English | Deutsch
Home » Try out

GSM Community Edition

Version: 4.0.5 (corresponds to OpenVAS-9)

Download: http://dl.greenbone.net/download/VM/gsm_ce_4.0.5.iso (340 MByte)

sha256sum: 260e57d693bdfd1db55e41555ffde346f823d79235c8f4a40e19aa888060c425

Compatibility: VirtualBox, ESXi, Hyper-V

Minimum requirements: 2 CPU Cores, 2 GByte RAM

The GSM Community Edition is a derivate of the GSM ONE and allows a quick and easy option on Windows, Linux or Mac to give the solution a trial. No particular know-how is needed.

In contrast to the commercial solution the Community Feed instead of the Greenbone Security Feed is used. Also some management functions like for TLS certificates are not included. Feed updates happen on a regular basis, but the system itself can not be updated. The commercial version can be updated seamless and also includes access to the Greenbone Support.

The Community Edition as well as the GSM ONE are designed for use with a laptop. The full feature set for a vulnerability management process (schedules, alarms, sensors) are only available with the bigger GSM models (see here for an overview) and can be obtained from Greenbone as an evaluation unit.

Startup Community Edition:

  • Create a virtual image:

    • VirtualBox via OVA import:

      • Additionally to the iso image download the VM initialization http://dl.greenbone.net/download/VM/GSM-CE-4.0.5-init.ova (100 KByte) and import this file as appliance. Apply a new MAC address to prevent potential conflicts.

      • Check the settings, especially for the network, and adjust them where appropriate.

      • Start the virtual machine.

    • VirtualBox by hand via "New":

      • Type: Linux
      • Version: Other Linux (64bit)
      • Memory: 2048M
      • Harddisk: 9G
      • CPUs: 2
      • Create a new hard disk for the virtual machine.

      • Take care that the network connection works inside-out and outside-in:
        The system needs access to the internet for the setup.
        For using the systems' web interface you need to access the system from where your web browser runs.

      • Audio, USB and diskette should be disabled.

      • Now choose the downloaded ISO image as medium for the CD drive and start the virtual machine.

    • Hyper-V by hand via "New - Virtual Computer":

      • Generation: Generation 1

      • Startup memory: 2048MB

      • Use Dynamic Memory: deactivate

      • Network: Select a connection that has access to the Internet. The system needs access to the internet for the setup. For using the systems’ web interface you need to access the system from where your web browser runs.

      • Virtual hard disk: create an new, with an minimum of 9GB

      • Installation Options: Now choose the downloaded iso image as medium.

      • After saving, change the number of processors to 2

    • ESXi / VMWare:

      Basically follow the hints as in "VirtualBox by hand".

  • In the menu choose the option "Setup" and confirm that the hard disk can be overwritten.

  • The installation process will now run for a while. You will be asked for a username and password for the administrative account. Notice this account because there will be no other way to administrate the system.

  • Follow the instructions up to the reboot. The system will automatically reboot a second time.

  • As soon as the login prompt "Welcome to Greenbone OS" appears, log in with the previously created administration account.

  • You now enter the setup wizard which guides you through the final steps:

    • Web-User: Creation of an administration account for the web interface. There, you can later create more account as needed.

    • Greenbone Subscription Key: In case you have a received an evaluation key from Greenbone, you can now upload it. If you don't have one, the system will use the Greenbone Community Feed instead of the Greenbone Security Feed. It is possible to upload a evaluation key any time later and change the feed.

    • Download Feed: Without a feed you can not do any scans and the SecInfo section remains empty. So the download is highly recommended, but requires internet access.

  • The feed update now runs in the background and you are on the main menu of the administration. Via "About" you can have a look at the key properties of your setup, especially the address of the web interface and whether there still runs the Feed update as a system operation.

  • Log in to the web interface with the web administrator account. During the installation a self-signed TLS certificate was created. Your browser will regard it insecure and you need to tell your browser to accept it as an exception.

  • Only after the feed update completed there will be all information in the SecInfo area and first scans possible. This could take half an hour or even longer.

  • Documentation and guides are available at the Greenbone TechDoc Portal. However, the user interface is self-explaining. Just give it a start. The wizard will help you to create and run your first scan task.

  • Please note: Shutting down the virtual machine should only be done via the menu Maintenance->Power to ensure that important system processes like the Feed update are not interrupted.

Copyright, licenses and sources:

The Feed and Greenbone OS consists of various components with various Copyrights and (Open Source) Licenses. In essence the product can be used for any purpose but for re-distribution the conditions of the licenses have to be considered. Details are summarized in the License Information. There, you will also find the offer for source code access according to GNU GPL.

OpenVAS-8 DEMO Virtual Appliance

Version: 1.0 (up-to-date regarding base system, OpenVAS-8 and Feed as of 2015-05-20)

Download Sites for the OVA Image (3.2 GByte):

MD5SUM: b7604b49a1bf3080786be36965b055e9

Compatibility: VirtualBox >=4.3

Important Notes:

  • Security (it is highly recommended that you follow these steps immediately after first start):
    • You should change the default password for system account "root" (login as root and apply command "passwd").
    • You should change the default password for system account "openvas" (login as openvas and apply command "passwd").
    • You should change the default password for web account "admin" (login as admin via web interface and go to "Extras/My Settings". Via the Edit button, change the password - remind the checkbox to confirm password change).
    • You should delete the file "/home/openvas/.ssh/authorized_keys" as it may contain remains from the VM build procedure.
    • You should upgrade the base system immediately to install all security updates published meanwhile. The base system is Debian Jessie, so you need to run as root the command apt-get update && apt-get upgrade (or other management tools you might prefer).
    • A self-signed SSL certificate is used. You need to allow an exception in your browser at first login.
      Exchange it if you don't want to share the same certificate with other OpenVAS DEMO installations.
    • Encryption of passwords: The first time you create a credential object, a new password encryption key will be generated.
    • TLS Ciphers: The services HTTPS and OMP can be configured regarding offered TLS ciphers. You need to start the corresponding daemons with the right parameters.
  • Usage:
    • If you don't know where to log into the web interface: The IP of the system should be displayed before the login prompt. Should it not be the case, press ENTER to request a new login prompt, in the meantime, the system should have acquired an IP and you should be able to use it.
  • GNU GPL: In compliance with GNU GPL, any sources are already pre-installed on the VM (under /root/sources)
  • Performance: After import it might make sense to increase resources (CPU, RAM), given your host can provide this
  • Updating OpenVAS: OpenVAS was built in /home/openvas/src. You need to download newest releases as tar.gz files and follow the usual scheme for building OpenVAS from source.
  • Web timeout: If you want to increase the web timeout to for example 1 hour, then you should create a systemd drop-in file under /etc/systemd/system/gsa.service.d/timeout.conf with the following content (refer to the systemd documentation for more details):
    [Service]
    ExecStart = /usr/local/bin/gsad --foreground --timeout=60
  • Alternative web interface ITS (IT-Schwachstellenampel, German only): As root enter switchface-its. Back with switchface-classic. Might help to force reload in browser after switch to get all decoration changes. This switch will be reset upon reboot of the system.
  • You can switch the keyboard layout as root by using the recommended method: dpkg --configure keyboard-configuration && service keyboard-setup restart. Alternatively, you can use the following shortcut: switchkbd de to switch to German layout. This shortcut might not work in all cases.

Important note on these Virtual Appliances

Please note that these virtual appliances are for demonstration/testing purposes and not recommended for regular production uses, particularly for more than a few hosts depending on local system resources. The OpenVAS scanner is resource intensive and may take a long time to start on slower systems, especially when run as a VM on laptops.