Generated self signed certificate in /tmp/tmp.PerU5lG2tl/cacert.pem. Generated private key in /tmp/tmp.PerU5lG2tl/cakey.pem. Aborting.ĮRROR: Your OpenVAS certificate infrastructure did NOT pass validation. Be sure to save this password somewhere safe: :~# openvas-setupĮRROR: Directory for keys (/var/lib/openvas/private/CA) not found!ĮRROR: Directory for certificates (/var/lib/openvas/CA) not found!ĮRROR: CA key not found in /var/lib/openvas/private/CA/cakey.pemĮRROR: CA certificate not found in /var/lib/openvas/CA/cacert.pemĮRROR: CA certificate failed verification, see /tmp/tmp.7G2IQWtqwj/openvas-manage-certs.log for details. At the end of the setup, the automatically-generated password for the admin user will be displayed. This initial setup can take quite a long while, even with a fast Internet connection so just sit back and let it do its thing. Fortunately, Kali contains an easy-to-use utility called ‘openvas-setup’ that takes care of setting up OpenVAS, downloading the signatures, and creating a password for the admin user. OpenVAS has many moving parts and setting it up manually can sometimes be a challenge. For this post, our Kali virtual machine has 3 CPUs and 3GB of RAM, which is generally sufficient to scan small numbers of hosts at once. OpenVAS does not require anywhere near that amount of memory but the more you can provide it, the smoother your scanning system will run. Some commercial vulnerability scanners require a minimum of 8GB of RAM and recommend even more. OpenVAS has tens of thousands of signatures and if you do not give your system enough resources, particularly RAM, you will find yourself in a world of misery. In nearly every case, slowness and/or crashes are due to insufficient system resources.
The main complaint we receive about OpenVAS (or any other vulnerability scanner) can be summarized as “it’s too slow and crashes and doesn’t work and it’s bad, and you should feel bad”.
Blindly running a vulnerability scanner against a target will almost certainly end in disappointment and woe, with dozens (or even hundreds) of low-level or uninformative results. Vulnerability scanners scan for vulnerabilities–they are not magical exploit machines and should be one of many sources of information used in an assessment. Vulnerability scanners often have a poor reputation, primarily because their role and purpose is misunderstood. Although we briefly covered OpenVAS in the past, we decided to devote a more thorough post to its setup and how to use it more effectively.
Fortunately, Kali includes the very capable OpenVAS, which is free and Open-source. Users often request the addition of vulnerability scanners to Kali, most notably the ones that begin with “N”, but due to licensing constraints, we do not include them in the distribution.
0 kommentar(er)
