近两年,信息安全要求越来越高,以前流于形式的安全检测变成了每月一次安全扫描和整改。
以前我也偶尔使用openvas扫描下网络上的服务器和网络设备是否有安全漏洞以便修复,不过当初安装openvas可是费了很大力气,在自己的debian9上折腾了几天才安装好。
它长这样子:
每次扫描都有惊喜,最让我感动的是这些弱密码被直接暴出来的:
最近打算测试debian10,顺便安装新的openvas(GVM11),折腾了几天,各种问题比当初还麻烦。
网上找解药才发现debian10已经自带了openvas,虽然不是最新的,但是方便啊。
Debian10安装OpenVAS
两步到位不折腾:
首先安装更新安装源并安装相关组件:
sudo apt update
sudo apt install openvas -y
接下来自动更新NVTs/CVEs等漏洞特征库:
sudo openvas-setup
这一步时间会比较长,大约几个钟头。
注意这一步最后会生成一个随机密码,记得拷贝下来(默认管理员: admin):
3,532,827 100% 66.84kB/s 0:00:51 (xfr#19, to-chk=5/25)
dfn-cert-2019.xml
3,339,209 100% 42.58kB/s 0:01:16 (xfr#20, to-chk=4/25)
sha1sums
1,193 100% 1.14MB/s 0:00:00 (xfr#21, to-chk=3/25)
sha256sums
1,697 100% 12.65kB/s 0:00:00 (xfr#22, to-chk=2/25)
sha256sums.asc
819 100% 6.11kB/s 0:00:00 (xfr#23, to-chk=1/25)
timestamp
13 100% 0.10kB/s 0:00:00 (xfr#24, to-chk=0/25)
sent 1,798 bytes received 63,298,664 bytes 38,586.08 bytes/sec
total size is 63,281,607 speedup is 1.00
/usr/sbin/openvasmd
/usr/bin/openvas-setup: line 18: killall: command not found
User created with password '516548fff-44b9-4f58-aca7-73e58a948ugd'.
如果需要远程访问这台机器的WEB界面,需要修改配置文件并重启服务:
cd /lib/systemd/system
sed -e 's/127.0.0.1/本Debian10的IP地址(如:192.168.100.100)/g' greenbone-security-assistant.service openvas-manager.service -i
systemctl daemon-reload
systemctl reload openvas-manager.service
systemctl restart greenbone-security-assistant.service
之后就可以远程访问了,默认端口是9392:
https://192.168.100.100:9392
定时升级漏洞的特征数据
sudo vi /usr/sbin/update-greenbone-feeds
#!/bin/bash
/usr/sbin/greenbone-nvt-sync
/usr/sbin/greenbone-certdata-sync
/usr/sbin/greenbone-scapdata-sync
/usr/sbin/openvasmd –update –verbose –progress
/etc/init.d/openvas-manager restart
/etc/init.d/openvas-scanner restart
每天一次就够了
sudo crontab -e
0 1 * * * /usr/sbin/update-greenbone-feeds 1>/dev/null 2>/dev/null
可能错误
1.登录界面报错:
Login failed. Waiting for OMP service to become available.
等待openvasmd完成Reloading:
# ps -ef | grep openvas
root 5012 1 0 Dec05 ? 00:00:26 openvassd: Waiting for incoming connections
root 5083 1 0 Dec05 ? 00:00:26 openvassd: Waiting for incoming connections
root 5109 1 0 Dec05 ? 00:00:05 openvasmd
root 5878 5109 0 10:35 ? 00:00:00 openvasmd: Reloading
root 5880 5878 5 10:35 ? 00:00:45 openvasmd: Updating
root 5897 5083 2 10:35 ? 00:00:17 openvassd: Serving /var/run/openvassd.sock
root 6130 556 0 10:49 pts/0 00:00:00 grep openvas
如果长久不完成,重启一次。
2. 长时间扫描后web端报错
An internal error occurred. Diagnostics: Could not authenticate to manager daemon.
修改配置
sudo vi /etc/default/openvas-manager
DAEMON_ARGS="--client-watch-interval=0"
重启服务
systemctl daemon-reload
systemctl reload openvas-manager.service