From Fedora Project Wiki

Line 14: Line 14:
 
**{{ command | openvas-check-setup }}
 
**{{ command | openvas-check-setup }}
 
* Openvas-8 requires redis-server to be configured and running:
 
* Openvas-8 requires redis-server to be configured and running:
**{{command |yum install redis}
+
**{{command |yum install redis}}
 
|actions=
 
|actions=
 
# Try to start OpenVAS scanner:
 
# Try to start OpenVAS scanner:

Revision as of 15:16, 26 June 2015

Warning.png
This test case is meant of OpenVAS-8. The version in Fedora 22 (OpenVAS-7) is known to not work well so please install the openvas-8 packages from updates/updates-testing repository or rebuild the openvas-8 packages from rawhide.

{{QA/Test_Case |description=This test case tests the ability of OpenVAS to scan a host or network for vulnerabilities. |setup=

  • A remote host with various network services (SSH, HTTP, DNS, SMTP ...) is required. For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail.
  • Open ports of the scanned services in the remote host firewall.
  • If unsure about the past configuration, bootstrap the environment by removing the openvas* packages, removing all the application files and reinstalling the packages back:
    • OV_RPMS=`rpm -qa|grep openvas`
    • rpm -e $OV_RPMS
    • rm -rf /etc/openvas /etc/pki/openvas /usr/share/openvas /var/log/openvas /var/lib/openvas /var/cache/openvas
  • Ensure that Package-x-generic-16.pngopenvas-libraries, Package-x-generic-16.pngopenvas-scanner, Package-x-generic-16.pngopenvas-manager, Package-x-generic-16.pngopenvas-cli, Package-x-generic-16.pngopenvas-gsa packages are installed:
    • yum -y install openvas-libraries openvas-scanner openvas-manager openvas-cli openvas-gsa
  • At each step you can verify the current progress with openvas-check-setup script:
    • openvas-check-setup
  • Openvas-8 requires redis-server to be configured and running:
    • yum install redis

|actions=

  1. Try to start OpenVAS scanner:
    • service openvas-scanner start
  2. Check the logs on what is happening (as there is no server certificate it should fail to start):
    • tail -f /var/log/openvas/openvassd.log
  3. Create a new certificate, press "Enter" to use the defaults:
    • openvas-mkcert
  4. Add user certificate for the openvas-manager to be able to connect to scanner:
    • openvas-mkcert-client -n -i
  5. Download the NVTs signatures:
    • openvas-nvt-sync --wget
  6. Install the redis-server for use with openvas:
    • yum install redis}
  7. Configure redis-server for use with openvas:
    • sed -i -e 's
  8. Start redis server
    • service redis start
  9. Restart OpenVAS scanner (take a while for the first time):
    • service openvas-scanner restart
  10. Test that the OpenVAS scanner process openvassd is running:
    • ps aux | grep [o]penvassd
  11. Test that the OpenVAS scanner listens on configured port:
    • sudo lsof -i -nP | grep [o]penvassd
  12. Connect using the gnutls client to scanner port:
    • gnutls-cli --insecure -p 9391 127.0.0.1 . Start the communication with < OTP/1.0 >. Try to login with the user created above.
  13. Start OpenVAS manager: service openvas-manager start
  14. Generate a new client certificate for manager to connect to scanner openvas-mkcert-client -n om -i
  15. Rebuild the NVT cache database openvasmd --rebuild
  16. Start OpenVAS manager: service openvas-manager start
  17. Test that the OpenVAS manager process openvasmd is running: ps aux | grep [o]penvasmd
  18. Test that the OpenVAS manager listens on configured port: sudo lsof -i -nP | grep [o]penvasmd
  19. Connect using the gnutls client to manager port: gnutls-cli --insecure -p 9390 127.0.0.1 . Start the communication with < OTP/1.0 >. Try to login with the user created above.
  20. Start OpenVAS client: openvas-client (or System Tools > OpenVAS Client)
  21. Connect to OpenVAS server with the user created above.
  22. Create a new scan using the client and wait until it finishes.
  23. Export the report to HTML or PDF.