Greenbone Openvas vulnerability scanner latest docker instance installation
First of all you need to download ubuntu iso and install a ubuntu os in a vm or physical host. Because this is the requirement. Though kali and sansforensics vm’s are debian based but still you will be encounterd by some error with this. I am assuming that you have a 22.04 LTS ubuntu functional os ready. Now follow along.
Now you need to download the ubuntu iso image for vmware workstation.
I have downloaded this one.
Now install it on your vm. If you need any help then there are lots of videos available in youtube. Please check that out.
Recommended hardware settings:
- CPU Cores: 4
- Random-Access Memory: 8GB
- Hard Disk: 60GB free
You can also start with 2 cpu cores, 4 GB ram and 30 GB disk space but keep in mind that when openvas update its database then your system will be very much slow and you may not be able to use it at the time of updating the database.
Prerequisites:
Install dependencies:
Install ca-certificates, curl and gnupg Debian/Ubuntu packages:
sudo apt install ca-certificates curl gnupgInstalling Docker:
First uninstall conflicting Ubuntu packages by using the below command:
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt remove $pkg; done
Now set up the Docker repository: Copy the whole below commands and paste it on the shell.
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt updateInstall Docker Ubuntu packages:
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-pluginAdd current user to docker group and apply group changes for the current shell environment:
sudo usermod -aG docker $USER && su $USERCreate download directory:
export DOWNLOAD_DIR=$HOME/greenbone-community-container && mkdir -p $DOWNLOAD_DIRThis ends the pre-requisite part. Now we will download and run a script that will do the rest of the job automatically:
Downloading setup script and then start script to the current working directory:
curl -f -O https://greenbone.github.io/docs/latest/_static/setup-and-start-greenbone-community-edition.sh && chmod u+x setup-and-start-greenbone-community-edition.sh
./setup-and-start-greenbone-community-edition.sh
At the last stage of this script installation, it will ask for you to set the admin pass. Provide the admin pass and then access the portal using this url if it does not come automatically.
Now at this point you don’t need to do anything rather than wait for 30 minutes. From the portal navigate to Administration > Feed status
You will see that NVT status is current and others i.e. SCAP, CERT, GVMD_DATA status is Update in progress. Wait for 30 minutes then you are good to go for scan. This script will done all the job for you for the first time.
Done.
Now every time you will not run the script right?
Now when we need to update the feeds?
Each time before you start a scan you need to update the feed first. Otherwise your scan and result will be outdated. So the below 2 feed synchronisation steps you need to do each time before you start a scan.
Updating the Greenbone Community Containers:
I am giving the below two commands just for your reference. You don’t need to run these. When you run the script then these commands are executed to download the community containers.
Downloading the Greenbone Community Containers:
docker compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition pullNow if you found your containers are down for some reasons then you need to up those. For example, by default gsa, gvmd, ospd-openvas, notus-scanner, pg-gvm, mqtt-broker, redis-server these 7 container images are up and running once the script has been run fully. But after reboot I found that ospd-openvas and notus-scanner are down. In order to up those, you can run the below fine tuned command if you wish. I would suggest go directly to feed synchronization steps as this will cover this as well.
Starting the Greenbone Community Containers:
docker compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition up -d ospd-openvas notus-scannerPerforming a Feed Synchronization:
These two steps you need to perform each time before run a scan specially if the gap is in between 1 day. A feed synchronization always consists of two parts:
- Downloading the changes via pulling new container images.
- Loading the changes into memory and a database by a daemon.
First run this command again, if your system is rebooted or coming from a shutdown stage:
export DOWNLOAD_DIR=$HOME/greenbone-community-container && mkdir -p $DOWNLOAD_DIRDownloading the Greenbone Community Edition feed data containers:
docker compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition pull notus-data vulnerability-tests scap-data dfn-cert-data cert-bund-data report-formats data-objectsStarting the Greenbone Community feed data containers:
docker compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition up -d notus-data vulnerability-tests scap-data dfn-cert-data cert-bund-data report-formats data-objectsNow it will be done within 5–10 minutes. But this is not the end actually. When you login to openvas then navigate to Administration > Feed status. In the Status field you will see that Update is progess something like that. You need to wait here for 30 minutes at least. It could be more in some cases. Once you see that all the value in the Status field are Current then you are good to go. Now you can configure your scan and scan the host.
Thanks. I hope this blog will help you to install openvas from scratch from the latest docker container. Please subscribe below.
LinkedIn:
https://www.linkedin.com/in/md-mahimbin-firoj-7b8a5a113/
YouTube:
