[CentOS] Install OpenVAS on CentOS Linux release 8.2.2004 (Core)

Wed Aug 12 17:34:25 UTC 2020
Kaushal Shriyan <kaushalshriyan at gmail.com>

On Wed, Aug 12, 2020 at 4:05 PM Kaushal Shriyan <kaushalshriyan at gmail.com>
wrote:

>
>
> On Wed, 12 Aug 2020 at 13:11, Nicolas Kovacs <info at microlinux.fr> wrote:
>
>> Le 11/08/2020 à 17:42, Kaushal Shriyan a écrit :
>> > I am running CentOS Linux release 8.2.2004 (Core). Are there any
>> > instructions to install OpenVAS for CentOS Linux release 8.2.2004
>> (Core)?
>> >
>> > Thanks in advance and I look forward to hearing from you.
>>
>> For what it's worth, here's my archived blog article about installing
>> OpenVAS
>> on CentOS 7:
>>
>> https://oldblog.microlinux.fr/openvas-centos-epel/
>>
>> As far as I can tell, installing OpenVAS with Docker is the easiest way
>> nowadays.
>>
>> Cheers,
>>
>> Niki
>
>
> Thanks Niki for the email and much appreciated. I will go through it and
> get in touch if I encounter any issues. Thanks in Advance
>
> Best Regards,
>
> Kaushal
>

Hi Niki,

I am running CentOS Linux release 7.8.2003 (Core) and have followed
https://oldblog.microlinux.fr/openvas-centos-epel/
I am encountering errors and the details are as below:-

Error: md5sums not correct. Your NVT collection might be broken now.
> ERROR: The NVT collection is very small.
> ERROR: Your OpenVAS-8 installation is not yet complete!



> #openvas-check-setup
> openvas-check-setup 2.3.3
>   Test completeness and readiness of OpenVAS-8
>   (add '--v6' or '--v7' or '--v9'
>    if you want to check for another OpenVAS version)
>   Please report us any non-detected problems and
>   help us to improve this check routine:
>   http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
>   Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the
> problem.
>   Use the parameter --server to skip checks for client tools
>   like GSD and OpenVAS-CLI.
> Step 1: Checking OpenVAS Scanner ...
>         OK: OpenVAS Scanner is present in version 5.0.6.
>         OK: OpenVAS Scanner CA Certificate is present as
> /etc/pki/openvas/CA/cacert.pem.
>         OK: redis-server is present in version v=3.2.12.
>         OK: scanner (kb_location setting) is configured properly using the
> redis-server socket: /run/redis/redis.sock
>         OK: redis-server is running and listening on socket:
> /run/redis/redis.sock.
>         OK: redis-server configuration is OK and redis-server is running.
>         ERROR: The NVT collection is very small.
>         FIX: Run a synchronization script like openvas-nvt-sync or
> greenbone-nvt-sync.
>  ERROR: Your OpenVAS-8 installation is not yet complete!
> Please follow the instructions marked with FIX above and run this
> script again.
> If you think this result is wrong, please report your observation
> and help us to improve this check routine:
> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
> Please attach the log-file (/tmp/openvas-check-setup.log) to help us
> analyze the problem.
> [root at openvascentos7 ~]# cat /tmp/openvas-check-setup.log
> openvas-check-setup 2.3.3
>   Mode:  desktop
>   Date:  Wed, 12 Aug 2020 22:58:45 +0530
> Checking for old OpenVAS Scanner <= 2.0 ...
> /usr/bin/openvas-check-setup: line 163: openvasd: command not found
> Checking presence of OpenVAS Scanner ...
> OpenVAS Scanner 5.0.6
> Most new code since 2005: (C) 2015 Greenbone Networks GmbH
> Nessus origin: (C) 2004 Renaud Deraison <deraison at nessus.org>
> License GPLv2: GNU GPL version 2
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Checking OpenVAS Scanner version ...
>         OK: OpenVAS Scanner is present in version 5.0.6.
> plugins_folder = /var/lib/openvas/plugins
> cache_folder = /var/cache/openvas
> include_folders = /var/lib/openvas/plugins
> max_hosts = 30
> max_checks = 10
> be_nice = no
> logfile = /var/log/openvas/openvassd.log
> log_whole_attack = no
> log_plugins_name_at_load = no
> dumpfile = /var/log/openvas/openvassd.dump
> cgi_path = /cgi-bin:/scripts
> optimize_test = yes
> checks_read_timeout = 5
> network_scan = no
> non_simult_ports = 139, 445
> plugins_timeout = 320
> scanner_plugins_timeout = SCANNER_NVT_TIMEOUT
> safe_checks = yes
> auto_enable_dependencies = yes
> use_mac_addr = no
> nasl_no_signature_check = yes
> drop_privileges = no
> unscanned_closed = yes
> unscanned_closed_udp = yes
> vhosts =
> vhosts_ip =
> report_host_details = yes
> cert_file = /etc/pki/openvas/CA/servercert.pem
> key_file = /etc/pki/openvas/private/CA/serverkey.pem
> ca_file = /etc/pki/openvas/CA/cacert.pem
> kb_location = /run/redis/redis.sock
> timeout_retry = 3
> rules = /etc/openvas/openvassd.rules
> port_range = default
> silent_dependencies = no
> save_knowledge_base = no
> kb_restore = no
> only_test_hosts_whose_kb_we_dont_have = no
> only_test_hosts_whose_kb_we_have = no
> kb_dont_replay_scanners = no
> kb_dont_replay_info_gathering = no
> kb_dont_replay_attacks = no
> kb_dont_replay_denials = no
> kb_max_age = 864000
> slice_network_addresses = no
> config_file = /etc/openvas/openvassd.conf
> Checking OpenVAS Scanner CA cert ...
>         OK: OpenVAS Scanner CA Certificate is present as
> /etc/pki/openvas/CA/cacert.pem.
> Checking presence of redis ...
>         OK: redis-server is present in version v=3.2.12.
> Checking if redis-server is configured properly to run with openVAS ...
>         OK: scanner (kb_location setting) is configured properly using the
> redis-server socket: /run/redis/redis.sock
> Checking if redis-server is running ...
>         OK: redis-server is running and listening on socket:
> /run/redis/redis.sock.
>         OK: redis-server configuration is OK and redis-server is running.
> Checking NVT collection ...
>         ERROR: The NVT collection is very small.
>         FIX: Run a synchronization script like openvas-nvt-sync or
> greenbone-nvt-sync.
> [root at openvascentos7 ~]#


