openvas安装部署

OPENVAS开放式漏洞评估系统组织：ChinaCache-CPIS-opt作者：秦俊涛时间：2012年12月邮箱：juntao.qin@chinacache.com【ppt未完，待续】Openvas介绍•OpenVAS（OpenVulnerabilityAssessmentSystem）开放式漏洞评估系统•很强悍的网络安全扫描器，可以监测出远端系统简单的漏洞、缺少的补丁、开放的端口•Openvas是从Nessus分支出来的扫描工具•OpenvasNVTFeedOpenvas架构Openvas模块•OpenVASScanner–Manytargethostsarescannedconcurrently–OpenVASTransferProtocol(OTP)–SSLsupportforOTP(always)–WMIsupport(optional)•OpenVASAdministrator–OpenVASAdministrationProtocol(OAP)–SSLsupportforOAP(always)–AllOAPcommandsalsoascommandlineparameters–UserManagement–Feedstatusview–FeedsynchronisationOpenvas模块•OpenVASManager–OpenVASManagementProtocol(OMP)–SQLDatabase(sqlite)forconfigurationsandscanresults–SSLsupportforOMP(always)–Manyconcurrentscanstasks(manyOpenVASScanners)–Notesmanagementforscanresults–FalsePositivemanagementforscanresults–Scheduledscans–Flexibleescalatorsuponstatusofascantask–Stop,PauseandResumeofscantasks–Master-SlaveModetocontrolmanyinstancesfromacentralone–ReportsFormatPluginFrameworkwithvariouspluginsfor:XML,HTML,LateX,etc.Openvas模块•GreenboneSecurityAssistant(GSA)–ClientforOMPandOAP–HTTPandHTTPS–Webserveronitsown(microhttpd),thusnoextrawebserverrequired–Integratedonline-helpsystem•GreenboneSecurityDesktop(GSD)–ClientforOMP–Qt-based–RunsonWindows,Linux,etc.–SupportofInternationalization(English,German,French...)•OpenVASCLI–ClientforOMP–RunsonWindows,Linux,etc.InstallOpenvaspackagesInstallOpenvaspackages•wget-q-O-|sh•yuminstalllibopenvas3openvas-scanneropenvas-cliopenvas-administratoropenvas-managergreenbone-security-asssitantgsdlibmicrohttpd10libnet1gpggreenbone-securitylibxsltgcc--skip-broken•openvas-mkcert-client•cpkey_om.pem/var/lib/openvas/private/CA/clientkey.pem•cpcert_om.pem/var/lib/openvas/CA/clientcert.pem•openvas-adduser(accept1.0.0.0/8[networ||host];defaultdeny)(openvasad--enable-modify-settings-cset_role-uopenvas-rAdmin&&touch/var/lib/openvas/user/${username}/isadmin)InstallOpenvaspackages•openvas-nvt-sync•wget•mkdir/etc/openvas/gnupg•gpg--homedir=/etc/openvas/gnupg--importOpenVAS_TI.asc(3.5=sqilite版本)•wget•tarzxvfsqlite-autoconf-3071300.tar.gz•cdsqlite-autoconf-3071300•./configure--prefix=/opt/sqlite&&make&&makeinstall•exportLD_LIBRARY_PATH=/opt/sqlite/lib•(checkingwhethertheCcompilerworks...no•exportLIBS=exportCFLAGS=)InstallOpenvaspackages•/usr/sbin/openvassd-p9390-q•openvasmd--port9390--sport9391•/usr/sbin/gsad•netstat-ntlp|egrep'(openvas|gsad)'•查看端口，看openvas相关进程是否正常启动•官网：•最好搭建本地源•mount/dev/cdrom/mnt/•Cat/etc/yum.repos.d/local.repo•[Local-update]•name=Localrepository•baseurl=file:///mnt•enabled=1•gpgcheck=0InstallOpenvaspackages•wget•Tarzxvfcmake-2.8.10.2.tar.gz&&cdcmake-2.8.10.2&&./bootstrap•Yum–yinstallcompat-gnutls2gnupg2gpgmegraphvizgraphviz-pythonlibksablibmicrohttpdlibtasnllibtool-ltdllm_sensorsmingw32net-snmpnet-snmp-utilsniktonmapopenldap-clientsovaldipinentrypnscanpthpyPdfpython-BeautifulSouppython-fpconstpython-SocksiPypython-sqlite2SOAPpysqlitesqlite-develtetextetex-dvipstetex-fontstetex-latexw3afwmiwordnetxalan-cxerces-clibglib*libgnutls*libgpgme*uuid-dev*InstallOpenvasSourceInstallOpenvasSource