openSUSE

How To Install OpenVAS on openSUSE

Install OpenVAS on openSUSE

OpenVAS represents one of the most powerful open-source vulnerability assessment frameworks available today, offering comprehensive security scanning capabilities for networks, systems, and applications. When combined with openSUSE’s enterprise-grade stability and robust package management system, it creates an ideal platform for security professionals and system administrators seeking reliable vulnerability management solutions.

This comprehensive guide will walk you through the complete installation and configuration process of OpenVAS on openSUSE, from initial system preparation through advanced post-installation optimization. Whether you’re a cybersecurity professional, system administrator, or security enthusiast, this tutorial provides the detailed instructions needed to successfully deploy OpenVAS in your environment.

The installation process involves multiple components working together harmoniously: the OpenVAS Scanner engine, Greenbone Vulnerability Manager (GVM), and the Greenbone Security Assistant (GSA) web interface. Each component plays a crucial role in delivering comprehensive vulnerability assessment capabilities that rival commercial solutions.

Understanding OpenVAS Architecture and Components

OpenVAS operates as a sophisticated vulnerability management framework comprising several interconnected services that work together to provide comprehensive security assessment capabilities. The core architecture includes the OpenVAS Scanner, which performs the actual vulnerability tests, and the Greenbone Vulnerability Manager that coordinates scanning operations and manages results.

The OpenVAS Scanner serves as the primary engine responsible for executing Network Vulnerability Tests (NVTs) against target systems. This component maintains an extensive database of vulnerability signatures and testing scripts that are regularly updated to address emerging threats and newly discovered vulnerabilities.

The Greenbone Security Assistant (GSA) provides the web-based interface that users interact with to configure scans, view results, and generate reports. This component transforms complex vulnerability data into actionable insights through intuitive dashboards and comprehensive reporting features.

The Greenbone Vulnerability Manager acts as the central coordination layer, managing scan configurations, user authentication, and result storage. It communicates with the scanner through the OpenVAS Management Protocol (OMP) to orchestrate scanning operations and maintain data consistency.

System Requirements and Prerequisites

Before beginning the installation process, ensure your openSUSE system meets the minimum requirements for optimal OpenVAS performance. The system should have at least 4GB of RAM, though 8GB or more is recommended for larger network environments. Storage requirements include a minimum of 20GB of free disk space to accommodate the vulnerability database and scan results.

Network connectivity plays a critical role in OpenVAS functionality. The system requires internet access for downloading vulnerability feeds and updates. Additionally, if you plan to scan remote systems, ensure proper network routing and firewall configurations are in place.

PostgreSQL databses support is essential for OpenVAS operation, as it stores vulnerability data, scan configurations, and results. The system must have sufficient processing power to handle concurrent scanning operations, with multi-core processors recommended for enterprise environments.

Pre-Installation System Preparation

Updating openSUSE and Managing Packages

System preparation begins with ensuring your openSUSE installation is current with the latest security patches and package updates. Launch the terminal as root or use sudo privileges to execute system maintenance commands.

Update the package repository information and upgrade all installed packages using the zypper package manager. This process ensures compatibility with OpenVAS dependencies and reduces potential conflicts during installation.

sudo zypper refresh
sudo zypper update

The refresh command updates repository metadata, while the update command installs available package upgrades. Allow the process to complete fully before proceeding with OpenVAS installation.

Network and Security Configuration

Configure the system firewall to allow OpenVAS web interface access and inter-component communication. OpenVAS requires several specific ports for proper operation: port 9392 for the Greenbone Security Assistant web interface, port 9390 for the OpenVAS Manager service, and port 9393 for administrative access.

Use the openSUSE firewall configuration tools to open the necessary ports:

sudo firewall-cmd --permanent --add-port=9390/tcp
sudo firewall-cmd --permanent --add-port=9392/tcp
sudo firewall-cmd --permanent --add-port=9393/tcp
sudo firewall-cmd --reload

These commands configure the firewall to permit incoming connections on the required ports while maintaining system security for other services.

Installation Methods and Approaches

YAST2 Installation Method

openSUSE’s YAST2 (Yet another Setup Tool) provides the most straightforward approach for installing OpenVAS and its dependencies. This graphical package management interface handles dependency resolution automatically and ensures proper integration with the openSUSE ecosystem.

Launch YAST2 from the system menu or by executing sudo yast2 in the terminal. Navigate to the Software section and select Software Management to access the package installation interface.

The YAST2 software management tool provides a comprehensive view of available packages, installed software, and dependency relationships. Use the search functionality to locate OpenVAS-related packages efficiently.

Command-Line Installation Alternative

Advanced users may prefer the command-line installation method using zypper, openSUSE’s native package manager. This approach offers greater control over the installation process and enables automation through scripts.

sudo zypper install openvas greenbone-security-assistant

The zypper command automatically resolves dependencies and prompts for confirmation before proceeding with the installation. This method provides detailed information about package changes and system modifications.

