OpenVASmd: The Definitive Guide to Vulnerability Management

openvasmd is the OpenVAS Manager daemon, a central component in the Greenbone Vulnerability Management (GVM) framework. It manages vulnerability scans and configurations. This guide provides comprehensive instructions on installing, configuring, using, and troubleshooting openvasmd to improve your vulnerability assessment capabilities.

Understanding openvasmd

openvasmd, the OpenVAS Manager daemon, is the core of the Greenbone Vulnerability Management (GVM) suite, responsible for orchestrating vulnerability scanning. It manages scan configurations, schedules scans, stores results, and provides an interface for interacting with vulnerability data. Understanding openvasmd is crucial for effective vulnerability management because it forms the backbone of how scans are defined, executed, and analyzed. Without a properly functioning openvasmd, vulnerability scans cannot be performed or results properly managed within the GVM framework.

Key Functions of openvasmd

openvasmd performs several critical functions:

  • Scan Management: Defines scan targets, schedules scan execution, and controls scan parameters like scan configurations and NVTs (Network Vulnerability Tests).
  • Vulnerability Database Management: Manages the vulnerability database by regularly updating it with the latest vulnerability information from the Greenbone Security Feed and other sources, ensuring accurate and up-to-date scan results.
  • Reporting: Generates comprehensive reports based on scan results, providing detailed information about identified vulnerabilities, their severity, and recommended remediation steps.
  • User Management: Manages user accounts and associated permissions within the GVM framework, controlling access to scan configurations, scan results, and other sensitive data.
  • API Interface: Provides a programmatic interface (typically via OMP - OpenVAS Management Protocol) for interacting with the OpenVAS Manager, enabling automation and integration with other security tools.
  • Task Scheduling: Schedules and manages vulnerability scanning tasks, enabling recurring scans and automated vulnerability assessments.

The Role of openvasmd in the GVM Ecosystem

openvasmd interacts with several other components within the GVM ecosystem:

  • openvassd (OpenVAS Scanner Daemon): This is the vulnerability scanner that executes the NVT tests against the target systems. openvasmd instructs openvassd on which targets to scan and which tests to perform.
  • Greenbone Security Feed: A continuous stream of updated vulnerability information, including new NVTs and bug fixes, which openvasmd uses to keep the vulnerability database current.
  • GSA (Greenbone Security Assistant): A web-based user interface that allows users to interact with openvasmd to configure scans, view results, and generate reports.
  • OMP (OpenVAS Management Protocol): The XML-based protocol used for communication between the GSA (or other clients) and openvasmd.

Installation and Configuration

Installing and configuring openvasmd can vary based on your operating system and preferred method of installation (e.g., package manager or source code). Here’s a generalized approach with common scenarios and considerations. Keep in mind that specific steps may vary and the official Greenbone documentation should be consulted for the most up-to-date instructions for your environment.

Installation Methods

  • Package Manager (Recommended): Most Linux distributions provide packages for OpenVAS through their repositories. This method simplifies installation and dependency management.

    # Debian/Ubuntu
sudo apt-get update
sudo apt-get install openvas

# CentOS/RHEL
sudo yum install openvas

    Note: The package name might vary depending on the repository. In some cases, it may be greenbone-security-assistant or similar, which bundles multiple GVM components together.

  • Source Code: Building from source provides more control over the installation process but requires managing dependencies manually. This method is typically only recommended for advanced users or when specific customization is required.

Initial Setup and Configuration

After installation, several initial setup steps are necessary:

  1. Update the Vulnerability Database: This is essential to ensure your scans are using the latest vulnerability information.

    sudo greenbone-nvt-sync
sudo greenbone-scapdata-sync
sudo greenbone-certdata-sync

    These commands download the latest NVTs (Network Vulnerability Tests), SCAP data, and CERT data, respectively. These are crucial for accurate vulnerability detection.

  2. Start and Enable Services: Ensure that openvasmd, openvassd, and GSA are started and configured to start automatically on boot.

    # Systemd (most modern Linux distributions)
sudo systemctl start openvasmd
sudo systemctl start openvassd
sudo systemctl start greenbone-security-assistant

sudo systemctl enable openvasmd
sudo systemctl enable openvassd
sudo systemctl enable greenbone-security-assistant

  3. Create an Administrator User: Create an administrator user account to access the GSA web interface.

    sudo gvm-setup-admin

    Follow the prompts to set a username and password. This user will have full access to the GVM system.

  4. Firewall Configuration: Ensure that the necessary ports are open in your firewall. By default, GSA uses port 443 (HTTPS) and openvasmd uses port 9390.

