Tag Archives: information security

Installing OpenVAS 3.1 on CentOS 5.5

Was having some issues installing the latest version (3.1.0) of OpenVAS in a CentOS 5.5 VM today, so I thought I’d throw up a walkthrough in case anyone else was having similar issues. I’m not really a Linux expert, so it may look kind of backwards at times. I’m going to skip the long and tedious Google searches that make me look stupid, and just give you the good parts. There exists limited documentation for versions 1.0 and 2.0, but anything 3.0 and above is a mystery.

First thing, download all the sources. You might also want to run yum update just to be safe. Since this was a brand new VM, this required about 300MB of updates.
Currently, the “full setup” lists the following:

I downloaded and untar’d them all for later. From the limited documentation on the site, I deduced that openvas-libraries should be installed first. cd to that directory.

openvas-libraries

For the cheat codes, skip to the end.

To build and install from source, the usual process is ./configure; make; make install.

To isolate errors, you should run each individually, so ./configure first.

Alright, this has to be written down somewhere, let’s check the install_readme. Apparently we need:

  • libglib >= 2.12
  • libgnutls >= 2.0
  • libpcap
  • libgpgme >= 1.1.2
  • gcc
  • bison
  • flex

To install all of these, run yum -y install glib2-devel gnutls-devel libpcap-devel gcc bison flex. The rest aren’t in the standard CentOS repo.

Now to try ./configure. We get configure: error: "gcrypt.h not found". Now you should be seeing a pattern. Let’s fix this by yum -y install libgcrypt-devel.

We are missing library gpgme. Yum comes up with no results for gpgme, but the script has a link to http://www.gnupg.org/gpgme.html. Download the source code, and extract it to a folder. We have to build and install this before we can get back to the main openvas-libraries installation.
Apparently you need GnuPG2, which can be installed by yum -y install gnupg2. This installs some dependencies, but g13 is still missing. You also need libassuan and libgpg-error, which can be downloaded from http://gnupg.org. Extract both, and ./configure; make; make install. Install libgpg-error first, as it is required for libassuan.

Apparently e2fsprogs-devel is required, but nothing will tell you that. Instead, the program complains about not having uuid and the development libraries. Of course, this took a little while to figure out, since uuid and uuid-devel aren’t in the standard CentOS repos. Instead, you need to install additional repos, and then find out that it still complains. Only after some clever Google searches did I find out about e2fsprogs. yum -y install e2fsprogs-devel.

To build openvas-libraries, you need cmake. Download and install cmake from http://cmake.org. To install cmake, you need to have gcc-c++, and use a different script. yum -y install gcc-c++ to get the c++ compiler. Instead of the usual ./configure; make; make install, you need to ./bootstrap; gmake; make install. Not sure if you really need to use gmake instead of make, but the output of ./bootstrap told me to.

Then, go back to openvas-libraries and make; make install

TL;DR:
Note: file versions may be out of date, please visit the homepages for these tools to get the latest versions.
# yum -y install glib2-devel gnutls-devel libpcap-devel gcc bison flex libgcrypt-devel gnupg2 e2fsprogs-devel gcc-c++
# wget http://wald.intevation.org/frs/download.php/767/openvas-libraries-3.1.2.tar.gz
# wget ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.3.0.tar.bz2
# wget ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.0.1.tar.bz2
# wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.9.tar.bz2
# wget http://www.cmake.org/files/v2.8/cmake-2.8.2.tar.gz
# tar xzf openvas-libraries-3.1.2.tar.gz
# tar xjf gpgme-1.3.0.tar.bz2
# tar xjf libassuan-2.0.1.tar.bz2
# tar xjf libgpg-error-1.9.tar.bz2
# tar xzf cmake-2.8.2.tar.gz
# cd libgpg-error-1.9
# ./configure; make; make install
# cd ../libassuan-2.0.1
# ./configure; make; make install
# cd ../gpgme-1.3.0
# ./configure; make; make install
# cd ../cmake-2.8.2
# ./bootstrap; gmake; make install
# cd ../openvas-libraries
# ./configure; make; make install

openvas-scanner

Next, to install openvas-scanner, extract the files, change to that directory, and
build it.

# wget http://wald.intevation.org/frs/download.php/754/openvas-scanner-3.1.0.tar.gz
# tar xzf openvas-scanner-3.1.0.tar.gz
# cd openvas-scanner-3.1.0
# ./configure; make; make install

Then, add /usr/local/sbin to your PATH variable by adding the following to /etc/profile, before the line that begins EXPORT PATH
PATH=$PATH:/usr/local/sbin

openvas-manager

Next is the manager.

The manager requires sqlite and doxygen, so

# yum -y install sqlite-devel doxygen
Then # cmake .; make; make install

openvas-cli

OpenVAS-Administrator seems to still be in beta, so let’s skip that and go to the CLI.

# cmake .; make; make install

Configuring

First step is to generate a certificate. If you’re like me, you didn’t add /usr/local/sbin to your PATH, so you have to type it manually for this part.

# /sbin/ldconfig /usr/local/lib
# /usr/local/sbin/openvas-mkcert

Follow the instructions and generate your certificates.

Next, run # /usr/local/sbin/openvas-adduser to add a new user. http://www.openvas.org/compendium/adding-new-users.html has details on this. To create an admin user, give the rule default accept.

Run the NVT sync to grab the latest tests:
# /usr/local/sbin/openvas-nvt-sync

openvas-client

Guess what, you need gnutls for this. What’s that you say, you already have gnutls? Nope, apparently the CentOS repo has a version too old for the client.

Get a new version from ftp://ftp.gnu.org/pub/gnu/gnutls/ and install it.

When installing, use ./configure --prefix=/usr/ to specify the location of the installed files.

To be continued…

gsa-desktop

To be continued…