• No results found

Vulnerability Scanning with OpenVAS

N/A
N/A
Protected

Academic year: 2022

Share "Vulnerability Scanning with OpenVAS"

Copied!
4
0
0

Loading.... (view fulltext now)

Full text

(1)

Vulnerability Scanning with OpenVAS

Security Topics

Contents

1 Introduction 1

2 Goals 1

3 Notes 1

4 Installation 2

4.1 Install the server, client and plugin packages . . . 2 4.2 Update the vulnerability database . . . 2 4.3 Add a user to run the client . . . 2

5 Operation 2

5.1 Starting the server . . . 2 5.2 Running a scan . . . 3 5.3 Keeping track of changes . . . 3

1 Introduction

In this exercise we will show a popular open source vulnerability scanner called OpenVAS (Open Vulnerability Assessment System). OpenVAS is the evolution of a previous project called Nessus, which became a proprietary tool. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 20,000 in total (as of January 2011).

1

(2)

2 Goals

• Install OpenVAS server and client packages on Ubuntu

• Update OpenVAS vulnerability tests

• Create a user for scanning

• Learn to run scans in batch mode from the command-line client

3 Notes

• Commands preceded with “$” imply that you should execute the command as a general user - not as root.

• Commands preceded with “#” imply that you should be working as root.

• Commands with more specific command lines (e.g. “RTR-GW>” or

“mysql>”) imply that you are executing commands on remote equipment, or within another program.

4 Installation

4.1 Install the server, client and plugin packages

$ sudo apt-get install openvas-server openvas-client openvas-plugins-base \ openvas-plugins-dfsg

4.2 Update the vulnerability database

$ sudo openvas-nvt-sync

4.3 Add a user to run the client

$ sudo openvas-adduser Login: sysadm

Authentication (pass/cert) [pass]: HIT ENTER Login password: USE CLASS PASSWD

You will then be asked to add “User rules”.

Ideally, you will want to only allow scanning on hosts that are under your control. To understand the syntax, check the openvas-adduser man page.

Let’s allow this user to scan hosts in our lab network. Type:

2

(3)

accept 10.10.0./16 default deny

type ctrl-D to exit, and then accept.

5 Operation

5.1 Starting the server

$ sudo service openvas-server start

The server has to load thousands of vulnerability checks, which takes VERY LONG, especially on a machine that is not very powerful. Most likely, you will not be able to run this on the virtual NSRC lab.

On a production setup, you will need a machine with multiple processors/ cores and a quite a bit of RAM, especially if you will be scanning many hosts.

5.2 Running a scan

Create a text file with a list of hosts/networks to scan.

$ cd /home/sysadm

$ vi scanme.txt

Add one host, network per line, like this:

10.10.0.250 10.10.2.5 ... etc.

Check the manual for the client to understand its parameters:

$ man openvas-client Then, run the client like this:

$ sudo openvas-client -q 127.0.0.1 9390 sysadm nsrc+ws scanme.txt \ openvas-output-.html -T txt -V -x

Alternatively, you can export into prettier HTML format with:

3

(4)

$ sudo openvas-client -q 127.0.0.1 9390 sysadm nsrc+ws scanme.txt \ openvas-output.txt -T html -V -x

You might have to transfer that file to your laptop so that you can open it with a browser.

5.3 Keeping track of changes

You could take advantage of concurrent versioning systems like Subversion or Git to keep track of changes in the hosts you scan.

• Create a git repository

• Add a cron job to scan hosts periodically (e.g. once a month)

• Use -T txt or -T xml report format

• Update the repository after each run

• Add a post-commit hook on Git to generate e-mails with diffs

—End

4

References

Related documents

Att det inte fanns någon signifikant korrelation mellan andel registrerade grisar och gödslingar samt urineringar på varje delyta (med undantag för urineringar på betesytan) tyder

Continual theorizing consists of several generic activities such as search and supply (of relevant extant knowledge to be valued and possibly used in the AR research

Dessa förvaltningar har behov av digitala lösningar och det finns förstås företag som attraheras av dessa efterfrågeförutsättningar (många potentiella köpare med delvis

Partial Balayage and the Inverse Problem of Potential Theory Tomas Sjödin Department of Mathematics, Linköping University, Linköping, Sweden... Although it is nowadays suspected

In the present thesis, computer-assisted reading intervention with a phonics approach was examined in deaf and hard of hearing children (DHH) aged 5, 6 or 7 years old

Since the deviation of CO 2 in the exhaust is bigger than the deviation of CO 2 in the inlet manifold and because its distribution is not correlating with the increase in water

What is vulnerable in one period may not be vulnerable in the next (Adger 2006). However, in light of the uncertainties of vulnerability assessment methods demonstrated

assessment methodology Agriculture under climate change. in the