2018-06-21
官方網站
http://www.openvas.org/
OpenVAS 的版本,是根據 Libraries 的版本
http://www.openvas.org/install-source.html
系統架構
http://www.openvas.org/pix/OpenVAS4-Structure.png
作業系統支援情形
http://www.openvas.org/install-packages.html
支援的 CentOS 版本
http://www6.atomicorp.com/channels/atomic/centos/
目前支援 3、4、5、6、7
官方安裝說明
http://www.openvas.org/install-packages.html
https://wiki.atomicorp.com/wiki/index.php/Atomic
安裝
先關閉 SELinux
| $ su root # vi /etc/selinux/config |
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled <=== 從 enforcing 改為 disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted 別改錯,改到這個了 |
重新啟動作業系統,讓 SELinux 生效
| # vi /etc/selinux/config |
| yum -y update yum install -y wget bzip2 texlive net-tools alien gnutls-utils wget -q -O - https://www.atomicorp.com/installers/atomic | sh yum install openvas -y |
6) edit /etc/redis.conf. Add/uncomment the following
| vi /etc/redis.conf |
| unixsocket /tmp/redis.sock unixsocketperm 700 |
| systemctl enable redis systemctl restart redis openvas-setup firewall-cmd --permanent --add-port=9392/tcp firewall-cmd --reload firewall-cmd --list-port |
瀏覽器連上
| https://<IP-ADDRESS>:9392 |
| openvas-check-setup --v9 |
********************************************************************************
實際情況
[root@localhost ~]# wget -q -O - http://www.atomicorp.com/installers/atomic |sh
Atomic Free Unsupported Archive installer, version 4.0.1
BY INSTALLING THIS SOFTWARE AND BY USING ANY AND ALL SOFTWARE
PROVIDED BY ATOMICORP LIMITED YOU ACKNOWLEDGE AND AGREE:
THIS SOFTWARE AND ALL SOFTWARE PROVIDED IN THIS REPOSITORY IS
PROVIDED BY ATOMICORP LIMITED AS IS, IS UNSUPPORTED AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ATOMICORP LIMITED, THE
COPYRIGHT OWNER OR ANY CONTRIBUTOR TO ANY AND ALL SOFTWARE PROVIDED
BY OR PUBLISHED IN THIS REPOSITORY BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
For supported software packages please contact us at:
sales@atomicorp.com
Do you agree to these terms? (yes/no) [Default: yes] (按下Enter)
Configuring the [atomic] repo archive for this system
Installing the Atomic GPG keys: OK
Downloading atomic-release-1.0-21.el7.art.noarch.rpm: Preparing... ################################# [100%]
Updating / installing...
1:atomic-release-1.0-21.el7.art ################################# [100%]
OK
Enable repo by default? (yes/no) [Default: yes]: (按下Enter)
The Atomic repo has now been installed and configured for your system
The following channels are available:
atomic - [ACTIVATED] - contains the stable tree of ART packages
atomic-testing - [DISABLED] - contains the testing tree of ART packages
atomic-bleeding - [DISABLED] - contains the development tree of ART packages
[root@localhost ~]#
[root@localhost ~]# yum -y upgrade
[root@localhost ~]# yum -y install openvas
[root@localhost ~]# yum list | grep openvas
openvas.noarch 9.0.0-2796.el7.art @atomic
openvas-cli.x86_64 1.4.5-2739.el7.art @atomic
openvas-libraries.x86_64 9.0.1-2735.el7.art @atomic
openvas-manager.x86_64 7.0.2-2737.el7.art @atomic
openvas-scanner.x86_64 5.1.1-2736.el7.art @atomic
openvas-smb.x86_64 1.0.2-1980.el7.art @atomic
openvas-cli-debuginfo.x86_64 1.4.5-2739.el7.art atomic
openvas-libraries-debuginfo.x86_64 9.0.1-2735.el7.art atomic
openvas-libraries-devel.x86_64 9.0.1-2735.el7.art atomic
openvas-manager-debuginfo.x86_64 7.0.2-2737.el7.art atomic
openvas-scanner-debuginfo.x86_64 5.1.1-2736.el7.art atomic
openvas-smb-debuginfo.x86_64 1.0.2-1980.el7.art atomic
OpenVAS 7 會有這兩個
[root@localhost ~]# ls -al /etc/init.d/open*
-rwxr-xr-x. 1 root root 1603 Aug 31 2010 /etc/init.d/openvas-manager-rwxr-xr-x. 1 root root 2013 Jun 10 02:13 /etc/init.d/openvas-scanner
[root@localhost ~]#
OpenVAS 9 沒有
[root@localhost ~]# ls -al /etc/init.d/open*
ls: cannot access /etc/init.d/open*: No such file or directory
[root@localhost ~]#
[root@localhost ~]# openvas-setup
Openvas Setup, Version: 3.0
Step 1: Update NVT, CERT, and SCAP data
Please note this step could take some time.
