From Fedora Project Wiki
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Admon/warning | This test case is meant of OpenVAS- | {{Admon/warning | This test case is meant of OpenVAS-8. The version in Fedora 22 (OpenVAS-7) is known to not work well so please install the openvas-8 packages from updates/updates-testing repository or rebuild the openvas-8 packages from rawhide. }} | ||
{{QA/Test_Case | {{QA/Test_Case | ||
|description=This test case tests the ability of OpenVAS to scan a host or network for vulnerabilities. | |description=This test case tests the ability of OpenVAS to scan a host or network for vulnerabilities. | ||
|setup= | |setup= | ||
* A remote host with various network services (SSH, HTTP, DNS, SMTP ...) is required. For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail. | * A remote host with various network services (SSH, HTTP, DNS, SMTP ...) is required. For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail. | ||
* Open ports of the scanned services in the remote host firewall. | * Open ports of the scanned services in the remote host firewall. | ||
* If unsure about the past configuration, bootstrap the environment by removing the openvas* packages, removing all the application files and reinstalling the packages back | * If unsure about the past configuration, bootstrap the environment by removing the openvas* packages, removing all the application files and reinstalling the packages back: | ||
{{ command | OV_RPMS=`rpm -qa|grep openvas` }} | **{{ command | <nowiki>OV_RPMS=`rpm -qa|grep openvas`</nowiki> }} | ||
{{ command | rpm -e $OV_RPMS }} | **{{ command | rpm -e $OV_RPMS }} | ||
{{ command | rm -rf /etc/openvas /etc/pki/openvas /usr/share/openvas /var/log/openvas /var/lib/openvas /var/cache/openvas | **{{ command | rm -rf /etc/openvas /etc/pki/openvas /usr/share/openvas /var/log/openvas /var/lib/openvas /var/cache/openvas }} | ||
* Ensure that {{package|openvas-libraries}}, {{package|openvas-scanner}}, {{package|openvas-manager}}, {{package|openvas-cli}}, {{package|openvas-gsa}} packages are installed | * Ensure that {{package|openvas-libraries}}, {{package|openvas-scanner}}, {{package|openvas-manager}}, {{package|openvas-cli}}, {{package|openvas-gsa}} packages are installed: | ||
{{ command | yum -y install openvas-libraries openvas-scanner openvas-manager openvas-cli openvas-gsa }} | **{{ command | yum -y install openvas-libraries openvas-scanner openvas-manager openvas-cli openvas-gsa }} | ||
* At each step you can verify the current progress with openvas-check-setup script: | |||
**{{ command | openvas-check-setup }} | |||
* Openvas-8 requires redis-server to be configured and running: | |||
**{{command |yum install redis} | |||
|actions= | |actions= | ||
# | # Try to start OpenVAS scanner: | ||
# Check the logs on what is happening: {{command | tail -f /var/log/openvas/openvassd.log }} | #*{{command |service openvas-scanner start}} | ||
# Create a new certificate: {{command |openvas-mkcert}} | # Check the logs on what is happening (as there is no server certificate it should fail to start): | ||
# Add user certificate for the manager to be able to connect to scanner: {{command |openvas-mkcert-client -n -i }} | #*{{command | tail -f /var/log/openvas/openvassd.log }} | ||
# | # Create a new certificate, press "Enter" to use the defaults: | ||
# Restart OpenVAS scanner (take a while for the first time): {{command |service openvas-scanner restart}} | #*{{command |openvas-mkcert}} | ||
# Test that the OpenVAS scanner process openvassd is running: {{ command |ps aux | grep [o]penvassd }} | # Add user certificate for the openvas-manager to be able to connect to scanner: | ||
# Test that the OpenVAS scanner listens on configured port: {{ command |sudo lsof -i -nP | grep [o]penvassd }} | #*{{command |openvas-mkcert-client -n -i }} | ||
# Connect using the gnutls client to scanner port: {{ command | gnutls-cli --insecure -p 9391 127.0.0.1 }}. Start the communication with < OTP/1.0 >. Try to login with the user created above. | # Download the NVTs signatures: | ||
#*{{command |openvas-nvt-sync --wget}} | |||
# Install the redis-server for use with openvas: | |||
#*{{command |yum install redis} | |||
# Configure redis-server for use with openvas: | |||
#*{{command | sed -i -e 's|^# unixsocket|unixsocket|' /etc/redis.conf}} | |||
