QA:Testcase OpenVAS

This test case is meant of OpenVAS-8. The version in Fedora 22 (OpenVAS-7) is known to not work well so please install the openvas-8 packages from updates/updates-testing repository or rebuild the openvas-8 packages from rawhide.

{{QA/Test_Case |description=This test case tests the ability of OpenVAS to scan a host or network for vulnerabilities. |setup=

• A remote host with various network services (SSH, HTTP, DNS, SMTP ...) is required. For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail.
• Open ports of the scanned services in the remote host firewall.
• If unsure about the past configuration, bootstrap the environment by removing the openvas* packages, removing all the application files and reinstalling the packages back:
  • OV_RPMS=`rpm -qa|grep openvas`
  • rpm -e $OV_RPMS
  • rm -rf /etc/openvas /etc/pki/openvas /usr/share/openvas /var/log/openvas /var/lib/openvas /var/cache/openvas
• Ensure that openvas-libraries, openvas-scanner, openvas-manager, openvas-cli, openvas-gsa packages are installed:
  • yum -y install openvas-libraries openvas-scanner openvas-manager openvas-cli openvas-gsa
• At each step you can verify the current progress with openvas-check-setup script:
  • openvas-check-setup
• Openvas-8 requires redis-server to be configured and running:
  • yum install redis

|actions=

1. Try to start OpenVAS scanner:
   • service openvas-scanner start
2. Check the logs on what is happening (as there is no server certificate it should fail to start):
   • tail -f /var/log/openvas/openvassd.log
3. Create a new certificate, press "Enter" to use the defaults:
   • openvas-mkcert
4. Add user certificate for the openvas-manager to be able to connect to scanner:
   • openvas-mkcert-client -n -i
5. Download the NVTs signatures:
   • openvas-nvt-sync --wget
6. Install the redis-server for use with openvas:
   • yum install redis}
7. Configure redis-server for use with openvas:
   • sed -i -e 's
8. Start redis server
   • service redis start
9. Restart OpenVAS scanner (take a while for the first time):
   • service openvas-scanner restart
10. Test that the OpenVAS scanner process openvassd is running:
    • ps aux | grep [o]penvassd
11. Test that the OpenVAS scanner listens on configured port:
    • sudo lsof -i -nP | grep [o]penvassd
12. Connect using the gnutls client to scanner port:
    • gnutls-cli --insecure -p 9391 127.0.0.1 . Start the communication with < OTP/1.0 >. Try to login with the user created above.
13. Start OpenVAS manager: service openvas-manager start
14. Generate a new client certificate for manager to connect to scanner openvas-mkcert-client -n om -i
15. Rebuild the NVT cache database openvasmd --rebuild
16. Start OpenVAS manager: service openvas-manager start
17. Test that the OpenVAS manager process openvasmd is running: ps aux | grep [o]penvasmd
18. Test that the OpenVAS manager listens on configured port: sudo lsof -i -nP | grep [o]penvasmd
19. Connect using the gnutls client to manager port: gnutls-cli --insecure -p 9390 127.0.0.1 . Start the communication with < OTP/1.0 >. Try to login with the user created above.
20. Start OpenVAS client: openvas-client (or System Tools > OpenVAS Client)
21. Connect to OpenVAS server with the user created above.
22. Create a new scan using the client and wait until it finishes.
23. Export the report to HTML or PDF.