From Fedora Project Wiki

No edit summary
No edit summary
Line 1: Line 1:
{{Admon/warning | This test case is meant of OpenVAS-7. The version in Fedora 20 (OpenVAS-6) is known to not work well so please rebuild the openvas-7 packages from rawhide. The openvas-gsa package still missing in Fedora }}
{{Admon/warning | This test case is meant of OpenVAS-8. The version in Fedora 22 (OpenVAS-7) is known to not work well so please install the openvas-8 packages from updates/updates-testing repository or rebuild the openvas-8 packages from rawhide. }}
{{QA/Test_Case
{{QA/Test_Case  
|description=This test case tests the ability of OpenVAS to scan a host or network for vulnerabilities.
|description=This test case tests the ability of OpenVAS to scan a host or network for vulnerabilities.  
|setup=
|setup=
* A remote host with various network services (SSH, HTTP, DNS, SMTP ...) is required. For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail.
* A remote host with various network services (SSH, HTTP, DNS, SMTP ...) is required. For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail.
* Open ports of the scanned services in the remote host firewall.
* Open ports of the scanned services in the remote host firewall.
* If unsure about the past configuration, bootstrap the environment by removing the openvas* packages, removing all the application files and reinstalling the packages back
* If unsure about the past configuration, bootstrap the environment by removing the openvas* packages, removing all the application files and reinstalling the packages back:
{{ command | OV_RPMS=`rpm -qa|grep openvas` }}
**{{ command | <nowiki>OV_RPMS=`rpm -qa|grep openvas`</nowiki> }}
{{ command | rpm -e $OV_RPMS }}
**{{ command | rpm -e $OV_RPMS }}  
{{ command | rm -rf /etc/openvas /etc/pki/openvas /usr/share/openvas /var/log/openvas /var/lib/openvas /var/cache/openvas
**{{ command | rm -rf /etc/openvas /etc/pki/openvas /usr/share/openvas /var/log/openvas /var/lib/openvas /var/cache/openvas }}
* Ensure that {{package|openvas-libraries}}, {{package|openvas-scanner}}, {{package|openvas-manager}}, {{package|openvas-cli}}, {{package|openvas-gsa}} packages are installed.
* Ensure that {{package|openvas-libraries}}, {{package|openvas-scanner}}, {{package|openvas-manager}}, {{package|openvas-cli}}, {{package|openvas-gsa}} packages are installed:
{{ command | yum -y install openvas-libraries openvas-scanner openvas-manager openvas-cli openvas-gsa }}
**{{ command | yum -y install openvas-libraries openvas-scanner openvas-manager openvas-cli openvas-gsa }}
 
* At each step you can verify the current progress with openvas-check-setup script:
**{{ command | openvas-check-setup }}
* Openvas-8 requires redis-server to be configured and running:
**{{command |yum install redis}
|actions=
|actions=
# Start OpenVAS scanner: {{command |service openvas-scanner start}}
# Try to start OpenVAS scanner:
# Check the logs on what is happening: {{command | tail -f /var/log/openvas/openvassd.log }}
#*{{command |service openvas-scanner start}}
# Create a new certificate: {{command |openvas-mkcert}}
# Check the logs on what is happening (as there is no server certificate it should fail to start):
# Add user certificate for the manager to be able to connect to scanner: {{command |openvas-mkcert-client -n -i }}
#*{{command | tail -f /var/log/openvas/openvassd.log }}
# Update the NVTs: {{command |openvas-nvt-sync}}
# Create a new certificate, press "Enter" to use the defaults:
# Restart OpenVAS scanner (take a while for the first time): {{command |service openvas-scanner restart}}
#*{{command |openvas-mkcert}}
# Test that the OpenVAS scanner process openvassd is running: {{ command |ps aux &#124; grep [o]penvassd }}
# Add user certificate for the openvas-manager to be able to connect to scanner:
# Test that the OpenVAS scanner listens on configured port: {{ command |sudo lsof -i -nP &#124; grep [o]penvassd }}
#*{{command |openvas-mkcert-client -n -i }}
# Connect using the gnutls client to scanner port: {{ command | gnutls-cli --insecure -p 9391 127.0.0.1 }}. Start the communication with < OTP/1.0 >. Try to login with the user created above.
# Download the NVTs signatures:
#*{{command |openvas-nvt-sync --wget}}
# Install the redis-server for use with openvas:
#*{{command |yum install redis}
# Configure redis-server for use with openvas:
#*{{command | sed -i -e 's|^# unixsocket|unixsocket|' /etc/redis.conf}}
# Start redis server
#*{{command | service redis start}}
# Restart OpenVAS scanner (take a while for the first time):
#*{{command |service openvas-scanner restart}}
# Test that the OpenVAS scanner process openvassd is running:
#*{{ command |ps aux &#124; grep [o]penvassd }}
# Test that the OpenVAS scanner listens on configured port:
#*{{ command |sudo lsof -i -nP &#124; grep [o]penvassd }}
# Connect using the gnutls client to scanner port:
#*{{ command | gnutls-cli --insecure -p 9391 127.0.0.1 }}. Start the communication with < OTP/1.0 >. Try to login with the user created above.
# Start OpenVAS manager: {{command |service openvas-manager start}}
# Start OpenVAS manager: {{command |service openvas-manager start}}
# Generate a new client certificate for manager to connect to scanner {{command | openvas-mkcert-client -n om -i }}
# Generate a new client certificate for manager to connect to scanner {{command | openvas-mkcert-client -n om -i }}

