-->

Linux Hardening with OpenVAS

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and management solution.

image

    The security scanner is accompanied with a regularly updated feed of Network Vulnerability Tests (NVTs), over 51,000 in total (as of February 2017).

    OpenVAS Features

    The OpenVAS security suite consists of three parts:

    • OpenVAS Scanner
      • The actual scanner that executes the real-time vulnerability tests;
      • It can handle more than one target host at a time;
      • Uses the OpenVAS Transfer Protocol (OTP);
      • OTP supports SSL.
    • OpenVAS Manager
      • Handles the SQL Database where all scanning results and configurations are stored;
      • Controls the scanner via OTP and offers XML based OpenVAS Management Protocol (OMP);
      • It can stop, pause or resume scanning operations;
      • Makes user management possible including group level management and access control management.
    • OpenVAS CLI
      • Command line tool acting as a client for OMP.

    Using OpenVAS 8 in Ubuntu 16.04

    Installing OpenVAS

    Install SQLite for OpenVAS manager.

    sudo apt-get install sqlite3

    Install other required packages

    sudo apt-get -y install python-software-properties

    Add Personal Package Archives repository for OpenVAS

    sudo add-apt-repository ppa:mrazavi/openvas

    Update your system

    sudo apt-get update && sudo apt-get upgrade -y

    Install the OpenVAS package

    sudo apt-get install openvas

    Press Yes

    image

    Upgrade vulnerability and compliance data (this will take some time):

    sudo openvas-nvt-sync

    sudo openvas-scapdata-sync

    sudo openvas-certdata-sync

    Restart services

    sudo /etc/init.d/openvas-scanner restart

    sudo /etc/init.d/openvas-manager restart

    sudo /etc/init.d/openvas-gsa restart

    Create database

    sudo openvasmd --rebuild

    The installation is complete!

    Check installation

    The OpenVAS developers provide a handy tool check the state of your application’s installation. To use the tool simply follow these three steps:

    1. Download the tool’s latest version:

    sudo wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup --no-check-certificate

    2. Ensure that the script is executable:

    sudo chmod +x openvas-check-setup

    3. Execute the script:

    sudo ./openvas-check-setup

    The result might look similar to this:

    image

    Fix the errors

    sudo openvasmd --rebuild

    Running OpenVAS

    Open your browser (Firefox) and type:

    https://localhost/login/login.html

    Confirm security exception, and login with user “admin” and password “admin”:

    image

    After the successful login, you’ll get to Greenbone’s Security Assistant (GSA) portal:

    image

    Known vulnerabilities (February 2017)

    image

    For a scan of the local machine, just insert the loopback address and press Start Scan

    image

    OpenVAS results in Ubuntu

    Ultimate scan results:

    image

    The final report will display a list of found vulnerabilities and the possible solutions to mitigate or override them.

    image

    OpenVAS 9 Beta

    A set of new packages for OpenVAS 9 beta is also available. If you want to try it, after installing SQLite and the other packages, just install "openvas9" package instead of "openvas".

    Installing in Ubuntu

    sudo apt-get install openvas9

    Then, update vulnerabilities and compliance data with the following commands:

    sudo greenbone-nvt-sync

    sudo greenbone-scapdata-sync

    sudo greenbone-certdata-sync

    Restart services and set database:

    sudo service openvas-scanner restart

    sudo service openvas-manager restart

    sudo openvasmd --rebuild

    Please note that the default port number of the GSA has changed to 4000. So, to access the web interface for version 9, go to https://localhost:4000

    image

    You can change GSA port number by modifying /etc/default/openvas-gsa file. Then, restart its service by issuing the command:

    sudo service openvas-gsa restart

    New interface and added features:

    image

    image

    Remote scan with OpenVAS 9

    Results of a full remote scan on a CentOS 7:

    image

    Results of remote full scan on a Fedora 25:

    image

    The remote system was identified simply as Linux Kernel

    image

    Network scan with OpenVAS 9

    image

    The scanner correctly identified Windows Server 2012/10 machines and Ubuntu/CentOS:

    image

    This means OpenVAS can also be used to harden Windows machines Smile

     

    Using OpenVAS 8 in Fedora 25

    In Fedora, OpenVAS can be installed either from the official repository or from the Atomic repository.  

    Installing OpenVAs

    Install from the official repository

    sudo su

    Disable SELinux

    vi /etc/selinux/config

    Change the line SELINUX=disabled

    image

    Reboot your system

    Install the application

    sudo su

    dnf install openvas-gsa openvas-manager openvas-scanner openvas-cli

    Install additional packages

    dnf install texlive-latex nmap alien mingw32-nsis

    Start service

    systemctl start openvas-manager

    Create certificate

    openvas-mkcert

    Install REDIS service

    dnf install redis -y

    Configure the REDIS service

    vi /etc/redis.conf

    Uncomment lines:

    • unixsocket /tmp/redis.sock
    • unixsocketperm 700

    image

    Update vulnerabilities and compliance data

    openvas-nvt-sync

    openvas-scapdata-sync

    openvas-certdata-sync

    Create client certificate

    openvas-mkcert-client -n -i

    Set database

    systemctl start openvas-scanner

    openvasmd --rebuild

    Create OpenVAS Manager Admin user

    openvasmd --create-user=admin --role=Admin && openvasmd --user=admin --new-password=admin

    Start services

    systemctl start redis

    systemctl start openvas-manager

    systemctl start openvas-scanner

    systemctl start openvas-gsa

    Check installation

    openvas-check-setup

    image

    Running OpenVAS

    Open Firefox and go to:

    http://127.0.0.1

    Start a local scan:

    image

    OpenVAS results in Fedora:

    image

    Network scan:

    image

    image

    Like in Ubuntu, you’ll get a list of specific items that were found and the threats will be color-coded. For instance, this is one of the high threats:

    image

    As you can see, the report also includes information about how to address the issue.

    Besides, the application will recognize and scan Windows machines!

    image  

    Conclusion

    OpenVAS is a magnificent tool to spot vulnerabilities and highlight areas to focus on when you are hardening your system.

    This was just a quick introduction, showing a bare minimum of the functionality of the OpenVAS security suite. Explore the Greenbone Security Assistant interface and take advantage of the great built-in help system to learn more about your options.

    For instance, using the application with the proper credentials to logon to remote machines will allow it to make better scanning.

    image

    Besides, among other tasks, you can easily schedule scans, automatically generate reports, and email alerts when certain threat levels are generated.

    Previous post: Linux Hardening with Lynis

    Next post: Linux Hardening with OpenSCAP

    No comments: