settings/SSH Authorization

or ensure dependencies are resolved at runtime (see checkboxes) if you select only some local security checks.