From Fedora Project Wiki
No edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
|setup= | |setup= | ||
* A remote host with various network services (SSH, HTTP, DNS, SMTP ...). | * A remote host with various network services (SSH, HTTP, DNS, SMTP ...). | ||
For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail | For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail; with ports opened in the firewall (or disable iptables temporary with: '''service iptables stop''') | ||
* Install OpenVAS packages: | * Install OpenVAS packages: | ||
<pre>yum install openvas-scanner openvas-libraries openvas-client</pre> | <pre>yum install openvas-scanner openvas-libraries openvas-client</pre> | ||
|actions= | |actions= | ||
# Start | # Start OpenVAS scanner: '''/etc/init.d/openvas-scanner''' | ||
# | # Create a new certificate: '''openvas-mkcert''' | ||
# | # Add a OpenVAS user: '''openvas-adduser''' | ||
# Update the NVTs: '''openvas-nvt-sync''' | |||
# Restart OpenVAS scanner (take a while for the first time): '''/etc/init.d/openvas-scanner restart''' | |||
# Start OpenVAS client: '''openvas-client''' (Or System Tools > OpenVAS Client) | |||
# Create a new scan using the client and wait until it finishes. | |||
# Export the report to a HTML or PDF. | |||
|results= | |results= | ||
The | # The scan should finish correctly. | ||
# | # In the report, you should see the network services being scanned and vulnerabilities reported if exist. | ||
}} | }} | ||
Revision as of 06:48, 28 May 2011
Description
Using OpenVAS to scan a hosts or network for vulnerabilities.
Setup
- A remote host with various network services (SSH, HTTP, DNS, SMTP ...).
For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail; with ports opened in the firewall (or disable iptables temporary with: service iptables stop)
- Install OpenVAS packages:
yum install openvas-scanner openvas-libraries openvas-client
How to test
- Start OpenVAS scanner: /etc/init.d/openvas-scanner
- Create a new certificate: openvas-mkcert
- Add a OpenVAS user: openvas-adduser
- Update the NVTs: openvas-nvt-sync
- Restart OpenVAS scanner (take a while for the first time): /etc/init.d/openvas-scanner restart
- Start OpenVAS client: openvas-client (Or System Tools > OpenVAS Client)
- Create a new scan using the client and wait until it finishes.
- Export the report to a HTML or PDF.
Expected Results
- The scan should finish correctly.
- In the report, you should see the network services being scanned and vulnerabilities reported if exist.