# Start redis server | |||
#*{{command | service redis start}} | |||
# Restart OpenVAS scanner (take a while for the first time): | |||
#*{{command |service openvas-scanner restart}} | |||
# Test that the OpenVAS scanner process openvassd is running: | |||
#*{{ command |ps aux | grep [o]penvassd }} | |||
# Test that the OpenVAS scanner listens on configured port: | |||
#*{{ command |sudo lsof -i -nP | grep [o]penvassd }} | |||
# Connect using the gnutls client to scanner port: | |||
#*{{ command | gnutls-cli --insecure -p 9391 127.0.0.1 }}. Start the communication with < OTP/1.0 >. Try to login with the user created above. | |||
# Start OpenVAS manager: {{command |service openvas-manager start}} | # Start OpenVAS manager: {{command |service openvas-manager start}} | ||
# Generate a new client certificate for manager to connect to scanner {{command | openvas-mkcert-client -n om -i }} | # Generate a new client certificate for manager to connect to scanner {{command | openvas-mkcert-client -n om -i }} | ||
Revision as of 15:16, 26 June 2015
This test case is meant of OpenVAS-8. The version in Fedora 22 (OpenVAS-7) is known to not work well so please install the openvas-8 packages from updates/updates-testing repository or rebuild the openvas-8 packages from rawhide.
{{QA/Test_Case |description=This test case tests the ability of OpenVAS to scan a host or network for vulnerabilities. |setup=
- A remote host with various network services (SSH, HTTP, DNS, SMTP ...) is required. For example: a Linux server with OpenSSH, Apache HTTPd, ISC BIND, Postfix or Sendmail.
- Open ports of the scanned services in the remote host firewall.
- If unsure about the past configuration, bootstrap the environment by removing the openvas* packages, removing all the application files and reinstalling the packages back:
OV_RPMS=`rpm -qa|grep openvas`rpm -e $OV_RPMSrm -rf /etc/openvas /etc/pki/openvas /usr/share/openvas /var/log/openvas /var/lib/openvas /var/cache/openvas
- Ensure that
openvas-librariesyum -y install openvas-libraries openvas-scanner openvas-manager openvas-cli openvas-gsa
- At each step you can verify the current progress with openvas-check-setup script:
openvas-check-setup
- Openvas-8 requires redis-server to be configured and running:
- {{command |yum install redis}
|actions=
- Try to start OpenVAS scanner:
service openvas-scanner start
- Check the logs on what is happening (as there is no server certificate it should fail to start):
tail -f /var/log/openvas/openvassd.log
- Create a new certificate, press "Enter" to use the defaults:
openvas-mkcert
- Add user certificate for the openvas-manager to be able to connect to scanner:
openvas-mkcert-client -n -i
- Download the NVTs signatures:
openvas-nvt-sync --wget
- Install the redis-server for use with openvas:
yum install redis}
- Configure redis-server for use with openvas:
sed -i -e 's
- Start redis server
service redis start
- Restart OpenVAS scanner (take a while for the first time):
service openvas-scanner restart
- Test that the OpenVAS scanner process openvassd is running:
ps aux | grep [o]penvassd
- Test that the OpenVAS scanner listens on configured port:
sudo lsof -i -nP | grep [o]penvassd
- Connect using the gnutls client to scanner port:
gnutls-cli --insecure -p 9391 127.0.0.1. Start the communication with < OTP/1.0 >. Try to login with the user created above.
- Start OpenVAS manager:
service openvas-manager start - Generate a new client certificate for manager to connect to scanner
openvas-mkcert-client -n om -i - Rebuild the NVT cache database
openvasmd --rebuild - Start OpenVAS manager:
service openvas-manager start - Test that the OpenVAS manager process openvasmd is running:
ps aux | grep [o]penvasmd - Test that the OpenVAS manager listens on configured port:
sudo lsof -i -nP | grep [o]penvasmd - Connect using the gnutls client to manager port:
gnutls-cli --insecure -p 9390 127.0.0.1. Start the communication with < OTP/1.0 >. Try to login with the user created above. - Start OpenVAS client:
openvas-client(or System Tools > OpenVAS Client) - Connect to OpenVAS server with the user created above.
- Create a new scan using the client and wait until it finishes.
- Export the report to HTML or PDF.