From Fedora Project Wiki

(Mark it outdated)
Line 5: Line 5:
 
* A remote host with various network services (SSH, HTTP, DNS, SMTP ...) is required. For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail.
 
* A remote host with various network services (SSH, HTTP, DNS, SMTP ...) is required. For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail.
 
* Open ports of the scanned services in the remote host firewall.
 
* Open ports of the scanned services in the remote host firewall.
* Ensure that {{package|openvas-scanner}}, {{package|openvas-libraries}}, {{package|openvas-client}} packages are installed.
+
* Ensure that {{package|openvas-libraries}}, {{package|openvas-scanner}}, {{package|openvas-manager}}, {{package|openvas-client}} packages are installed.
 
|actions=
 
|actions=
 
# Start OpenVAS scanner: {{command |/etc/init.d/openvas-scanner start}}
 
# Start OpenVAS scanner: {{command |/etc/init.d/openvas-scanner start}}
Line 12: Line 12:
 
# Update the NVTs: {{command |openvas-nvt-sync}}
 
# Update the NVTs: {{command |openvas-nvt-sync}}
 
# Restart OpenVAS scanner (take a while for the first time): {{command |/etc/init.d/openvas-scanner restart}}
 
# Restart OpenVAS scanner (take a while for the first time): {{command |/etc/init.d/openvas-scanner restart}}
 +
# Test that the OpenVAS scanner process openvassd is running: {{ command |ps aux}}
 +
# Test that the OpenVAS scanner listens on configured port: {{ command |sudo lsof -i -nP}}
 +
# Connect using the gnutls client to scanner port: {{ command | gnutls-cli --insecure -p 9391 127.0.0.1 }}. Start the communication with < OTP/1.0 >. Try to login with the user created above.
 
# Start OpenVAS client: {{command |openvas-client}} (or System Tools > OpenVAS Client)
 
# Start OpenVAS client: {{command |openvas-client}} (or System Tools > OpenVAS Client)
 
# Connect to OpenVAS server with the user created above.
 
# Connect to OpenVAS server with the user created above.

Revision as of 05:12, 9 January 2012

Warning.png
This test case could be outdated because newer versions of OpenVAS has new services around OpenVAS Scanner (OpenVAS Manager, OpenVAS Administrator, Greenbone Security Assistant)

Description

This test case tests the ability of OpenVAS to scan a host or network for vulnerabilities.

Setup

  • A remote host with various network services (SSH, HTTP, DNS, SMTP ...) is required. For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail.
  • Open ports of the scanned services in the remote host firewall.
  • Ensure that Package-x-generic-16.pngopenvas-libraries, Package-x-generic-16.pngopenvas-scanner, Package-x-generic-16.pngopenvas-manager, Package-x-generic-16.pngopenvas-client packages are installed.

How to test

  1. Start OpenVAS scanner: /etc/init.d/openvas-scanner start
  2. Create a new certificate: openvas-mkcert
  3. Add a OpenVAS user: openvas-adduser
  4. Update the NVTs: openvas-nvt-sync
  5. Restart OpenVAS scanner (take a while for the first time): /etc/init.d/openvas-scanner restart
  6. Test that the OpenVAS scanner process openvassd is running: ps aux
  7. Test that the OpenVAS scanner listens on configured port: sudo lsof -i -nP
  8. Connect using the gnutls client to scanner port: gnutls-cli --insecure -p 9391 127.0.0.1 . Start the communication with < OTP/1.0 >. Try to login with the user created above.
  9. Start OpenVAS client: openvas-client (or System Tools > OpenVAS Client)
  10. Connect to OpenVAS server with the user created above.
  11. Create a new scan using the client and wait until it finishes.
  12. Export the report to HTML or PDF.

Expected Results

  1. The scan should finish correctly.
  2. In the report, you should see the network services being scanned and vulnerabilities reported.