Why is OpenVAS so necessary to install on centos 7?
Server security is a key factor in the hosting industry. There are many tools available that help us to ensure the proper level of security to our servers. One of them that can protect the server from unauthenticated access is the Open Vulnerability Assessment System
What is the OpenVAS Vulnerability Scanner?OpenVAS is a vulnerability scanner that is provided by Greenbone Networks. It has many built-in tests used to find any vulnerability on the server.
Also, it has a specially designed Web interface that is capable of setting up and running vulnerability scans fastly.
Moreover, OpenVAS has the following features.
1. Unauthenticated testing and authenticated testing.% G" |: S) l2 t- F
2. Various high level and low-level Internet and industrial protocols.
) E# C* k7 }" L& x q3 y! `3. Performance tuning for large-scale scans.
/ V7 Q% [' J9 r& s6 J
How we install OpenVAS on CentOSBefore getting into the installation procedure, we ensure that the following requirements set up with the server.
- Disable SELinux.
- Permit TCP port 9392, 443 and 80.5 V/ c/ r: a3 J+ E
1 }; k; X: n8 c1 i" s# F
1. After that, we download a script by using the following command.
wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh2. Then, we clear YUM and install OpenVAS with the following command
yum clean allyum install openvas4. After that, we start the OpenVAS setup and follow the prompts.
openvas-setup5. Next, we configure the admin user.
openvasmd --user=admin --new-password=MySecretPassword6. Also, we set the NVT signature check value from “YES to No” in /etc/openvas/openvassd.conf.
nasl_no_signature_check = no6. Finally, we restart the following services too.
systemctl enable redissystemctl enable gsadsystemctl enable gvmdsystemctl enable openvas-managersystemctl enable openvas-scannersystemctl restart redissystemctl restart gsadsystemctl restart gvmdsystemctl restart openvas-managersystemctl restart openvas-scannerThat’s it!.
Now, we can access OpenVAS via https://localhost:9392 or https://localhost with the username and password that we’ve previously set.
. c w: Z* M- q% W9 _ n* B3 b3 I* G
Install OpenVAS on CentOS – Common errors and fixNow, let’s see the major reasons for OpenVAS error and how our Support Engineers fix the top errors.
0 r7 J7 x0 j0 ?& a# u3 x& J3 L- pProblem with RedisOften, many customers face an error after installing the OpenVAS on the system.
This is mainly due to a failure to start the Open Vulnerability Assessment System Scanner Daemon. Also, when checks the status, it looks like,
It shows that openvas-scanner doesn’t communicate with Redis.
So, we recreate the/var/run/redis-openvas/redis-server.sock file to solve the error.
mv /var/run/redis-openvas/redis-server.sock redis-server.sock.bktouch /var/run/redis-openvas/redis-server.sockFinally, we restart the openvas-scanner.
systemctl restart openvas-scannerThe service has been activated now.
6 M9 w/ e. b) h( k! x: q7 k: lNVT collectionMostly, the script openvas-setup causes errors at the end of the NVT downloading. And, the log shows the below error.
(openvassd:2272): lib kb_redis-CRITICAL **: get_redis_ctx: redis connection error: No such file or directory. openvassd: no process found(openvassd:2272): lib kb_redis-CRITICAL **: redis_new: cannot access redis at '/var/run/redis/redis.sock'Luckily, we have a command like openvas-check-setup to see what component is causing this error. Also, it gives a detailed description of the error.
ERROR: The number of NVTs in the OpenVAS Manager database is too low.FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT collection and run 'openvasmd --rebuild'.Therefore, rebuilding the NVT collection solve the error.
openvasmd --rebuild
1 T2 J4 c5 G& B9 d N. q8 I! o V4 p: A9 m1 L
ConclusionIn short, OpenVAS is a vulnerability scanner that helps to protect the server from unauthenticated accesses. Today, we saw how our Support Engineersinstall OpenVAS on CentOS 7 and fix the related errors.
7 ]% Q+ P' |0 K$ T0 c( f8 p3 P1 p
) z, z+ d' l/ W, g: \; h3 F0 M& o