Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Greenbone and OpenVAS Scanner (NOT READY YET) - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Greenbone and OpenVAS Scanner (NOT READY YET)

DRAFT - Not ready yet!


This virtual machine comes to you care of $DayJob frustrations and the need to generate logs. This month we are covering log entries and in my lab at work there was a need to trigger some alarms. So I set out to build an OpenVAS [1] suite in order to trigger several different detection systems.

The Greenbone Security Manager [2] provided an excellent, albeit not ‘as’ intuitive as I like, interface for scheduling scans and basically sending out network and application nastiness.


It had been a while since I had last set up an OpenVAS Suite so “to the Google Batman” ... In doing a quick search I located several blog entries on different distribution installs [3] [4] [5] as well as the OpenVAS Docs [6]. In this prep I also was looking for the smoothest distribution for install as this was going to sit as a virtual machine in my $DayJob lab and after searching forums the easiest seems to be Ubuntu on 12.04 LTS.

CentOS Caveats

If you are going to install on CentOS, a couple of observations:

There will likely end up being some errors ( see [7]) to work through.
If you manage to get it working and don’t see traffic leaving yet Greenbone says your job is running? “Audit2Allow [8] is your friend!”

For those that want to take the lazy way out :) the file you are looking for is in /etc/selinux and is config:


General Install Caveats

Syncing from OpenVAS takes a very ...... very long time. Just be patient if you build your own, the initial sync does take a great deal of time (days occasionally). If you don’t want to take the time to install your own, you can download the below Greenbone VM.

Running a Job

<video here>

The Greenbone VM

Size: 2.4 GB
Type: OVF Template
OS: Ubuntu 12.04 (patched as of 16 OCT 2013)
SHA1: a90fd042cafb4971f58b3e420e3a091032d47682

System Account: openvas
System Password: sanstraining

Greenbone Account: admin
Greenbone Password: sanstraining

All passwords will be sanstraining

VM Is set for DHCP on Boot.




Richard Porter || @packetalien || rporter at isc dot sans dot edu ||


173 Posts
ISC Handler
Oct 22nd 2013

Sign Up for Free or Log In to start participating in the conversation!