注意:

The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.

Difference between revisions of "Package:OpenVAS"

From Funtoo
Jump to navigation Jump to search
(Created page with "{{Ebuild |Summary=OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. |Cat...")
 
Line 2: Line 2:
|Summary=OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
|Summary=OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
|CatPkg=net-analyzer/openvas
|CatPkg=net-analyzer/openvas
}}
== Install ==
To install openvas, emerge it:
{{console|body=
###i## emerge openvas
}}
== Configure ==
Create a certificate for the server, choosing the default values if desired:
{{console|body=
###i## openvas-mkcert
}}
Create a client certificate::
{{console|body=
###i## openvas-mkcert-client -n -i
}}
Update the plugins and vulnerability data:
{{console|body=
###i## openvas-nvt-sync
###i## openvas-scapdata-sync
###i## openvas-certdata-sync
}}
Start OpenvVas Scanner (Required for next steps):
{{console|body=
###i## /etc/init.d/openvassd start
}}
This step can load for few minutes, use ps aux to check when done (Waiting for incoming connections) :
{{console|body=
###i## ps aux | grep openvassd
###i## openvassd: Waiting for incoming connections
}}
Initializing OpenVas Manager Database:
{{console|body=
###i## /usr/sbin/openvasmd --rebuild --progress
}}
Add an administrator user account:
{{console|body=
###i##  openvasmd --create-user=admin --role=Admin
###i##  openvasmd --user=admin --new-password=your_new_password
}}
== Configure Redis (Required Since OpenVas Manager 6) ==
Configure redis as perscribed by the [https://svn.wald.intevation.org/svn/openvas/tags/openvas-scanner-release-5.0.3/doc/redis_config.txt OpenVAS redis configuration]. In summary, amend the following to your /etc/redis.conf
{{console|body=
unixsocket /tmp/redis.sock
port 0
timeout 0
}}
== Check your Installation, Settings and Start Services ==
Check you Install Settings with default utility:
{{console|body=
###i##  openvas-check-setup --v8
}}
Check your de
{{console|body=
###i##  nano /etc/conf.d/openvassd
###i##  nano /etc/conf.d/openvasmd
###i##  nano /etc/conf.d/gsad
}}
== Good Practices to Install and expand your OpenVas Setting ==
Set a Password Policy for OpenVas:
{{console|body=
###i##  nano /etc/openvas/pwpolicy.conf
}}
Enable NVT signature checking:
See http://www.openvas.org/trusted-nvts.html
Install RPM and Alien (for LSC credential package generation support on target systems):
{{console|body=
###i## emerge app-arch/alien app-arch/rpm
}}
Install Haveged entropy (for speed up some actions):
{{console|body=
###i## emerge sys-apps/haveged
###i## rc-update add haveged defaul
###i##  /etc/init.d/haveged start
}}
}}


{{EbuildFooter}}
{{EbuildFooter}}

Revision as of 21:56, December 7, 2015

OpenVAS

   Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.


Install

To install openvas, emerge it:

root # emerge openvas

Configure

Create a certificate for the server, choosing the default values if desired:

root # openvas-mkcert

Create a client certificate::

root # openvas-mkcert-client -n -i

Update the plugins and vulnerability data:

root # openvas-nvt-sync
root # openvas-scapdata-sync
root # openvas-certdata-sync

Start OpenvVas Scanner (Required for next steps):

root # /etc/init.d/openvassd start

This step can load for few minutes, use ps aux to check when done (Waiting for incoming connections) :

root # ps aux

Initializing OpenVas Manager Database:

root # /usr/sbin/openvasmd --rebuild --progress

Add an administrator user account:

root #  openvasmd --create-user=admin --role=Admin
root #  openvasmd --user=admin --new-password=your_new_password

Configure Redis (Required Since OpenVas Manager 6)

Configure redis as perscribed by the OpenVAS redis configuration. In summary, amend the following to your /etc/redis.conf

unixsocket /tmp/redis.sock
port 0
timeout 0


Check your Installation, Settings and Start Services

Check you Install Settings with default utility:

root #  openvas-check-setup --v8

Check your de

root #  nano /etc/conf.d/openvassd
root #  nano /etc/conf.d/openvasmd
root #  nano /etc/conf.d/gsad

Good Practices to Install and expand your OpenVas Setting

Set a Password Policy for OpenVas:

root #  nano /etc/openvas/pwpolicy.conf

Enable NVT signature checking: See http://www.openvas.org/trusted-nvts.html

Install RPM and Alien (for LSC credential package generation support on target systems):

root # emerge app-arch/alien app-arch/rpm

Install Haveged entropy (for speed up some actions):

root # emerge sys-apps/haveged
root # rc-update add haveged defaul
root #  /etc/init.d/haveged start