Kali & OpenVAS

Increasingly we are working with SME clients who have heard of vulnerability scanning and are looking for a cost-effective way of reducing their cyber security risk through this mitigation. Without a doubt the most famous vulnerability scanning product is Nessus, but its close, Open Source, cousin is OpenVAS.

This quick post is to help people who want to leverage the low cost of the RaspberryPi 3B+ and combine it with Kali, which has a pre-compiled OpenVAS package that can be installed and configured using the Kali guide, https://tools.kali.org/vulnerability-analysis/openvas. Where things can get tricky is configuring the setup for headless operation using the web interface, because the Kali configuration assumes the user will be accessing the interface via the localhost, and thus is not listening on the IP address the Pi is using.

I am going to assume the reader has installed OpenVas on Kali on their Pi following the Kali guide, has set the IP address of the Pi to 192.168.1.2 and is using SSH to access the terminal.

When searching for how to change the address the Greenbone Security Assistant and OpenVAS Manager will listen on, most posts seem to point to editing /etc/default/greenbone-security-manager and /etc/default/openvas-manager however when opening these files in an editor such as nano we are presented with the following opening comments:

# NOTE: This file is not used if you are using systemd. The options are

# hardcoded in the openvas-manager.service file. If you want to change

# them you should override the service file by creating a file

# /etc/systemd/system/openvas-manager.service.d/local.conf like this:

# [Service]

# ExecStart=

# ExecStart=/usr/sbin/openvasmd <your desired options>

For the record Kali now uses systemd and note that the comment says you must create a file, so we are not going to be able to just edit an IP address in an existing file. After a bit of searching I have a config for those two files that works – there are bound to be OpenVAS ninjas out there who know some extra parameters etc. that could be set to make things more awesome, but this works:

/etc/systemd/system /greenbone-security-assistant.service

[Service]

ExecStart=/usr/sbin/gsad –foreground –listen=192.168.1.2 –port=9392 –allow-header-host=192.168.1.2 –mlisten=192.168.1.2

Restart=on-failure

RestartSec=10

KillMode=process

/etc/systemd/system /openvas-manager.service

[Service]

ExecStart=/usr/sbin/openvasmd –listen=192.168.1.2 –port=9390

Restart=on-failure

RestartSec=10

KillMode=process

The next trick is to setup a cron job to update the Network Vulnerability Tests (NVT’s), Security Content Automation Protocol (SCAP), and Computer Emergency Readiness Team (CERT) vulnerability data every day. This is done manually through the openvas-feed-update command and to automate the running of this every night at 0100 edit the crontab file and add the following:

0 1 * * * /usr/bin/openvas-feed-update

@reboot /usr/bin/openvas-start

The second line auto starts openvas every time the Pi starts, we must do it this way as by default Kali does not allow network services to persist across reboots

I recommend rebooting now to check the services start properly and to check they are listening on the correct interfaces and port, using:

ss -lnt4

Now you can access the web interface from another computer on your network and all that remains is to configure your scans, but there are many guides and posts on that, so lets not re-invent the wheel. Happy hunting.