下面是两种 OpenVAS 的安装方式,在 Debian 7/8 上测试通过。
第一种是添加 Kali 源的安装方式,第二种是源码编译安装方式。
关于 OpneVAS 的配置和更新,可参考 OpenVAS 配置更新
若遇到网络问题,可参考文末的代理解决方案。
(OpenVAS 默认扫描配置可能扫描不出端口,需克隆 Fast and Full 配置后,勾选 Port scanners 并保存。)
添加 Kali 源的安装方式
系统版本 Debian GNU/Linux 8.6 (jessie) ,
向 /etc/apt/sources.list 添加中科大的 kali 源:
echo "deb http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib" > /etc/apt/sources.list下载 kerying 防止 hash 校验错误:
wget http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2015.2_all.deb
dpkg -i kali-archive-keyring_*.deb 更新源:
apt-get update安装 OpenVAS
apt-get install openvas如果报错
libvlccore8 : Breaks: vlc (< 2.2.4-7~) but 2.2.4-1~deb8u1 is to be installed
Breaks: vlc-nox (< 2.2.4-7~) but 2.2.4-1~deb8u1 is to be installed先安装 libvlccore8
apt-get install libvlccore8(注意:安装好后如果有图形界面可能会出现异常,原因不明)
再重新安装 OpenVAS。
第一次安裝设定
openvas-setup(scapdata 和 certdata 同步较慢,如果卡住可以按 control+c 跳过)
检查安装是否正确
openvas-check-setup安装好后默认用户名是 admin,密码是一串随机 ID,可以自行更改
openvasmd --user=admin --new-password=admin完成后访问 https://127.0.0.1:9392/ 即可。
如果需要配置外部访问,分别编辑三个配置文件:
# Debian 8
vi /lib/systemd/system/greenbone-security-assistant.service
vi /lib/systemd/system/openvas-manager.service
vi /lib/systemd/system/openvas-scanner.service
# Debian 7
vi /etc/default/greenbone-security-assistant将监听 IP 从 127.0.0.1 改为 0.0.0.0。
保存后需用 systemctl 重新加载
systemctl daemon-reload然后重启openvas服务
openvas-stop
openvas-start参考资料:
Kali 2.0 中 OpenVAS 安装配置
安裝 OpenVAS 8
源码编译安装方式
安装过程:(参考 Install OpenVAS 8 on Debian Jessie)
1. 依赖包安装
apt-get install build-essential cmake bison flex libpcap-dev pkg-config libglib2.0-dev libgpgme11-dev uuid-dev \
sqlfairy xmltoman doxygen libssh-dev libksba-dev libldap2-dev \
libsqlite3-dev libmicrohttpd-dev libxml2-dev libxslt1-dev \
xsltproc clang rsync rpm nsis alien sqlite3 libhiredis-dev libgcrypt11-dev libgnutls28-dev redis-server texlive-latex-base2.源码获取、编译安装
wget http://wald.intevation.org/frs/download.php/2351/openvas-libraries-8.0.8.tar.gz
wget http://wald.intevation.org/frs/download.php/2367/openvas-scanner-5.0.7.tar.gz
wget http://wald.intevation.org/frs/download.php/2359/openvas-manager-6.0.9.tar.gz
wget http://wald.intevation.org/frs/download.php/2363/greenbone-security-assistant-6.0.11.tar.gz
wget http://wald.intevation.org/frs/download.php/2332/openvas-cli-1.4.4.tar.gz依次解压并在源码目录中执行命令:
cmake .
make
make doc
make install如果 openvas-manager-6.0.9 编译安装失败,需要修改源码,
报错信息如下:
openvas-manager-6.0.9里的 ./src/manage_sql.c 错误处理():
manage_sql.c:2656:10: error: ignoring return value of 'strtol'修正方案:修改源码,加一个临时变量随便用下,比如:
long int tmp;
tmp = strtol (stripped, &stripped_end, 10);
tmp++; // since I don't want the "set but not used" error3. 配置过程和检查
ldconfig
wget --no-check-certificate https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup
chmod +x openvas-check-setup && ./openvas-check-setup --v84. 数据更新
生成证书
openvas-mkcert
openvas-mkcert-client -n -i更新数据
openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync(scapdata 和 certdata 更新较慢,如果卡住可以按 control+c 跳过)
添加用户
openvasmd --create-user=admin --role=Admin
# 这里需要记录admin的密码5. 配置redis服务
/etc/redis/redis.conf添加配置
unixsocket /tmp/redis.sock
unixsocketperm 777
dir /var/dump # create and chmod with root重启服务
mkdir /var/dump
service redis-server restart 6. 初始化数据库
openvasmd --rebuild --progress7. 程序启动
openvassd --listen=127.0.0.1
openvasmd --listen=127.0.0.1
gsad --listen=127.0.0.1完成后访问 localhost 即可。
使用 SSH Tunnel 进行加速
选取一个可以快速访问 openvas.org 的服务器
(测试 http://www.openvas.org/openvas-nvt-feed-current.tar.bz2)
ssh -N -D 127.0.0.1:1080 用户名@服务器安装 proxychains
apt-get install proxychains编辑 proxychains 配置
vi /etc/proxychains.conf将 socks4 127.0.0.1 9095 改为 socks5 127.0.0.1 1080
在需要代理的命令前加上 proxychains
root@debian:~# proxychains openvas-nvt-sync --wget
ProxyChains-3.1 (http://proxychains.sf.net)
[i] Using GNU wget: /usr/bin/wget
[i] Configured NVT http feed: http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
[i] Downloading to: /tmp/openvas-nvt-sync.hVqCE5uFcC/openvas-feed-2016-11-07-11619.tar.bz2
-2016-11-07 10:25:18- http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
Resolving www.openvas.org (www.openvas.org)... |DNS-request| www.openvas.org
|S-chain|<>-127.0.0.1:1080<><>4.2.2.2:53<><>-OK
|DNS-response| www.openvas.org is 5.9.98.186
5.9.98.186
Connecting to www.openvas.org (www.openvas.org)|5.9.98.186|:80... |S-chain|<>-127.0.0.1:1080<><>5.9.98.186:80<><>-OK
connected.
HTTP request sent, awaiting response... 200 OK
Length: 27317727 (26M) [application/x-bzip2]
Saving to: ‘/tmp/openvas-nvt-sync.hVqCE5uFcC/openvas-feed-2016-11-07-11619.tar.bz2’
vas-nvt-sync.hVqCE5uFcC/ope 0%[ ] 112.82K 15.5KB/
Hello, I won't waste your time—here's the point:
Millions of people want to download their favorite YouTube videos and tunes but haven't found a reliable website or app that does it without ads or viruses.
That's why I built a minimalistic YouTube downloader for Windows, complete with all the essential features for effortless downloads.
Try my app, and I hope you'll be 100% satisfied.
Download it here: https://youtubedownloaderforpc.com
P.S. The main goal behind launching this app is to eliminate spam ads and viruses, helping to keep the internet safe. If you like the app, please share it with your friends. If this message isn't relevant to you, please ignore it, and I promise you won't receive another email from me about it. Thanks for your understanding.