OpenVAS – Vulnerabilty Assessment Tool

OpenVAS is one of the best vulnerability assessment and managment tool available in open source realm. It is easy to install and configure and is easy to manage it. In my several years of IT experience, I have come across various steps and methods to implement OpenVAS on various platforms, however, recently I did a implementation on CentOS and followed the following steps. This has been the simplest & easiest so far. Please feel free to share your experiences on various platforms and I will be happy to publish it.

OpenVAS is very resource hungry and will hog all your hardware resources. A 4 GB ram and at least a dual core processor is a must. To run multiple scans you will need a really strong server with lots of ram and more cores. Generally not recommend to run openvas on a virtual machine. You will get a ready to use VM on OpenVAS website, but neither OpenVAS nor I recommend OpenVAS be used in a production environment on a virtual machine

  1. Install CentOS.
  2. If installing remotely ssh into the server
  3. su – (su minus)
  4. Enter root password
  5. At root prompt enter: 
    1. wget -q -O - http://www.atomicorp.com/installers/atomic |sh
    2. yum install openvas - Answer various questions
    3. openvas-setup - Answer various questions. Generally choose defaults
    4. openvas-certdata-sync
    5. openvasmd --rebuild
    6. openvasmd 
    7. Open browser and type: http://localhost:9392
    8. Restart the machine if it does not start. Generally booting up takes a lot of time. So be very patient
  6. Sub point B & E takes a little time. So be very patient and enjoy your coffee

pic2 pic 1

Using UFW – Uncomplicated Firewall in Ubuntu

UFW is a fantastic easy to use command line firewall software which generally comes bundled in all Ubuntu servers in particular . It is a great tool to work with and handles all major firewalling tasks with lot of ease and is quite user friendly. For desktops users, a GUI is available to handle all firewall activities and the interface makes it quite user friendly even for someone who does not understand firewalls too well. The following commands are a base for doing simple tasks on a server – hardening the Ubuntu server in some ways. These are really basic commands and more can be found on the Ubuntu Help Documentation

The assumption here is that you are connected to a Ubuntu server using SSH and ufw is disabled. By default ufw is disabled in a Ubuntu server.

  1. To enable ufw: sudo ufw enable
  2. Once it is enabled, you must allow SSH so that your current session will continue to work and then block all other services. Selectively you can then allow services, ports, IP address, range of ports etc,
  • sudo ufw allow ssh – This allows ssh
  • sudo ufw default deny – This denies everything else
  • sudo ufw status – This shows current rules that are enabled
  • sudo ufw status numbered – This shows the rules and gives a number which makes it easy to identify
  • sudo ufw allow 25 – This allows smtp service
  • sudo ufw deny 25 – This denies smtp
  • sudo ufw delete 6 – This will delete rule number 6. Rule number 6 is identified after running the command – sudo ufw status numbered
  • sudo ufw allow from 192.168.1.10 to any port 5525 – This opens port # 5525 for a particular IP
  • sudo ufw allow proto udp to any port 10001:15000 – This allows the entire port range of 10001 to 15000 for UDP traffic

Ensure you dont lock yourself out, before you allow ssh. The first two bullets should be run in that sequence. Refer to Ubuntu documentation for detailed ufw usage. It is a great tool to have knowledge about