四步搞定OPENVAS安装
第一步: Configure Atomicorp Repository
(as user root, only once)
wget -q -O http://www.atomicorp.com/installers/atomic |sh
或者wget http://www.atomicorp.com/installers/atomic
运行bash atomic
第二步: Quick-Install OpenVAS
(as user root, only once)
yum install openvas
openvas-setup
第三步: Quick-Start OpenVAS
( nothing to do, all is up and runningdirectly after installation )
第四步: Log into OpenVAS with usercreated in the step 2
Open https://localhost:9392/.
演示:
openvas-setup
Openvas Setup, Version: 0.3
Step 1: Update NVT's and SCAP data
Please note this step could take some time.
Once completed, NVT's and SCAP data will be updated automatically every 24 hours
Updating NVTs....
[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.
[i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'.
[i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed .html'.
[i] NVT dir: /var/lib/openvas/plugins
[i] rsync is not recommended for the initial sync. Falling back on http.
[i] Will use wget
[i] Using GNU wget: /usr/bin/wget
[i] Configured NVT http feed: http://www.openvas.org/openvas-nvt-feed-current.ta r.bz2
[i] Downloading to: /tmp/openvas-nvt-sync.jJKyr26066/openvas-feed-2013-07-01-260 61.tar.bz2
--2013-07-01 15:52:23-- http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
正在解析主机 www.openvas.org... 5.9.98.186
Connecting to www.openvas.org|5.9.98.186|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:12874455 (12M) [application/x-bzip2]
Saving to: `/tmp/openvas-nvt-sync.jJKyr26066/openvas-feed-2013-07-01-26061.tar.b z2'
16% [===========> 16% [===========> 16% [===========> 16% [===========> 17% [======> ] 2,288,977 9.58K/s eta 18m 24s
19633257 100% 8.92kB/s 0:35:49 (xfer#9, to-check=51/61)
nvdcve-2.0-2005.xml.asc
198 100% 0.46kB/s 0:00:00 (xfer#10, to-check=50/61)
nvdcve-2.0-2006.xml
31286479 100% 28.72kB/s 0:17:43 (xfer#11, to-check=49/61)
nvdcve-2.0-2006.xml.asc
198 100% 0.20kB/s 0:00:00 (xfer#12, to-check=48/61)
nvdcve-2.0-2007.xml
29278360 100% 364.99kB/s 0:01:18 (xfer#13, to-check=47/61)
nvdcve-2.0-2007.xml.asc
198 100% 2.42kB/s 0:00:00 (xfer#14, to-check=46/61)
nvdcve-2.0-2008.xml
34074650 100% 247.80kB/s 0:02:14 (xfer#15, to-check=45/61)
nvdcve-2.0-2008.xml.asc
198 100% 0.25kB/s 0:00:00 (xfer#16, to-check=44/61)
nvdcve-2.0-2009.xml
33491702 100% 272.59kB/s 0:01:59 (xfer#17, to-check=43/61)
nvdcve-2.0-2009.xml.asc
198 100% 0.48kB/s 0:00:00 (xfer#18, to-check=42/61)
nvdcve-2.0-2010.xml
48713980 100% 108.84kB/s 0:07:17 (xfer#19, to-check=41/61)
nvdcve-2.0-2010.xml.asc
198 100% 193.36kB/s 0:00:00 (xfer#20, to-check=40/61)
nvdcve-2.0-2011.xml
114124827 100% 20.50kB/s 1:30:36 (xfer#21, to-check=39/61)
nvdcve-2.0-2011.xml.asc
198 100% 193.36kB/s 0:00:00 (xfer#22, to-check=38/61)
nvdcve-2.0-2012.xml
42162224 100% 20.14kB/s 0:34:04 (xfer#23, to-check=37/61)
nvdcve-2.0-2012.xml.asc
198 100% 193.36kB/s 0:00:00 (xfer#24, to-check=36/61)
nvdcve-2.0-2013.xml
18658862 100% 27.89kB/s 0:10:53 (xfer#25, to-check=35/61)
nvdcve-2.0-2013.xml.asc
198 100% 0.50kB/s 0:00:00 (xfer#26, to-check=34/61)
official-cpe-dictionary_v2.2.xml
18419259 100% 19.24kB/s 0:15:34 (xfer#27, to-check=33/61)
official-cpe-dictionary_v2.2.xml.asc
198 100% 193.36kB/s 0:00:00 (xfer#28, to-check=32/61)
sha1sums
3522 100% 8.71kB/s 0:00:00 (xfer#29, to-check=31/61)
status
21 100% 0.05kB/s 0:00:00 (xfer#30, to-check=30/61)
status.asc
198 100% 0.49kB/s 0:00:00 (xfer#31, to-check=29/61)
timestamp
13 100% 0.03kB/s 0:00:00 (xfer#32, to-check=28/61)
timestamp.asc
198 100% 0.49kB/s 0:00:00 (xfer#33, to-check=27/61)
oval/
oval/5.10/
oval/5.10/org.mitre.oval/
oval/5.10/org.mitre.oval/c/
oval/5.10/org.mitre.oval/c/oval.xml
266709 100% 23.77kB/s 0:00:10 (xfer#34, to-check=22/61)
oval/5.10/org.mitre.oval/c/oval.xml.asc
198 100% 0.50kB/s 0:00:00 (xfer#35, to-check=21/61)
oval/5.10/org.mitre.oval/i/
oval/5.10/org.mitre.oval/i/oval.xml
8225660 100% 19.97kB/s 0:06:42 (xfer#36, to-check=19/61)
oval/5.10/org.mitre.oval/i/oval.xml.asc
198 100% 193.36kB/s 0:00:00 (xfer#37, to-check=18/61)
oval/5.10/org.mitre.oval/m/
oval/5.10/org.mitre.oval/m/oval.xml
143834 100% 18.33kB/s 0:00:07 (xfer#38, to-check=16/61)
oval/5.10/org.mitre.oval/m/oval.xml.asc
198 100% 2.17kB/s 0:00:00 (xfer#39, to-check=15/61)
oval/5.10/org.mitre.oval/p/
oval/5.10/org.mitre.oval/p/oval.xml
33735030 100% 17.80kB/s 0:30:50 (xfer#40, to-check=13/61)
oval/5.10/org.mitre.oval/p/oval.xml.asc
