This page has been nominated for deletion.
The given reason is: This page should be deleted because the OpenVAS project name has been renamed in GVM and old OpenVAS loader package with all components removed from gentoo tree. GVM is a major update and all the commands and informations on this page are deprecated. We have new wiki page for new GVM --> https://wiki.gentoo.org/wiki/Greenbone_Vulnerability_Management
If you disagree with its deletion, do not remove this notice; discuss your objections on the associated discussion page.
OpenVAS (Open Vulnerability Assessment System) is security scanning software used identify and detect network accessible vulnerabilities. It is used by both offensive and defensive security experts to determine attack surfaces.
- 1 Installation
- 2 Configuration
- 3 Usage
- 4 Troubleshooting
- 5 See also
The net-analyzer/openvas is a meta-package. It depends upon the command-line interface, libraries, manager, scanner, and tools. Do not be surprised if the dependency list is a little long:
emerge --ask net-analyzer/openvas
Additional support for extra checks gained from emerging the following software:
|app-forensics/ovaldi||For ovaldi (OVAL) — an OVAL Interpreter.|
|net-analyzer/amap||For amap — an application protocol detection tool.|
|net-analyzer/greebone-security-assistant||For The Greenbone Security Assistant as alternative to the plain scanner.|
|net-analyzer/ike-scan||For ike-scan - an IPsec VPN scanning, fingerprinting and testing tool.|
|net-analyzer/nikto||For Nikto — a web server scanning and testing tool.|
|net-analyzer/portbunny||For portbunny — a Linux-kernel-based portscanner.|
|net-analyzer/w3af||For w3af — a web application attack and audit framework.|
The following steps can be checked at any point by running the openvas-check-setup utility.
Generate an SSL certificate
Before OpenVAS can be started, an SSL certificate must be generated:
Generate the client's SSL certificate
openvas-mkcert-client -n -i
Download vulnerability list
Download the vulnerability list with the following command:
Update the scan daemon's cache
Rebuild the management daemon's NVT cache
Download the SCAP data
Download the OpenVAS CERT database
Create a user
Users will not be able to login until accounts have been created for them. Pretending a user by the name of Larry would like to create an account:
openvasmd --create-user larry
Unless you want a large GUID for a password, be sure to change it:
openvasmd --user=larry --new-password=SuPErSeCR3TP@assw0rd
Users can be listed with the following command:
Stuck on configuration steps
Service not starting
Check the log files located at /var/log/openvas/.
- Security Handbook — a step-by-step hardening guide for Gentoo Linux.