Step-by-Step Installation Guide

Core Installation Process

Begin the installation by opening YAST2 and navigating to the Software Management section. The interface displays a comprehensive list of available packages organized by categories and repositories.

In the search field, enter “OpenVAS” to filter the package list and display all OpenVAS-related components. The search results will include the core OpenVAS scanner, management components, and associated libraries required for proper operation.

Select the openvas package from the search results. YAST2 will automatically identify and mark related dependencies for installation, including database drivers, cryptographic libraries, and network communication modules.

Additionally, locate and select the greenbone-security-assistant package, which provides the essential web-based interface for OpenVAS management. This component transforms the command-line vulnerability scanner into a user-friendly web application.

Review the installation summary to verify all required packages are selected. The summary displays disk space requirements, dependency relationships, and potential conflicts that require resolution before proceeding.

Click Accept to begin the installation process. YAST2 will download the selected packages from configured repositories and install them according to dependency requirements. Monitor the installation progress and address any prompts that appear during the process.

Initial Configuration Commands

After successful package installation, execute the OpenVAS setup command to initialize the system configuration and download essential vulnerability databases. This process may take considerable time depending on internet connection speed and system performance.

sudo openvas-setup

The setup command performs multiple critical functions: downloading the latest Network Vulnerability Tests (NVTs), creating the initial database structure, and configuring inter-component communication. Allow the process to complete without interruption to ensure proper system initialization.

Create an administrative user account for OpenVAS management using the adduser command. This account provides access to the web interface and administrative functions:

sudo openvas-adduser

Follow the interactive prompts to specify the username, password, and access privileges for the administrative account. Choose a strong password that meets security best practices for administrative access.

Generate SSL certificates for secure communication between OpenVAS components using the certificate creation utility:

sudo openvas-mkcert

The certificate generation process creates cryptographic keys and certificates required for encrypted communication. Accept the default certificate parameters unless specific customization is required for your environment.

Service Configuration and Network Setup

Configure the OpenVAS Manager to listen on specific network interfaces and ports for client connections. The default configuration restricts access to localhost, which may require modification for remote access scenarios.

sudo openvasmd -p 9300 -a 127.0.0.1

This command configures the OpenVAS Manager daemon to accept connections on port 9300 from the localhost interface. Modify the IP address parameter to enable remote access from specific network segments.

Set up administrative access by configuring an additional listener on port 9393:

sudo openvasmd -a 127.0.0.1 -p 9393

Configure the Greenbone Security Assistant for HTTP access on port 9392:

sudo gsad --http-only --listen=127.0.0.1 -p 9392

The HTTP-only flag disables HTTPS requirements for initial testing and configuration. Consider enabling HTTPS for production environments to ensure secure administrative access.

Post-Installation Configuration

Database Setup and Initialization

OpenVAS requires a properly configured database backend to store vulnerability information, scan results, and system configuration data. The installation process typically configures SQLite or PostgreSQL automatically, but manual verification ensures optimal performance.

Verify database connectivity and initialize the vulnerability feed synchronization process:

sudo openvasmd --rebuild

The rebuild command reconstructs the database indexes and verifies data integrity. This process may take several minutes to complete, particularly during initial system setup when vulnerability databases are being populated.

Monitor the rebuild process through log files to identify potential issues or performance bottlenecks:

sudo tail -f /var/log/openvas/openvasmd.log

User Management and Access Control

Configure additional user accounts and access permissions to support multi-user environments. OpenVAS supports role-based access control that allows administrators to restrict user capabilities based on organizational requirements.

Create additional user accounts using the web interface or command-line tools. Each user can be assigned specific scanning targets, result access permissions, and administrative capabilities.

Implement password policies and account expiration rules to maintain security standards. Regular user account audits help identify unused accounts and potential security risks.

Web Interface Setup and Access

Greenbone Security Assistant Configuration

Access the OpenVAS web interface by opening a web browser and navigating to http://127.0.0.1:9392. The Greenbone Security Assistant login page should appear, indicating successful installation and service startup.

Log in using the administrative credentials created during the installation process. The initial dashboard provides an overview of system status, recent scan activity, and vulnerability statistics.

Install OpenVAS on openSUSE

Navigate through the interface menus to familiarize yourself with available features: scan configuration, target management, reporting tools, and system administration functions.

Configure dashboard preferences and notification settings to optimize the user experience for your specific requirements. Customize report formats and scheduling options to align with organizational security procedures.

Remote Access Configuration

For remote access scenarios, modify the service configuration to bind to specific network interfaces rather than localhost only. This change requires careful consideration of security implications and proper firewall configuration.

Edit the service configuration files to specify the appropriate network interface:

sudo systemctl edit openvas-manager.service

Add configuration overrides to specify the listening address for remote connections. Ensure the target interface has appropriate security controls and access restrictions.

Implement SSL/TLS encryption for remote connections to protect administrative credentials and sensitive vulnerability information during transmission.