    # Example using ufw (Ubuntu)
sudo ufw allow 443
sudo ufw allow 9390
sudo ufw enable

Important Configuration Files

Several configuration files control the behavior of openvasmd:

  • /etc/openvas/openvasmd.conf: Contains global configuration settings for openvasmd, such as the database connection details, logging options, and the location of the vulnerability database.
  • /etc/default/openvasmd (Debian/Ubuntu) or /etc/sysconfig/openvasmd (CentOS/RHEL): Sets environment variables for openvasmd, such as the user and group that the process runs as.

Example: /etc/openvas/openvasmd.conf

database = /var/lib/openvas/mgr/tasks.db
plugins_folder = /var/lib/openvas/plugins
report_style = nvt

Using openvasmd and GVM

After installation and configuration, you can access the GVM web interface through a web browser (typically at https://<your_server_ip>). From the GSA, you can configure scans, launch scans, view results, and generate reports.

Key GVM Concepts

  • Targets: The systems or networks you want to scan.
  • Tasks: The actual scan configurations, including the target, scan configuration, and schedule.
  • Scan Configurations: Predefined or custom configurations that control the scanning process, such as the NVTs to use and the level of scanning intensity.
  • Reports: Summaries of the scan results, detailing identified vulnerabilities and their severity.

Creating and Running a Scan Task

  1. Define a Target: Specify the IP address, hostname, or network range you want to scan.
  2. Create a Task: Create a new task, selecting the target and a scan configuration. You can use a predefined scan configuration (e.g., ‘Full and Fast’) or create a custom one.
  3. Start the Task: Once the task is created, start it to initiate the vulnerability scan.
  4. View the Results: After the scan is complete, view the report to see the identified vulnerabilities.

Troubleshooting openvasmd

Common issues with openvasmd include database connection problems, NVT update failures, and service startup errors. Here’s a brief troubleshooting guide:

  • openvasmd fails to start: Check the logs (/var/log/openvas/openvasmd.log) for error messages. Common causes include database connection issues or incorrect permissions. Ensure the database exists and that the openvasmd process has the necessary permissions to access it.

  • NVT updates fail: Verify your internet connection and ensure that the Greenbone Security Feed servers are accessible. Check the greenbone-nvt-sync output for error messages. Firewall rules might be blocking the connection.

  • GSA cannot connect to openvasmd: Verify that openvasmd is running and listening on the correct port (9390 by default). Check the firewall rules to ensure that connections to port 9390 are allowed. Also, ensure that the GSA is configured to connect to the correct openvasmd address.

  • Database corruption: If you suspect database corruption, you can try recreating the database. Warning: This will erase all scan data.

    sudo openvasmd --rebuild

    This command rebuilds the database.

Costs Associated with OpenVAS/GVM

While OpenVAS is open-source software, there can be costs associated with its use:

Cost CategoryDescriptionEstimated Cost
Software (OpenVAS)The OpenVAS software itself is free and open-source.$0
HardwareServer to host the GVM components. Performance requirements depend on the size of the network and frequency of scans.$500 - $5000+ (one-time)
Greenbone Security FeedWhile a community feed is available, a commercial feed provides more frequent updates and broader coverage.$500 - $2000/year
Time & TrainingTime spent on installation, configuration, maintenance, and learning how to use the software effectively.Variable (significant)
Professional ServicesOptional: Consulting services for initial setup, configuration, or ongoing support.Variable

Conclusion

openvasmd is a powerful tool for vulnerability management within the GVM framework. By understanding its functions, mastering its configuration, and effectively using the GVM ecosystem, you can significantly enhance your organization’s security posture. Remember to keep the vulnerability database updated and regularly review scan results to prioritize and remediate identified vulnerabilities. This definitive guide provides a solid foundation for leveraging openvasmd in your security efforts.

Frequently Asked Questions

What is openvasmd?

openvasmd is the OpenVAS Manager daemon, the core component of the Greenbone Vulnerability Management (GVM) framework, responsible for managing vulnerability scans and configurations.

How do I update the vulnerability database in OpenVAS?

Use the following commands to update the vulnerability database: sudo greenbone-nvt-sync, sudo greenbone-scapdata-sync, and sudo greenbone-certdata-sync. These commands download the latest NVTs, SCAP data, and CERT data, respectively.

What ports do I need to open in my firewall for OpenVAS?

By default, the Greenbone Security Assistant (GSA) uses port 443 (HTTPS) and openvasmd uses port 9390. Ensure these ports are open in your firewall to allow communication.

What are the key components of the Greenbone Vulnerability Management (GVM) ecosystem?

The key components include openvasmd (OpenVAS Manager daemon), openvassd (OpenVAS Scanner daemon), Greenbone Security Feed, GSA (Greenbone Security Assistant), and OMP (OpenVAS Management Protocol).