Complete Install OpenVAS 8 in Ubuntu 14.04 using PPA

Pretty irritating to install OpenVAS 8 in Ubuntu 14.04. Just take a lot of time and effort. Here i am disclosing the full methods needed needed to get OpenVAS 8 fully working with all the deep scanning and optional plugins as well.

Required OpenVAS libraries

Before we began, make sure the following commands are available.

sudo apt-get install -y build-essential devscripts dpatch libassuan-dev \
 libglib2.0-dev libgpgme11-dev libpcre3-dev libpth-dev libwrap0-dev libgmp-dev libgmp3-dev \
 libgpgme11-dev libopenvas2 libpcre3-dev libpth-dev quilt cmake pkg-config \
 libssh-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev \
 doxygen sqlfairy xmltoman sqlite3 libsqlite3-dev wamerican redis-server libhiredis-dev libsnmp-dev \
 libmicrohttpd-dev libxml2-dev libxslt1-dev xsltproc libssh2-1-dev libldap2-dev autoconf nmap libgnutls-dev \
libpopt-dev heimdal-dev heimdal-multidev libpopt-dev mingw32 

sudo apt-get install make git screen rsync sudo software-properties-common sqlite3 alien nsis rpm nmap libcurl4-gnutls-dev w3af-console python-setuptools pnscan netdiag slapd ldap-utils snmp ike-scan zip aptitude xsltproc texlive-latex-base texlive-latex-extra texlive-latex-recommended htmldoc w3af-console

Then install Ruby 2.2.3

git clone git:// .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL

git clone git:// ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
exec $SHELL

git clone ~/.rbenv/plugins/rbenv-gem-rehash

rbenv install 2.2.3
rbenv global 2.2.3
ruby -v

Adding OpenVAS 8 PPA

once the above are done try to add the PPA as below,

sudo add-apt-repository ppa:mrazavi/openvas
sudo apt-get update
sudo apt-get install openvas

Install OpenVAS 8 database

once you've installed openvas, do the following

sudo openvas-nvt-sync
sudo openvas-scapdata-sync
sudo openvas-certdata-sync

sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo openvasmd --rebuild --progress

Install OpenVAS 8 PDF Support

Once you do that remember to install the following to enable pdf report

apt-get install texlive-full
(this is not optimal thou, this installs a bunch of packets..)

Check OpenVAS 8 Setup

And make sure that everything is ok

wget --no-check-certificate
 chmod 0755 openvas-check-setup
 ./openvas-check-setup --v8 --server

Plugins Executable

Now, let's try to make all OpenVAS 8 plugins executable

chmod +x /usr/lib/openvas/plugins/*

This is optional though.

Adding OpenVAS 8 Deep scan Support

And for deep scan, you might want to manually install these as well,

Adding DIRB:
apt-get install libcurl4-gnutls-dev
wget -c '' -O dirb222.tar.gz
tar -zxvf dirb222.tar.gz
cd dirb
make install
Test installation:
ln -s /usr/local/bin/dirb /usr/bin/

Adding nikto:

cd nikto-master/programs
cp * /usr/local/bin/
ln -s /usr/local/bin/ /usr/bin/

Add wapiti:

sudo apt-get install python-setuptools
wget -O wapiti-2.3.0.tar.gz ""
tar zxvf wapiti-2.3.0.tar.gz
cd wapiti-2.3.0
python install
ln -s /usr/local/bin/wapiti /usr/bin/

Add arachni:

gem install arachni
ln -s /var/lib/gems/1.9.1/bin/arachni* /usr/bin
export PATH="${PATH}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/var/lib/gems/1.9.1/bin"

Others Options plugins are install via apt-get on the requirement page.

Please take note the above process is pretty long. Hence, do use screen for all your installation session. Once you've done that, you can login into https://ip:443 with "admin" as username and password.

Useful Links

Here are some links that assist with the above OpenVAS 8 installation.


OpenVAS 8 503 – Service temporarily down

Ok, this is a nightmare, when you found out you did something unknown and break your OpenVAS and every time you tries to start a task, you get a 503 - Service temporarily down message. And whatever you do, its not recovering. Most likely you would go reinstall the whole OpenVAS 8. The real issue is that it takes too long to get everything setup, especially if you want EVERYTHING to be ready and good to go. I know, i have been there.

503 - Service temporarily down

The issue started when i trying to figure out why scan result isn't working for me. I accidentally updated the cert and everything just go down hill from there. Hence, the only way is to figure out what happen. And the following solution seems to work for me.

openvas-mkcert-client -n om -i
openvas-nvt-sync --wget
/etc/init.d/openvas-scanner stop; /etc/init.d/openvas-manager stop;
rm /var/lib/openvas/mgr/tasks.db
openvasmd --progress --rebuild -v

What this does is to remove ALL your task. And rebuild it again. It seems that somehow when we refresh the cert, all the task that bind with the old cert can't seems to perform a handshake with the new cert that i have generated. Hence, removing everything and redo it again seems to solve this problem.

**** UPDATES 20/12/2015 ****
Apparently, Michael Meyer saw this article and somehow added and correctly provided alternative as show below,

"Updating Scanner Certificates

If you have changed the CA certificate used to sign the server and client
certificates or the client certificate itself you will need to update the
certificates in Manager database as well.

The database can be updated using the following command:

$ openvasmd --modify-scanner <uuid> \
--scanner-ca-pub <cacert> \
--scanner-key-pub <clientcert> \
--scanner-key-priv <clientkey>

<uuid> refers to the UUID used by OpenVAS Manager to identify the scanner; the UUID can be retrieved with "openvasmd --get-scanners"
<cacert> refers to the certificate of the CA used to sign the scanner certificate
<clientcert> refers to the certificate Manager uses to authenticate when connecting to the scanner
<clientkey> refers to the private key Manager uses to authenticate when connecting to the scanner"

For more information and other options do go to where you would find more options and may be helps to resolve your issue.

All credits goes to Michael Meyer and thanks for the update!