OpenVAS: Checking for Holes Before the Hackers Do It for You
By: Steven J. Vaughan-Nichols
I have a friend who believes that his site is too small for crackers to ever bother with. Need I tell you his site was recently cracked open like an egg? You’ve got to take security seriously.
One of the most powerful tools you can use to protect yourself is the Open Vulnerability Assessment System, better known as OpenVAS.
OpenVAS is a framework of services and tools that provides a comprehensive and powerful vulnerability scanning and management package. Wait? Isn’t that the kind of thing hackers use to attack sites as well? Yes, yes it is.
The best defense can be to check your own servers to a fare-thee-well for any known openings and vulnerabilities. You can only lock all your site’s doors and windows once you know which ones are open.
OpenVAS, which is an open-source program, began as a fork of the once-more-popular scanning program, Nessus. Nessus’s parent company, Tenable Network Security, took the program to a proprietary, closed-source license. You can’t keep an open-source program closed, so a group of developers began OpenVAS. Today, the programs have similar functions, but they’ve had over a decade to go their own ways.
OpenVAS is made up of three main parts. These are:
- a regularly updated feed of Network Vulnerability Tests (NVTs);
- a scanner, which runs the NVTs; and
- a SQLite 3 database for storing both your test configurations and the NVTs’ results and configurations.
Optionally, there’s also the Greenbone Security Assistant. This is a web-based graphical interface to the OpenVAS Manager and OpenVAS Administrator. Unless you live and die with the shell, I recommend using Greenbone.
You can run OpenVAS in several ways. If you want to do it from your own desktop, I recommend using Kali Linux. This Linux distribution is designed for penetration testing, or — yes — hacking. Kali doesn’t come with OpenVAS by default, but installing it on Kali Linux is easy.
That said, Kali is no Linux Mint. In other words, it is not an easy-to-use desktop Linux.
You can, of course, install OpenVAS on your server.
Either way, once you’ve got OpenVAS up and running, you’ll need to update your OpenVAS database with the most recent NVTs, Security Content Automation Protocol (SCAP), and Computer Emergency Readiness Team (CERT) vulnerability data. On the Debian/Ubuntu Linux family, you do that with the following commands:
sudo openvas-nvt-sync
sudo openvas-scapdata-sync
sudo openvas-certdata-sync
The NVTs are usually updated on a weekly basis. The others are updated as new vulnerabilities are discovered. Since that’s on an almost daily basis anymore, you’ll want to update them frequently. I automatically update mine on a daily basis with cron.
That done, you restart the the OpenVAS scanner and manager:
sudo service openvas-scanner restart
sudo service openvas-manager restart
And, rebuild the OpenVAS database:
sudo openvasmd — rebuild — progress
Now, you’re ready to start scanning your servers for known security problems with Greenbone. The first time you do it, you’ll get an authentication error. That’s because OpenVAS creates its own self-signed SSL certificate and your browser won’t recognize it. Check it out and if it looks good, go ahead and accept it.
Then, you aim OpenVAS at the domain name or IP address of the server you want to check out and let it run. The easiest way to start is with Greenbone’s quick start wizard.
This does not give you a comprehensive exam, but it’s a good way to get started. Once you get used to OpenVAS, you can use the “Full and very deep ultimate” scan config for, well, full and very deep ultimate scans. This will take its own sweet time. There are almost 50,000 NVTs at this point.
Greenbone will display the results of these scans. On Greenbone look for the Results line. Then, check on the displayed number. This takes you to the Results page. Once there, you can sort the results in a variety of ways. I prefer to sort them by Severity. After all, the more serious the problem, the sooner I want to fix it.
To view the specifics of a vulnerability, click on its name. This will tell you how it was detected, what it could do to your system, and, if you’re lucky, how to fix it.
If it doesn’t, well at least now thanks to OpenVAS you’ll know what to starting looking for. Good hunting!
