Install OpenVas security scanner on a Centos 7 server or VPS

Openvas and its web-portal called Greenbone security assistant is a very advanced but easy to use framework for scanning your (customers) servers and network devices for possible vulnerabilities.


1. Add required and some optional packages
yum install wget bzip2 texlive net-tools alien nano nmap screen rsync -y

2. Disable SELINUX.
Edit /etc/selinux/config, save and reboot

3.  Add Atomicorp repo
wget -q -O – | sh

4. Install OpenVAS
yum install openvas

5. edit /etc/redis.conf.
Add/uncomment the following
unixsocket /tmp/redis.sock
unixsocketperm 700

6. Restart Redis
systemctl enable redis && systemctl restart redis

7.  Run openvas-setup
Follow instructions. If rsync throws error, check that your network allows outgoing TCP 873 to internet. Please note: this step can take a very long time depending on your internet connection speed and machines power

8. Go to https://<IP-ADDRESS>:9392 and login to see if it works.

[Optional1] Disable firewall or add exception for tcp port 9392
firewall-cmd –permanent –zone=public –add-port=9392/tcp
firewall-cmd –reload


[Optional2]  Insert your own certiificate for Greenbone Security Assistant (GSAD)
For those who wants to install proper SSL cert. Download certificate and key file to your CentOS box. I place them inside /etc/openvas/ssl.
Edit /etc/sysconfig/gsad and modify the OPTIONS tag e.g.

OPTIONS=”–ssl-certificate=/etc/openvas/ssl/openvas.crt –ssl-private-key=/etc/openvas/ssl/openvas.key”

Restart gsad
systemctl restart gsad

[OPTIONAL3]Those who wants stronger ciphers can will need to add gnutls-priorities, e.g.
OPTIONS=”–ssl-certificate=/etc/openvas/ssl/openvas.crt –ssl-private-key=/etc/openvas/ssl/openvas.key –gnutls-priorities=SECURE128:+SECURE192:-VERS-TLS-ALL:+VERS-TLS1.2″

[OPTIONAL4]Change the default port of openvas/greenbone assistant.

Edit /etc/sysconfig/gsad and change the value  “GSA_PORT=” to for example 443 (which is the default https port)