After a lot of security related installations and modifications on my test server, I want to test if it is indeed secure. A couple of online scanners were discussed here and here for example, but I want to take it a few steps further. I came across OpenVAS in a training video and will be installing and testing it today.
In the mean time I’ve switched from Kali Linux to Fedora. This last year I’ve switched a couple of times already and now choose a Red Hat / CentOS client for the first time as well. All server related tests and stuff I’ve been up to were on CentOS and I find it more logical to be on such a client as well.
So far I like it a lot. Fedora is very user friendly and I haven’t ran into much trouble yet. For today I’m using a Fedora test machine.
Quick OpenVAS installation
I’m installing it on a Fedora 26 client and will be scanning a CentOS 7 server. Also note, I’m installing this on a test Fedora system that I can completely demolish so for testing purposes I’m disabling my firewall and SELinux. Normally, you’ll can’t do this but I wanted to get up and running quickly.
# systemctl stop firewalld
# systemctl disable firewalld
Disable SELinux in
Add the Atomic repository.
# wget -q -O - http://www.atomicorp.com/installers/atomic |sh
Accept all stuff like the agreement. Then install the software and do the initial setup.
# yum install openvas
Create a simple self-signed certificate (something you also won’t ever do in a production environment)
# openvas-mkcert-client -n om -i
Download latest definitions and start services:
# openvasmd --rebuild --progress
# systemctl restart openvas-scanner
# systemctl restart openvas-manager
# systemctl enable openvas-scanner
# systemctl enable openvas-manager
Now your security testing system should be up and running.
Surf to the address of your new system and start the wizard via Scans – Tasks and then the purple wand at the to left. This scans your server without logging in to it (a first scan a hacker would do most probably). This can really take a while, it isn’t done in a couple of minutes. Mine took 20 minutes or something.
For a scan that also logs in at your server, perform a couple of steps.
- Configuration – Credentials. Add the appropriate admin or root login credentials. You can also point to your SSH private key if you use key based authentication
- Configuration – Targets. Add the server you want to have scanned and specifi your SSH port number is this is not the default
- Scans – Tasks. Add a new task with the star symbol at the top left. Here you can also choose your scan config, which for the first scan is best to leave at ‘Full and Fast’
This will be enough for a full system scan and also takes a while (30 minutes or so). It’s really awesome to make your servers more secure in this way, you’ll learn a lot.
UPDATE: Alternatively you can download the VM appliance which I also had running rather quickly in VMWare Workstation. It should also be Virtualbox compatible. The admin interface only had some quirks for me but you’ll manage.