This virtual machine comes to you care of $DayJob frustrations and the need to generate logs. This month we are covering log entries and in my lab at work there was a need to trigger some alarms. So I set out to build an OpenVAS  suite in order to trigger several different detection systems.
The Greenbone Security Manager  provided an excellent, albeit not ‘as’ intuitive as I like, interface for scheduling scans and basically sending out network and application nastiness.
It had been a while since I had last set up an OpenVAS Suite so “to the Google Batman” … In doing a quick search I located several blog entries on different distribution installs    as well as the OpenVAS Docs . In this prep I also was looking for the smoothest distribution for install as this was going to sit as a virtual machine in my $DayJob lab. After searching forums the easiest seems to be Ubuntu on 12.04 LTS, however I ended up on CentOS 6.4. There are some caveats for installing on CentOS but just seemed to perform better.
If you are going to install on CentOS, a couple of observations:
There will likely end up being some errors ( see  ) to work through.
If you manage to get it working and don’t see traffic leaving yet Greenbone says your job is running? “Audit2Allow  is your friend!” It is likely (Almost 99.9999%) SELinux.
For those that want to take the lazy way out 🙂 the file you are looking for is in /etc/selinux and is config:
Make sure to run a rebuild after the install process, see  and look for the notes on openvasmd –rebuild
General Install Caveats
Syncing from OpenVAS can take a very …… very long time. Just be patient if you build your own, the initial sync can take a great deal of time (hours occasionally). If you don’t want to take the time to install your own, you can download the below Greenbone VM.
Running a Job
The Greenbone VM
File Size: 764 MB
Type: OVF Template
OS: CentOS 6.4 (patched as of 22 OCT 2013)
Virtual Machine vHardware Settings
System Account: root
System Password: sanstraining
Greenbone Account: admin
Greenbone Password: sanstraining
All passwords will be sanstraining
VM Is set for DHCP on Boot.
Richard Porter || @packetalien || rporter at isc dot sans dot edu || blog: packetalien.com
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.