As I already wrote in “Installing OpenVAS 9 from the sources”, since May 2017 OpenVAS 9 is available in a form of free virtual appliance. It is called GSM Community Edition (GCE) and is based on Greenbone commercial product GSM ONE.
What’s the difference between GSM ONE and free GCE? GSM Community Edition uses different Community Feed of NASL plugins, it can’t be updated automatically and does not have some management features. The most important, in my opinion, is that it does not support OpenVAS Management Protocol (OMP), API for managing scanners. Only HTTPS for WebGUI and SSH are available.
Talking about different NASL plugin feeds, I need to mention recent message by Jan-Oliver Wagner in Openvas-announce list.
That seems like Greenbone is rather tired of developing OpenVAS by themselves and watching how other companies use theirs engine and feeds, positioning themselves as an “alternative to Greenbone’s product at a better price”. So, they decided:
I really care about Greenbone and they, of course, do as they think is better for the company and OpenVAS community, but at the same time it reminds me situation with Tenable and Nessus. Maybe not so radical. But definitely in the same direction.
Feed delayed for 2 week can’t be used effectively for obvious reasons. If you see exploitation of critical vulnerability like WannaCry in the wild and will need to wait 2 weeks to check your infrastructure, it’s a nonsense! That’s mean that you just can’t rely on OpenVAS anymore. And if you use it, you should think about migration on commercial solution, for example on Greenbone’s GSM, or think about getting actual plugin feed somewhere else.
The good thing, it might show customers once again that knowledge base of Vulnerability Management solution is important and stimulate other security content developers to make own nasl scripts and feeds.
But let’s go back to GSM Community Edition. Detailed description of installation process you can find on official site. I will just describe my own experience.
I couldn’t open small OVA to GSM-CE-4.0.5-init.ova
So I created virtual machine manually using recommendations on the official site. I created one NAT network interface with configured port forwarding.
Then I downloaded iso <http://dl.greenbone.net/download/VM/gsm_ce_4.0.5.iso> attached it to the virtual machine and switched it on.
Installation process is pretty straightforward:
Setup -> Yes (Want to continue)
Create admin user (admin/1)
Success!
GRUB Screen:
It will boot and then reboot automatically some seconds later. Finally, we can see “Welcome to Greenbone OS 4.0”:
After login you will see the screen to complete setup:
We need to create web-admin user:
admin/1:
Choose subscription key (if you have one). I will choose “No” and Community Feed.
Than GCE shows recommendation to update feed from the setup menu.
The main setup menu looks like this. To update the vulnerability feed I choose Maintenance:
Then Feed:
And finally press Update:
Greenbone Community Edition does some work in background, but whether it has finished updating the Feed or not is not clear.
I had a problem here, because GCE did not re-build database automatically. So I did it manually in console.
You can get root access to the appliance in Advanced -> Support -> Superuser
And then go to Advanced -> Support -> Shell
And now in shell you can rebuild openvasmd database manually:
Now we can go to https://localhost:2222, authenticate with web-user password:
As you can see, detection plugins (NVTs) are in the database, but not SCAP content and CVEs. However, this will be enough for vulnerability scanning.
And it scans remote hosts pretty fine: