2014年2月6日 星期四

[研究] OpenVAS 6.0 beta 5 安裝與使用(yum)(Fedora 20 x64)

[研究] OpenVAS 6.0 beta 5 安裝與使用(yum)(Fedora 20 x64)

2014-02-06

官方網站
http://www.openvas.org/

系統架構
http://www.openvas.org/pix/OpenVAS4-Structure.png


作業系統支援情形
http://www.openvas.org/install-packages.html

http://www6.atomicorp.com/channels/atomic/centos/5/x86_64/ 存在
http://www6.atomicorp.com/channels/atomic/centos/5/x86/ 不存在
似乎目前只支援 x86_64 版,不支援 x86 版 ?

官方安裝說明
http://www.openvas.org/install-packages.html

[root@localhost ~]# yum list | grep openvas
openvas-client.x86_64                   3.0.3-8.fc20                     fedora
openvas-libraries.i686                  6.0-4.beta5.fc20                 fedora
openvas-libraries.x86_64                6.0-4.beta5.fc20                 fedora
openvas-libraries-devel.i686            6.0-4.beta5.fc20                 fedora
openvas-libraries-devel.x86_64          6.0-4.beta5.fc20                 fedora
openvas-libraries-doc.x86_64            6.0-4.beta5.fc20                 fedora
openvas-manager.x86_64                  4.0-4.beta5.fc20                 fedora
openvas-manager-sysvinit.x86_64         4.0-4.beta5.fc20                 fedora
openvas-scanner.x86_64                  3.4-2.beta2.fc20                 fedora
openvas-scanner-sysvinit.x86_64         3.4-2.beta2.fc20                 fedora
[root@localhost ~]#

一、OpenVAS Server 安裝

yum  -y  install  openvas*

openvas-mkcert
# 所有回答案Enter

openvas-adduser
# 輸入自己想要的 username 和 password,最後按下 Ctrl-D

openvas-nvt-sync
# 下載數萬個項目,依據網路頻寬,要些時間

service openvas-scanner start
#啟動

實際情況

[root@localhost ~]# openvas-mkcert

-------------------------------------------------------------------------------
                        Creation of the OpenVAS SSL Certificate
-------------------------------------------------------------------------------

This script will now ask you the relevant information to create the SSL certificate of OpenVAS.
Note that this information will *NOT* be sent to anybody (everything stays local), but anyone with the ability to connect to your OpenVAS daemon will be able to retrieve this information.


CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [DE]:
Your state or province name [none]:
Your location (e.g. town) [Berlin]:
Your organization [OpenVAS Users United]:
-------------------------------------------------------------------------------
                        Creation of the OpenVAS SSL Certificate
-------------------------------------------------------------------------------

Congratulations. Your server certificate was properly created.

The following files were created:

. Certification authority:
   Certificate = /etc/pki/openvas/CA/cacert.pem
   Private key = /etc/pki/openvas/private/CA/cakey.pem

. OpenVAS Server :
    Certificate = /etc/pki/openvas/CA/servercert.pem
    Private key = /etc/pki/openvas/private/CA/serverkey.pem

Press [ENTER] to exit


[root@localhost ~]# openvas-adduser
Using /var/tmp as a temporary file holder.

Add a new openvassd user
---------------------------------


Login : admin  (輸入自己想要的帳號)
Authentication (pass/cert) [pass] :
Login password :  (輸入自己想要的密碼)
Login password (again) :  (輸入自己想要的密碼)

User rules
---------------
openvassd has a rules system which allows you to restrict the hosts that admin has the right to test.
For instance, you may want him to be able to scan his own host only.

Please see the openvas-adduser(8) man page for the rules syntax.

Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)


Login             : admin
Password          : ***********

Rules             :


Is that ok? (y/n) [y]
user added.

[root@localhost ~]# openvas-nvt-sync
...(略)

[root@localhost ~]# service openvas-scanner start
Starting openvas-scanner (via systemctl):                            [  OK  ]
[root@localhost ~]#


[root@localhost ~]# netstat -tunpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9391            0.0.0.0:*               LISTEN      7379/openvassd: wai
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3340/sshd
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1541/cupsd
tcp6       0      0 :::22                   :::*                    LISTEN      3340/sshd
tcp6       0      0 ::1:631                 :::*                    LISTEN      1541/cupsd
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           594/avahi-daemon: r
udp        0      0 127.0.0.1:323           0.0.0.0:*                           599/chronyd
udp        0      0 0.0.0.0:38418           0.0.0.0:*                           594/avahi-daemon: r
udp        0      0 0.0.0.0:123             0.0.0.0:*                           599/chronyd
udp6       0      0 ::1:323                 :::*                                599/chronyd
udp6       0      0 :::123                  :::*                                599/chronyd
[root@localhost ~]#

開始測試















(完)

相關

[研究] OpenVAS 6.0 beta 5 安裝與使用(yum)(Fedora 20 x64)
http://shaurong.blogspot.com/2014/02/openvas-60-beta-5-yumfedora-20-x64.html
http://forum.icst.org.tw/phpbb/viewtopic.php?f=14&t=80720

[研究] OpenVAS 安裝與使用(yum)(CentOS 6.5 x64)(失敗)
http://shaurong.blogspot.tw/2014/01/openvas-yumcentos-65-x64.html

[研究] OpenVAS 安裝與使用(yum)(CentOS 6.0 x86_64)(失敗)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=20323

[研究] OpenVAS 安裝與使用(LiveCD)(CentOS 5.5 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=19303

[研究] OpenVAS 安裝與使用(yum)(CentOS 5.5 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=19302

沒有留言:

張貼留言