OpenVAS

DustinB3403

Of your guys experience how difficult is this to setup for the targets?

It does seem to be useful, just curious how far into the system I'd have to get before I saw some usable returns.

dafyre

From what I remember, it was easy to set up... Just pick the Subnets (or individual servers) that you want to scan, and pick what scans you want it to do... Start the scan, and wait for it to generate a report.

dafyre

@dafyre said in OpenVAS:

From what I remember, it was easy to set up... Just pick the Subnets (or individual servers) that you want to scan, and pick what scans you want it to do... Start the scan, and wait for it to generate a report.

I'll spin it up and give it a go again to make sure it's still what I remember.

BRRABill

I set it up a few months back. (Still have it on my XS in fact.)

I had a few issues getting it set up, but eventually got it to work.

Veet

@dafyre said in OpenVAS:

From what I remember, it was easy to set up... Just pick the Subnets (or individual servers) that you want to scan, and pick what scans you want it to do... Start the scan, and wait for it to generate a report.

How effective/accurate is it ?

DustinB3403

I'm just taking a blind guess that the "demo" version is marked as so, but not limited in anyway?

BRRABill

@DustinB3403 said in OpenVAS:

I'm just taking a blind guess that the "demo" version is marked as so, but not limited in anyway?

It's all free and open source. I don't think there is a demo.

BRRABill

@Veet said in OpenVAS:

@dafyre said in OpenVAS:

From what I remember, it was easy to set up... Just pick the Subnets (or individual servers) that you want to scan, and pick what scans you want it to do... Start the scan, and wait for it to generate a report.

How effective/accurate is it ?

That's one of the things I never actually got working. Couldn't figure out the scanning. I am sure it works, just didn't have the time to figure out what I needed.

Hmmm, what would @scottalanmiller say here?

SAM: "that's like building a car, and not knowing if it drives or not"

DustinB3403

http://www.openvas.org/vm.html

Demo is plainly listed, I'm guessing that is just put there to say, hey if you want to do this, you should really build from sources.

BRRABill

@DustinB3403 said in OpenVAS:

http://www.openvas.org/vm.html

Demo is plainly listed, I'm guessing that is just put there to say, hey if you want to do this, you should really build from sources.

Yeah, no idea what that is.

Veet

@DustinB3403 said in OpenVAS:

http://www.openvas.org/vm.html

Demo is plainly listed, I'm guessing that is just put there to say, hey if you want to do this, you should really build from sources.

Scroll down to the bottom of the page, and you'll read the following : -

***Important note on these Virtual Appliances

Please note that these virtual appliances are for demonstration/testing purposes and not recommended for regular production uses, particularly for more than a few hosts depending on local system resources. The OpenVAS scanner is resource intensive and may take a long time to start on slower systems, especially when run as a VM on laptops.***

dafyre

The DEMO build is just an OVA that you can import into VMware / VirtualBox and be ready to go in a few minutes... Sadly, their image download seems to be overloaded... A whopping 14 kbit/sec download for me...and the appliance is 3GB... So I'm building from Ubuntu and going to try the OpenVAS9 PPA.

Edit: Clarity.

BRRABill

@dafyre said in OpenVAS:

The DEMO build is just an OVA that you can import into VMware / VirtualBox and be ready to go in a few minutes... Sadly, their image download seems to be overloaded... A whopping 14 kbit download for me... So I'm building from Ubuntu and going to try the OpenVAS9 PPA.

Right.

It's not a working appliance like Graylog, or XO.

dafyre

@Veet said in OpenVAS:

@DustinB3403 said in OpenVAS:

http://www.openvas.org/vm.html

Demo is plainly listed, I'm guessing that is just put there to say, hey if you want to do this, you should really build from sources.

Scroll down to the bottom of the page, and you'll read the following : -

***Important note on these Virtual Appliances

Please note that these virtual appliances are for demonstration/testing purposes and not recommended for regular production uses, particularly for more than a few hosts depending on local system resources. The OpenVAS scanner is resource intensive and may take a long time to start on slower systems, especially when run as a VM on laptops.***

Essentially saying, be sure to give it enough RAM to run.

dafyre

@BRRABill said in OpenVAS:

@dafyre said in OpenVAS:

The DEMO build is just an OVA that you can import into VMware / VirtualBox and be ready to go in a few minutes... Sadly, their image download seems to be overloaded... A whopping 14 kbit download for me... So I'm building from Ubuntu and going to try the OpenVAS9 PPA.

Right.

It's not a working appliance like Graylog, or XO.

No, it is a fully working appliance... but I don't feel like waiting 3 days for it to download, lol.

BRRABill

@dafyre said

No, it is a fully working appliance... but I don't feel like waiting 3 days for it to download, lol.

I meant working in the sense of "production usable" ... it's more a proof of concept than a working appliance like XO or Graylog offerings.

DustinB3403

@Veet I did, and I read it as well. Just curious if there was some kind of "paid" or source difference from what they have in the OVA.

dafyre

@BRRABill said in OpenVAS:

@dafyre said

No, it is a fully working appliance... but I don't feel like waiting 3 days for it to download, lol.

I meant working in the sense of "production usable" ... it's more a proof of concept than a working appliance like XO or Graylog offerings.

It's quite usable for production -- that's what I ran when I used it in the past. You just can't gimp on the RAM. For production, I'd suggest 8GB or 16GB of RAM or more... Especially for anything more than a few hosts.

BRRABill

@dafyre said in OpenVAS:

@BRRABill said in OpenVAS:

@dafyre said

No, it is a fully working appliance... but I don't feel like waiting 3 days for it to download, lol.

I meant working in the sense of "production usable" ... it's more a proof of concept than a working appliance like XO or Graylog offerings.

It's quite usable for production -- that's what I ran when I used it in the past. You just can't gimp on the RAM. For production, I'd suggest 8GB or 16GB of RAM or more... Especially for anything more than a few hosts.

Oh, that's good to know.

I admittedly struggled a bit with getting it installed from source. But that's probably just me.

And by probably I mean definitely.

dafyre

@BRRABill said in OpenVAS:

@dafyre said in OpenVAS:

@BRRABill said in OpenVAS:

@dafyre said

No, it is a fully working appliance... but I don't feel like waiting 3 days for it to download, lol.

I meant working in the sense of "production usable" ... it's more a proof of concept than a working appliance like XO or Graylog offerings.

It's quite usable for production -- that's what I ran when I used it in the past. You just can't gimp on the RAM. For production, I'd suggest 8GB or 16GB of RAM or more... Especially for anything more than a few hosts.

Oh, that's good to know.

I admittedly struggled a bit with getting it installed from source. But that's probably just me.

And by probably I mean definitely.

If you like Ubuntu, they have pre-compiled binaries and such from the PPA. Easy to set up.

https://launchpad.net/~mrazavi/+archive/ubuntu/openvas

I've got a scan going... I am trying the openvas9 beta.