OpenVAS packages in recent Ubuntu releases are broken: post-install configuration is incomplete, WebGUI part is missing alltogether. Below are my notes while installing OpenVAS on Ubuntu 23.10 Mantic, using informations bits collected from Greenbone and Stackexchange discussions.
apt install openvas
This pulls quite a few other packages, but doesn't result in functioning OpenVAS.
gvm-setup gvm-check-setup
Lots of vulnerabilities' data will be downloaded.
Checks should pass. netstat -tpln should
show gsad listening on 127.0.0.1:9392.
Accessing WebGUI at https://localhost:9392 will result in, first, redirect error and then in URL not found.
Edit /lib/systemd/system/gsad.service replacing
ExecStart=/usr/sbin/gsad --foreground --listen 127.0.0.1 --port 9392with
ExecStart=/usr/sbin/gsad --foreground --listen 127.0.0.1 --port 9392 --no-redirect
Reload systemd:
systemctl daemon-reload
There is no greenbone-security-assistant package. It's code
to provide management console's WebGUI. Download it from Github using GSA section
of Build from Source instructions by Greenbone. There is no need to build anything. Put
files in /usr/share/gvm/gsad/web/. The empty directory was created by Ubuntu install.
Run
sudo -E -u _gvm -g _gvm gvmd --user=admin --new-password=somepasswordto change administrator's password. By now it should be possible to log in as
admin
at https://localhost:9392
If IPv6 is not enabled, first scan will fail at 0% completion. Either enable IPv6 or
disable Boreas by editing /etc/openvas/openvas.conf and adding
test_alive_hosts_only=no