Revision as of 15:16, 26 June 2015

This test case is meant of OpenVAS-8. The version in Fedora 22 (OpenVAS-7) is known to not work well so please install the openvas-8 packages from updates/updates-testing repository or rebuild the openvas-8 packages from rawhide.

{{QA/Test_Case |description=This test case tests the ability of OpenVAS to scan a host or network for vulnerabilities. |setup=

  • A remote host with various network services (SSH, HTTP, DNS, SMTP ...) is required. For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail.
  • Open ports of the scanned services in the remote host firewall.
  • If unsure about the past configuration, bootstrap the environment by removing the openvas* packages, removing all the application files and reinstalling the packages back:
    • OV_RPMS=`rpm -qa|grep openvas`
    • rpm -e $OV_RPMS
    • rm -rf /etc/openvas /etc/pki/openvas /usr/share/openvas /var/log/openvas /var/lib/openvas /var/cache/openvas
  • Ensure that openvas-libraries, openvas-scanner, openvas-manager, openvas-cli, openvas-gsa packages are installed:
    • yum -y install openvas-libraries openvas-scanner openvas-manager openvas-cli openvas-gsa
  • At each step you can verify the current progress with openvas-check-setup script:
    • openvas-check-setup
  • Openvas-8 requires redis-server to be configured and running:
    • {{command |yum install redis}

|actions=

  1. Try to start OpenVAS scanner:
    • service openvas-scanner start
  2. Check the logs on what is happening (as there is no server certificate it should fail to start):
    • tail -f /var/log/openvas/openvassd.log
  3. Create a new certificate, press "Enter" to use the defaults:
    • openvas-mkcert
  4. Add user certificate for the openvas-manager to be able to connect to scanner:
    • openvas-mkcert-client -n -i
  5. Download the NVTs signatures:
    • openvas-nvt-sync --wget
  6. Install the redis-server for use with openvas:
    • yum install redis}
  7. Configure redis-server for use with openvas:
    • sed -i -e 's
  8. Start redis server
    • service redis start
  9. Restart OpenVAS scanner (take a while for the first time):
    • service openvas-scanner restart
  10. Test that the OpenVAS scanner process openvassd is running:
    • ps aux | grep [o]penvassd
  11. Test that the OpenVAS scanner listens on configured port:
    • sudo lsof -i -nP | grep [o]penvassd
  12. Connect using the gnutls client to scanner port:
    • gnutls-cli --insecure -p 9391 127.0.0.1 . Start the communication with < OTP/1.0 >. Try to login with the user created above.
  13. Start OpenVAS manager: service openvas-manager start
  14. Generate a new client certificate for manager to connect to scanner openvas-mkcert-client -n om -i
  15. Rebuild the NVT cache database openvasmd --rebuild
  16. Start OpenVAS manager: service openvas-manager start
  17. Test that the OpenVAS manager process openvasmd is running: ps aux | grep [o]penvasmd
  18. Test that the OpenVAS manager listens on configured port: sudo lsof -i -nP | grep [o]penvasmd
  19. Connect using the gnutls client to manager port: gnutls-cli --insecure -p 9390 127.0.0.1 . Start the communication with < OTP/1.0 >. Try to login with the user created above.
  20. Start OpenVAS client: openvas-client (or System Tools > OpenVAS Client)
  21. Connect to OpenVAS server with the user created above.
  22. Create a new scan using the client and wait until it finishes.
  23. Export the report to HTML or PDF.