English | Deutsch
Home »

Howto: Perform local security checks

This text explains how to run local security checks with OpenVAS. So far, this procedure has been tested only with Debian local security checks.

Create users for local security checks

First, you need a key with certificate:

$ ssh-keygen -t rsa -f ~/.ssh/id_rsa_sshovas -C "OpenVAS-Local-Security-Checks-Key"
$ openssl pkcs8 -topk8 -v2 des3 -in ~/.ssh/id_rsa_sshovas -out sshovas_rsa.p8

Note: The comment (here: "OpenVAS-Local-Security-Checks-Key") should not contain spaces.
Currently, you need a rsa pkcs8 key for OpenVAS local security checks.

Note: openssl will ask you for an "Encryption key" when generating your key with the command described above. This is the passphrase you will need to remember when using this key with OpenVAS, not the passphrase you entered when running the ssh-keygen command.

Important: If you plan on using this key with OpenVAS versions from the 1.0.x series, be aware that there is a bug within OpenVAS which prevents logins with PCKS8 key with passphrases consisting only of numbers. If you get an "Unable to load key" error, be sure to include at least one non-numerical character in your passphrase.

Now, for each target system:

# adduser --disabled-password sshovas
  Name: OpenVAS Local Security Checks
# su - sshovas
$ mkdir .ssh
$ cp /some/path/id_rsa_sshovas.pub .ssh/authorized_keys
$ chmod 500 .ssh
$ chmod 400 .ssh/authorized_keys

Configure the local security checks in OpenVAS-Clients

In Preferences, configure SSH Authorization: 

SSH login name: sshovas
SSH private key: ~/.ssh/sshovas_rsa.p8
SSH key passphrase: ********
SSH public key: ssh/id_rsa_sshovas.pub

Note: It is actually not necessary to submit the public key, but currently this is necessary due to a bug inherited from Nessus.

Next, make sure you select at least these NVTs:

Debian Local Security Checks/*
Misc/Determine List of installed packages via SSH login
Service Detection/Services
Settings/Global variable settings
Settings/SSH Authorization

or ensure dependencies are resolved at runtime (see checkboxes) if you select only some local security checks.