English | Deutsch
Home » Try out OpenVAS

Setup and Start OpenVAS

Is OpenVAS set up correctly?

The OpenVAS developers provide a handy tool called openvas-check-setup to check the state of your OpenVAS installation. To use this tool simply follow these three steps:

  1. Download the latest version of openvas-check-setup.
  2. Ensure that the script is executable:
    chmod +x openvas-check-setup
  3. Execute the script:
    ./openvas-check-setup
    for current stable release or
    ./openvas-check-setup [ --v4 | --v5 | --v6 | ... ]
    for other respective OpenVAS releases.

openvas-check-setup will now analyze the state of your OpenVAS installation and propose fixes should it detect any errors or misconfigurations. It will also check if all required OpenVAS services are running and listening on the correct ports.

In case the hints did not help you to get a working OpenVAS installation, please report the problem to us and we will update/fix openvas-check-setup: OpenVAS Users Mailing List.

If you want to install the OpenVAS services on a server and you do not need clients like OpenVAS CLI or GSD in your installation you can skip the checks for these modules by starting openvas-check-setup with the --server parameter instead:

./openvas-check-setup --server

Examples of openvas-check-setup results

The following two examples show what openvas-check-setup will check and how it will assist you in making you OpenVAS installation complete.

First run:

openvas-check-setup 2.0.1
  Test completeness and readiness of OpenVAS-4

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ... 
        OK: OpenVAS Scanner is present in version 3.2.3.
        OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
        OK: NVT collection in /var/lib/openvas/plugins contains 20380 NVTs.
Step 2: Checking OpenVAS Manager ... 
        OK: OpenVAS Manager is present in version 3.0.0.
        OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
        OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
        OK: OpenVAS Manager database is at revision 42.
        OK: OpenVAS Manager expects database at revision 42.
        OK: Database schema is up to date.
        OK: xsltproc found.
Step 3: Checking OpenVAS Administrator ... 
        OK: OpenVAS Administrator is present in version 1.1.2.
        OK: At least one user exists.
        ERROR: No admin user found. You need to create at least one admin user to log in.
        FIX: Create a user using 'openvasad -c 'add_user' -n <name> -r Admin'

 ERROR: Your OpenVAS-4 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

Second run, after creating an admin user as described by openvas-check-setup:

openvas-check-setup 2.0.1
  Test completeness and readiness of OpenVAS-4

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ... 
        OK: OpenVAS Scanner is present in version 3.2.3.
        OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
        OK: NVT collection in /var/lib/openvas/plugins contains 20380 NVTs.
Step 2: Checking OpenVAS Manager ... 
        OK: OpenVAS Manager is present in version 3.0.0.
        OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
        OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
        OK: OpenVAS Manager database is at revision 42.
        OK: OpenVAS Manager expects database at revision 42.
        OK: Database schema is up to date.
        OK: xsltproc found.
Step 3: Checking OpenVAS Administrator ... 
        OK: OpenVAS Administrator is present in version 1.1.2.
        OK: At least one user exists.
        OK: At least one admin user exists.
Step 4: Checking Greenbone Security Assistant (GSA) ... 
        OK: Greenbone Security Assistant is present in version 3.0.0.
Step 5: Checking OpenVAS CLI ... 
        OK: OpenVAS CLI version 1.1.2.
Step 6: Checking Greenbone Security Desktop (GSD) ... 
        OK: Greenbone Security Desktop is present in Version 1.1.1.
Step 7: Checking if OpenVAS services are up and running ... 
        OK: netstat found, extended checks of the OpenVAS services enabled.
        OK: OpenVAS Scanner is running and listening on all interfaces.
        OK: OpenVAS Scanner is listening on port 9391, which is the default port.
        OK: OpenVAS Manager is running and listening on all interfaces.
        OK: OpenVAS Manager is listening on port 9390, which is the default port.
        OK: OpenVAS Administrator is running and listening on all interfaces.
        OK: OpenVAS Administrator is listening on port 9393, which is the default port.
        OK: Greenbone Security Assistant is running and listening on all interfaces.
        OK: Greenbone Security Assistant is listening on port 9392, which is the default port.

It seems like your OpenVAS-4 installation is OK.

If you think it is not OK, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.