Once completed, this will be updated automatically every 24 hours
Select download method
* wget (NVT download only)
* curl (NVT download only)
* rsync
Note: If rsync requires a proxy, you should define that before this step.
Downloader [Default: rsync] (按下Enter)
... (略,會下載安裝一堆)
Step 2: Configure GSAD
The Greenbone Security Assistant is a Web Based front end
for managing scans. By default it is configured to only allow
connections from localhost.
Allow connections from any IP? [Default: yes] Redirecting to /bin/systemctl restart gsad.service
Step 3: Choose the GSAD admin users password.
The admin user is used to configure accounts,
Update NVT's manually, and manage roles.
Enter administrator username [Default: admin] : (按下Enter)
Enter Administrator Password: (設定密碼)
Verify Administrator Password: (再次輸入密碼)
Rebuilding NVT cache... done.
Setup complete, you can now access GSAD at:
https://<IP>:9392
Created symlink from /etc/systemd/system/multi-user.target.wants/openvas-scanner.service to /usr/lib/systemd/system/openvas-scanner.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openvas-manager.service to /usr/lib/systemd/system/openvas-manager.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/gsad.service to /usr/lib/systemd/system/gsad.service.
[root@localhost ~]#
Verify Administrator Password: (再次輸入密碼)
Rebuilding NVT cache... done.
Setup complete, you can now access GSAD at:
https://<IP>:9392
Created symlink from /etc/systemd/system/multi-user.target.wants/openvas-scanner.service to /usr/lib/systemd/system/openvas-scanner.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openvas-manager.service to /usr/lib/systemd/system/openvas-manager.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/gsad.service to /usr/lib/systemd/system/gsad.service.
[root@localhost ~]#
(完)
相關
[研究] OpenVAS 9 安裝與使用(yum)(CentOS 7.5 x64)
http://shaurong.blogspot.com/2018/06/openvas-9-yumcentos-75-x64.html
[研究] OpenVAS 9 安裝
http://shaurong.blogspot.com/2017/06/openvas-9.html
[研究] OpenVAS-8 DEMO Virtual Appliance 1.0 安裝
http://shaurong.blogspot.com/2015/05/openvas-8-demo-virtual-appliance-10.html
[研究] OpenVAS-7 DEMO Virtual Appliance 2.4 安裝
http://shaurong.blogspot.com/2015/03/openvas-7-demo-virtual-appliance-24.html
[研究] OpenVAS 7 安裝與使用(yum)(CentOS 7.0 x64)
http://shaurong.blogspot.com/2014/11/openvas-7-yumcentos-70-x64.html
[研究] OpenVAS 6 安裝與使用(yum)(CentOS 7.0 x64)
http://shaurong.blogspot.com/2014/08/openvas-6-yumcentos-70-x64.html
[研究] OpenVAS 6.0 beta 5 安裝與使用(yum)(Fedora 20 x64)
http://shaurong.blogspot.com/2014/02/openvas-60-beta-5-yumfedora-20-x64.html
[研究] OpenVAS 安裝與使用(yum)(CentOS 6.5 x64)
http://shaurong.blogspot.com/2014/01/openvas-yumcentos-65-x64.html
沒有留言:
張貼留言