Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Greenbone and OpenVAS Scanner (NOT READY YET) - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Greenbone and OpenVAS Scanner (NOT READY YET)

DRAFT - Not ready yet!

Introduction

This virtual machine comes to you care of $DayJob frustrations and the need to generate logs. This month we are covering log entries and in my lab at work there was a need to trigger some alarms. So I set out to build an OpenVAS [1] suite in order to trigger several different detection systems.

The Greenbone Security Manager [2] provided an excellent, albeit not ‘as’ intuitive as I like, interface for scheduling scans and basically sending out network and application nastiness.

Prep

It had been a while since I had last set up an OpenVAS Suite so “to the Google Batman” ... In doing a quick search I located several blog entries on different distribution installs [3] [4] [5] as well as the OpenVAS Docs [6]. In this prep I also was looking for the smoothest distribution for install as this was going to sit as a virtual machine in my $DayJob lab and after searching forums the easiest seems to be Ubuntu on 12.04 LTS.

CentOS Caveats

If you are going to install on CentOS, a couple of observations:

There will likely end up being some errors ( see [7]) to work through.
If you manage to get it working and don’t see traffic leaving yet Greenbone says your job is running? “Audit2Allow [8] is your friend!”

For those that want to take the lazy way out :) the file you are looking for is in /etc/selinux and is config:

/etc/selinux/config



General Install Caveats

Syncing from OpenVAS takes a very ...... very long time. Just be patient if you build your own, the initial sync does take a great deal of time (days occasionally). If you don’t want to take the time to install your own, you can download the below Greenbone VM.

Running a Job

<video here>


The Greenbone VM

File: http://handlers.sans.org/rporter/greenbone.7z
Size: 2.4 GB
Type: OVF Template
OS: Ubuntu 12.04 (patched as of 16 OCT 2013)
SHA1: a90fd042cafb4971f58b3e420e3a091032d47682

System Account: openvas
System Password: sanstraining

Greenbone Account: admin
Greenbone Password: sanstraining

All passwords will be sanstraining

VM Is set for DHCP on Boot.


References:


[1] http://www.openvas.org/
[2] http://www.greenbone.net/technology/openvas.html
[3] http://hackertarget.com/install-openvas-5-in-ubuntu-12-04/
[4] http://samiux.blogspot.com/2013/05/howto-openvas-on-ubuntu-desktop-1204-lts.html
[5] http://www.securitygrit.com/2013/05/openvas-6-and-centos-64.html
[6] http://www.openvas.org/install-packages-v5.html
[7] http://comments.gmane.org/gmane.comp.security.openvas.users/4889
[8] http://fedoraproject.org/wiki/SELinux/audit2allow

 

Richard Porter || @packetalien || rporter at isc dot sans dot edu || packetalien.com

Richard

160 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!