matthew/DCO-SOGs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
DCO-SOGs/8 Tools/OpenVAS/OpenVas SOP.md

141 lines
4.3 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### ~ Cpl Potter, Nicholas
### This is the SOP for setting up OpenVas
## Installing OpenVas via Terminal
1. Install VMware Kali Linux from [Kali's Website](https://www.kali.org/get-kali/#kali-virtual-machines "https://www.kali.org/get-kali/#kali-virtual-machines")
2. Run commands to make sure your Kali instance is up to date before installing OpenVas (You will need an internet connection to run these properly)
```bash
sudo apt update
```
```bash
sudo apt upgrade -y
```
- The -y will push a Yes to any user input prompts
```bash
sudo apt dist-upgrade -y
```
```bash
sudo apt install openvas
```
### OpenVas is now installed now we have to setup the web interface
```bash
sudo gvm-check-setup
```
(This will verify the installation) 
![alt text](check-setup.png)
```bash
sudo gvm-setup
```
- If gvm-setup does not work you will need to upgrade postgresql
```bash
sudo pg_lsclusters
```
(If you have 2 versions shown follow the rest) ![alt text](lsclusters.png)
```bash
sudo pg_dropcluster 'enter the newest version number' main --stop
```
```bash
sudo pg_upgradecluster 'enter the older versions number' main
```
```bash
sudo pg_dropcluster 'enter the old version number' main
```
```bash
sudo apt purge postgresql-client-15
```
- now try running sudo gvm-setup
## Starting and stopping OpenVas
```bash
sudo gvm-start
```
(Starts the web interface)
2. open browser and navigate to [Web Interface](https://127.0.0.1:9392/ "https://127.0.0.1:9392") 127.0.0.1:9392
- Will bring you to a greenbone login screen
```bash
sudo gvm-stop
```
(Stops the web interface)
## Creating Users
1. In your terminal
```bash
sudo runuser -u _gvm -- gvmd --create-user=username --new-password=password
```
- This command will generate a hash value for the password which will be used to login to the web interface ![alt text](NewUser.png)
## Changing Password to Standard
1. Navigate to [Web Interface](https://127.0.0.1:9392/ "https://127.0.0.1:9392")
2. Login with your created username and the hashed password generated from the terminal
- DO NOT LOSE THE HASHED PASSWORD
3. Click on the person in the top right corner and click my settings ![alt text](person.png)
4. On the My Settings page click the Pen and Paper in the top left above the Gear ![alt text](PenAndPaper.png)
5. Enter the Hashed Password in the Old text box and your Standard Password in the New and Confirm boxes ![alt text](PasswordBox.png)
6. Click save and log back in using new password
# Making Web Interface Accessible from Internal Network
1. Stop the web service
```bash
sudo gvm-stop
```
2. Make sure your workstation IP is the IP you want your web interface to have. ![alt text](openvasip.png)
3. Use your preferred text editor in terminal and navigate to /usr/lib/systemd/system/greenbone-security-assistance.service ![alt text](vim.png)
4. Once in the text editor, go down to the ExecStart line and change the IP from loopback (127.0.0.1) to 0.0.0.0. Leave the port alone. ![alt text](IPchange.png)
5. Exit and save changes to that file then reload the daemon
```bash
sudo systemctl daemon-reload
```
6. Start the web interface and if your workstation is in the Networks IP range you can access the Web Interface IP.
```bash
sudo gvm-start
```
# Creating Targets
1. Access the webserver for [Openvas](https://127.0.0.1:9392/ "https://127.0.0.1:9392") ![alt text](Dashboard.png)
2. Hover over the Configuration tab and click on Targets ![alt text](Targets.png)
3. Once on the Targets page select the Paper with the star on it in the top left to create a new target ![alt text](newtarget.png)
4. A screen will pop up. Give it a descriptive name for the target range, add comments if necessary, put the network range in **x.x.x.x/xx** format and select the Port Range to scan from then click save.
_Port ranges will be made later_
![alt text](targetinfo.png)
# Creating Port Lists
1. Follow Step 1-3 from creating a target **(Selecting Port Lists instead of Targets on Step 2)**
2. Put a descriptive name and a comment if needed. Then fill in your port range **(This field will give you an example of how to define your port ranges T:xx-xx,xx,U:xx-xx,xx)** Then click save
![alt text](newportlist.png)
Reference in New Issue View Git Blame Copy Permalink