#openvas-nvt-sync
> [i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.
> [i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'.
> [i] Online information about this feed: '
> http://www.openvas.org/openvas-nvt-feed.html'.
> [i] NVT dir: /var/lib/openvas/plugins
> [w] Could not determine feed version.
> [i] rsync is not recommended for the initial sync. Falling back on http.
> [i] Will use wget
> [i] Using GNU wget: /usr/bin/wget
> [i] Configured NVT http feed:
> http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
> [i] Downloading to:
> /tmp/openvas-nvt-sync.GwFkbeYeaE/openvas-feed-2020-08-12-22369.tar.bz2
> --2020-08-12 23:00:04--
> http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
> Resolving www.openvas.org (www.openvas.org)... 45.135.105.67,
> 2a0e:6b40:10::67
> Connecting to www.openvas.org (www.openvas.org)|45.135.105.67|:80...
> connected.
> HTTP request sent, awaiting response... 301 Moved Permanently
> Location: https://www.openvas.org/openvas-nvt-feed-current.tar.bz2
> [following]
> --2020-08-12 23:00:04--
> https://www.openvas.org/openvas-nvt-feed-current.tar.bz2
> Connecting to www.openvas.org (www.openvas.org)|45.135.105.67|:443...
> connected.
> HTTP request sent, awaiting response... 404 Not Found
> 2020-08-12 23:00:05 ERROR 404: Not Found.
> [i] Checking dir: ok
> [i] Checking MD5 checksum: /usr/bin/md5sum:
> /var/lib/openvas/plugins/md5sums: No such file or directory
> not ok
> Error: md5sums not correct. Your NVT collection might be broken now.
> Please try this for details: cd "/var/lib/openvas/plugins" ;
> /usr/bin/md5sum -c "/var/lib/openvas/plugins/md5sums" | less


Thanks in advance and I look forward to hearing from you.

Best Regards,

Kaushal