OpenVAS packages in EPEL. Ansible install script created


#1

Back in February 2019, there was a page on the openvas.org web site that discussed installing OpenVAS from packages.

The URL was http://www.openvas.org/install-packages

But the page is no longer present. From reading this page, I discovered that there was a version of openvas in the EPEL repository.

Around the same time, I read a blog posting that the version distributed in EPEL was going to go EOL in the summer of 2019, which would be unfortunate.

The installation instructions were a bit sparce, but the /usr/bin/openvas-check-setup was immensely useful.

To make a long story short, I wrote a simple Ansible script that would fully install the EPEL version of OpenVAS, as a proof-of-concept, and it worked very well.

I just translated the instructions from the installation document into Ansible commands, and used /usr/bin/openvas-check-setup to verify the steps. You could read the openvas-check-setup script and see exactly what commands were being used to verify the various stages of the install … and implement them in Ansible.

Since this was my first time working with OpenVAS, I wrote the Ansible script to detect if the major databases were not yet created, and then exited the Ansible script with a prompt of what command was needed to create the database (such as openvas-scapdata-sync). This allowed you to watch the multi-minute process and see its progress.

When the database was initialized, you just re-ran the Ansible script. It would skip all the work it had already done, and then pick up where the database was initialized. This would continue until the next database … and the script would exit again with the prompt on how to create the next database. This continued until OpenVas was fully installed.

I am a bit dismayed that there is no longer any information about installing OpenVAS from packages, and/or the OpenVAS packages on EPEL.

I was hoping to ask if there was any interest in the Ansible script for the semi-automatic install, and also ask if there was any information on when or if the EPEL version of Openvas would be updated.

I am willing to share the Ansible script for EPEL Openvas installation. It makes it very easy, and takes about 2 hours in total. It has been tested under CentOS 7.5.

The versions of OpenVAS that are distributed in EPEL 7.x are:
Installed Packages
openvas-cli.x86_64 1.4.4-1.el7 @epel
openvas-gsa.x86_64 6.0.11-3.el7 @epel
openvas-libraries.x86_64 8.0.8-2.el7 @epel
openvas-manager.x86_64 6.0.9-1.el7 @epel
openvas-scanner.x86_64 5.0.6-1.el7 @epel

Does anyone else have interest in the EPEL version of OpenVAS?

From what I understand, the OpenVAS versions listed above are a bit stale, but the intstalled product does work and provide useful services. It would be “nice” if it could be updated. Installing from a yum package, especially with an Ansible script (which I am willing to share), is much easier and less error-prone than installing from source.

Thoughts?


#2

Hi,

please avoid cross-posting to different categories. We have deleted you second post at the GCE category because that category is also only about the virtual Greenbone Community Edition appliance.

Greenbone is the maintainer of the project formerly known as OpenVAS. Greenbone doesn’t provide nor develop packages for any Linux distribution besides its own Greenbone OS. All freely available packages are 3rd party packages with different quality from different sources. Therefore the information at the OpenVAS website was heavily outdated and got removed.

Also in the meanwhile we decided to change the branding of the free software project to Greenbone Vulnerability Management (GVM). Only the scanner will be still named after OpenVAS. All further information about the project and its software is and will be collected in this forum.

The script is deprecated because it wasn’t very useful for debugging real user issues.