Home Greenbone Community Edition (OpenVAS) Remote Scanners - Master/Sensor Setup
Post
Cancel

Greenbone Community Edition (OpenVAS) Remote Scanners - Master/Sensor Setup

Greenbone Community Edition - Remote Scanners

Either there isn’t that much of a good documentation on a Master/Sensor-Setup using Greenbone Community Edition, or I wasn’t quite able to find it. So, if the following chart’s what you’re after, read on.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
+----------------------------+               +-------------------------+
|Remote ScanHost 10.40.10.6  |               |Central Host 10.40.10.5  |
+----------------------------+               +-------------------------+
|+openvas_scanner (Sensor)   |               |+GVM (Master)            |
|                            <--------------->                         |
|                            |               |+GSA                     |
|                            |               |                         |
|                            |               |+Scanner                 |
|                            |               |                         |
+----------------------------+               +-----------^-------------+
                                                         |
                                                         |
                                                         |
                                                         |
                                                         |
                                             +-----------v----------------+
                                             |Remote ScanHost 20.30.40.12 |
                                             +----------------------------+
                                             |+openvas_scanner (Sensor)   |
                                             |                            |
                                             |                            |
                                             |                            |
                                             |                            |
                                             |                            |
                                             +----------------------------+

Since you can’t, at the moment, add a remote scanner via the GUI, you’ll have to add it via the gvmd tool to the database. Make sure, that:

  • your database is up an running and
  • that you have full access to write to the database

I had to modify my pg_hba.conf to accept the connection without a password for this to work. One should undo those changes after a successful configuration of the scanner, of course.

You can basically add a new scanner via the commandline, and gvmd:

1
2
3
4
5
6
root@central:~# gvmd --create-scanner="Project 2501 Scanner" --scanner-host=10.40.10.6 --scanner-port=9393 \
    --database="gvmd" --db-user="_gvm" \
    --scanner-ca-pub=/var/lib/gvm/CA/cacert.pem \
    --scanner-key-pub=/var/lib/gvm/CA/clientcert.pem \
    --scanner-key-priv=/var/lib/gvm/private/CA/clientkey.pem 
Scanner created.

You should make sure that you’re using the same version for all of the components. Avoiding mixing different releases.

Keep in mind that you’re using the scanner on a remote host, and you need to fiddle around with the certificates. With the current release, the tool’s been named gvm-manage-certs, and I advise you to install gvmd on the remote scanner host as well. It helps with keeping a clean setup regarding certs and everything.

All that’s left to do, if all the components are up and running, is to validate the scanner via the GUI:

Validating the scanner

This post is licensed under CC BY 4.0 by the author.