Verification and Testing

Installation Verification

Verify successful installation by checking the status of all OpenVAS services. Each component should be running and responding to status queries:

sudo systemctl status openvas-scanner
sudo systemctl status openvas-manager  
sudo systemctl status greenbone-security-assistant

Review service logs to identify any startup errors or configuration issues that require attention. Address any service failures before proceeding with initial testing.

Test database connectivity and vulnerability feed synchronization:

sudo openvas-check-setup

This diagnostic command validates the installation configuration and identifies common setup issues that may affect system operation.

Initial Vulnerability Scan Test

Configure a test scan to verify OpenVAS functionality and familiarize yourself with the scanning process. Begin with a simple network discovery scan of local systems to minimize potential impact.

Create a new scan configuration through the web interface, specifying target IP addresses or network ranges. Select an appropriate scan policy based on the target environment and available time for scan completion.

Execute the test scan and monitor progress through the web interface dashboard. Scan duration varies significantly based on target complexity, network connectivity, and selected scan policies.

Review scan results to verify proper vulnerability detection and reporting functionality. Examine the generated reports to understand the information provided and available customization options.

Troubleshooting Common Issues

Installation Problems

Package dependency conflicts frequently occur when installing OpenVAS on systems with existing software installations. Use zypper’s conflict resolution capabilities to identify and resolve dependency issues:

sudo zypper install --solve-conflicts openvas

Repository configuration problems may prevent package downloads or updates. Verify repository settings and refresh metadata to resolve connectivity issues:

sudo zypper lr -d
sudo zypper refresh

Insufficient system resources can cause installation failures or service startup problems. Monitor system memory and disk space usage during installation to identify resource constraints.

Permission and access control issues may prevent proper service operation. Verify file ownership and permissions for OpenVAS configuration directories and log files.

Configuration and Runtime Issues

Database connection problems frequently manifest as service startup failures or web interface errors. Verify database service status and connectivity using appropriate diagnostic commands.

Feed synchronization failures prevent vulnerability database updates and may result in outdated scan results. Check internet connectivity and repository accessibility to resolve synchronization issues.

Web interface accessibility problems may result from firewall configuration, service binding issues, or browser compatibility. Verify port accessibility and service configuration to restore web interface access.

Port binding conflicts occur when multiple services attempt to use the same network ports. Identify conflicting services and modify configuration files to resolve port conflicts.

Security Best Practices

System Hardening

Implement comprehensive firewall rules that restrict access to OpenVAS services based on organizational security policies. Limit administrative access to authorized personnel and network segments.

Configure user account security policies including password complexity requirements, account expiration, and failed login attempt limits. Regular security audits help identify potential vulnerabilities in user access controls.

Enable SSL/TLS encryption for all OpenVAS communications, particularly when accessing the system remotely. Use strong cryptographic algorithms and regularly update certificates to maintain security standards.

Implement access logging and monitoring to track administrative activities and potential security incidents. Configure log retention policies that balance storage requirements with security audit needs.

Operational Security

Establish regular feed update schedules to ensure vulnerability databases remain current with emerging threats. Automated update procedures reduce the risk of scanning with outdated vulnerability signatures.

Implement backup and recovery procedures for OpenVAS configuration data, scan results, and vulnerability databases. Test recovery procedures regularly to verify data integrity and restore capabilities.

Consider network segmentation strategies that isolate OpenVAS systems from production networks while maintaining necessary connectivity for vulnerability scanning operations.

Develop compliance procedures that align OpenVAS usage with relevant security standards and regulatory requirements. Document scanning procedures and maintain audit trails for compliance verification.

Maintenance and Updates

Regular Maintenance Tasks

Schedule regular feed synchronization operations to maintain current vulnerability databases. Automated scheduling ensures consistent updates without manual intervention:

sudo crontab -e
# Add line: 0 2 * * * /usr/sbin/openvas-nvt-sync

Implement database maintenance procedures including index optimization, log rotation, and cleanup of outdated scan results. Regular maintenance prevents performance degradation and disk space exhaustion.

Monitor system performance metrics including CPU utilization, memory consumption, and disk I/O patterns. Performance monitoring helps identify optimization opportunities and capacity planning requirements.

Configure log rotation policies for OpenVAS service logs to prevent excessive disk space consumption while maintaining adequate log history for troubleshooting and auditing purposes.

Updates and Upgrades

Establish update procedures that balance security requirements with system stability. Test updates in non-production environments before applying them to critical scanning systems.

Monitor OpenVAS project announcements and security advisories to stay informed about available updates and potential security vulnerabilities affecting the installation.

Plan and execute major version upgrades during maintenance windows to minimize impact on scanning operations. Document upgrade procedures and maintain rollback capabilities for emergency situations.

Congratulations! You have successfully installed OpenVAS. Thanks for using this tutorial for installing the Open Vulnerability Assessment System (OpenVAS). on your openSUSE Linux system. For additional help or useful information, we recommend you check the official OpenVAS website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button