OpenVAS-8 DEMO Virtual Appliance
Version: 1.0 (up-to-date regarding base system, OpenVAS-8 and Feed as of 2015-05-20)
Download Sites for the OVA Image (3.2 GByte):
Compatibility: VirtualBox >=4.3
OpenVAS-7 DEMO Virtual Appliance
Version: 2.4 (up-to-date regarding base system, OpenVAS-7 and Feed as of 2015-01-19)
Download Sites for the OVA Image (3.6 GByte):
Compatibility: VirtualBox >=4.3, ESXi >=4
- Security (it is highly recommended that you follow these steps immediately after first start):
- You should change the default password for system account "root" (login as root and apply command "passwd").
- You should change the default password for system account "openvas" (login as openvas and apply command "passwd").
- You should change the default password for web account "admin" (login as admin via web interface and go to
"Extras/My Settings". Via the Edit button, change the password - remind the checkbox to confirm password change).
- You should upgrade the base system immediately to install all security updates published meanwhile.
The base system is Debian Wheezy, so you need to run as "root" the command "apt-get dist-upgrade" (or other
management tools you might prefer).
- A self-signed SSL certificate is used. You need to allow an exception in your browser at first login.
Exchange it if you don't want to share the same certificate with other OpenVAS DEMO installations.
- Encryption of passwords: The passwords that you enter for Credentials (ssh/smb) and that are being used
for authenticated scans are stored encrypted. A encryption key is pre-installed because the creation can
take considerably long (up to 60 minutes).
If you do not exchange this key, you share the same encryption key with other OpenVAS DEMO installations!
This way you delete the key and create a new one (takes upto 60 minutes):
gpg --homedir=/usr/local/etc/openvas/gnupg --delete-secret-keys 94094F5B
gpg --homedir=/usr/local/etc/openvas/gnupg --delete-keys 94094F5B
You will find further details and hints about the key management in the file
- TLS Ciphers: The services HTTPS and OMP can be configured regarding offered TLS ciphers.
Examples are prepared that should be configured more strict for production level.
The are located here: "/etc/default/openvas-manager" and "/etc/default/greenbone-security-assistant.*"
- If you don't know where to log into the web interface, then log in as system user "openvas" and the URL will be printed.
- GNU GPL: In compliance with GNU GPL, any sources are already pre-installed on the VM (under /root/source)
- Performance: After import it might make sense to increase resources (CPU, RAM), given your host can provide this
- Updating OpenVAS: OpenVAS was built in /root/build. You need to download newest releases as tar.gz files
and follow the usual scheme for building OpenVAS from source. The install prefix is "/usr/local".
- Web timeout: If you want to increase the web timeout to for example 1 hour, then you should add "--timeout=60"
to DAEMON_ARGS in "/etc/default/greenbone-security-assistant.*" and then restart.
- Alternative web interface ITS (IT-Schwachstellenampel, German only): As root enter "./switchface-its".
Back with "./switchface-classic". Might help to force reload in browser after switch to get all decoration changes.
Important note on these Virtual Appliances
Please note that these virtual appliances are for
demonstration/testing purposes and not recommended for regular production uses,
particularly for more than a few hosts depending on local system
resources. The OpenVAS scanner is resource intensive and may take
a long time to start on slower systems, especially when run as a
VM on laptops.