198 100% 193.36kB/s 0:00:00 (xfer#41, to-check=12/61)
oval/5.10/org.mitre.oval/v/
oval/5.10/org.mitre.oval/v/family/
oval/5.10/org.mitre.oval/v/family/ios.xml
2011748 100% 10.71kB/s 0:03:03 (xfer#42, to-check=9/61)
oval/5.10/org.mitre.oval/v/family/ios.xml.asc
198 100% 0.20kB/s 0:00:00 (xfer#43, to-check=8/61)
oval/5.10/org.mitre.oval/v/family/macos.xml
411302 100% 8.59kB/s 0:00:46 (xfer#44, to-check=7/61)
oval/5.10/org.mitre.oval/v/family/macos.xml.asc
198 100% 193.36kB/s 0:00:00 (xfer#45, to-check=6/61)
oval/5.10/org.mitre.oval/v/family/pixos.xml
10014 100% 9.55MB/s 0:00:00 (xfer#46, to-check=5/61)
oval/5.10/org.mitre.oval/v/family/pixos.xml.asc
198 100% 193.36kB/s 0:00:00 (xfer#47, to-check=4/61)
oval/5.10/org.mitre.oval/v/family/unix.xml
23637330 100% 7.95kB/s 0:48:22 (xfer#48, to-check=3/61)
oval/5.10/org.mitre.oval/v/family/unix.xml.asc
198 100% 193.36kB/s 0:00:00 (xfer#49, to-check=2/61)
oval/5.10/org.mitre.oval/v/family/windows.xml
33221272 100% 8.54kB/s 1:03:20 (xfer#50, to-check=1/61)
oval/5.10/org.mitre.oval/v/family/windows.xml.asc
198 100% 193.36kB/s 0:00:00 (xfer#51, to-check=0/61)
sent 1220 bytes received 529157461 bytes 19592.30 bytes/sec
total size is 529089124 speedup is 1.00
[i] (Re-)initializing database
[i] Updating CPEs
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2002.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2003.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2004.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2005.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2006.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2007.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2008.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2009.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2010.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2011.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2012.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2013.xml
Updating OpenVAS Manager database....
Step 2: Configure GSAD
The Greenbone Security Assistant is a Web Based front end
for managing scans. By default it is configured to only allow
connections from localhost.
Allow connections from any IP? [Default: yes] Invalid input
Allow connections from any IP? [Default: yes] Stopping greenbone-secu rity-assistant: [确定]
Starting greenbone-security-assistant: [确定]
Step 3: Choose the GSAD admin users password.
The admin user is used to configure accounts,
Update NVT's manually, and manage roles.
Enter administrator username [Default: admin] : Enter Administrator P assword:
Verify Administrator Password:
Empty password not allowed.
Enter Administrator Password:
Verify Administrator Password:
Empty password not allowed.
Enter Administrator Password:
Verify Administrator Password:
Empty password not allowed.
Enter Administrator Password:
Verify Administrator Password:
Empty password not allowed.
Enter Administrator Password:
Verify Administrator Password:
Passwords do not match
Enter Administrator Password:
Verify Administrator Password:
ad main:MESSAGE:30669:2013-07-02 08h37.06 CST: No rules file provid ed, the new user will have no restrictions.
ad main:MESSAGE:30669:2013-07-02 08h37.06 CST: User admin has been successfully created.
Step 4: Create a user
Using /var/tmp as a temporary file holder.
Add a new openvassd user
---------------------------------
Login user1
Authentication (pass/cert) [pass] :
Login password :
Login password (again) :
User rules
---------------
openvassd has a rules system which allows you to restrict the hosts t hat iamyou has the right to test.
For instance, you may want him to be able to scan his own host only.
Please see the openvas-adduser(8) man page for the rules syntax.
Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)
Login : i
Password : ***********
Rules :
Is that ok? (y/n) [y] y
user added.
Starting openvas-administrator...
Starting openvas-administrator:
[确定]
Setup complete, you can now access GSAD at:
https://<IP>:9392
You have new mail in /var/spool/mail/root
[root@cen56vm ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:AD:D4:21
inet addr:172.20.80.71 Bcast:172.20.80.255 Mask:255.255.2 55.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:526866 errors:0 dropped:0 overruns:0 frame:0
TX packets:416311 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:675870854 (644.5 MiB) TX bytes:40246517 (38.3 MiB )