OpenVAS web app can be accessed across the network.

Greenbone OpenVAS — Any, Any

My continued use of OpenVAS has been few and far between. However, every time I open it, I learn something new.

I previously wrote a quick review on how to get Greenbone’s OpenVAS up and running using their instructions. The article also compared using APT repositories (outdated) as well as Kali Linux (needs to be finessed) and can be viewed here.

Newest Need with OpenVAS

My latest need involved building a fresh Ubuntu system and installing OpenVAS. The difference with this setup: I used the Ubuntu Server edition and was connecting remotely to the server via SSH.

Default configuration, OpenVAS services are configured for access locally. Once the application is installed and configured, using the same system, you launch a web browser, navigate to localhost:9392 and bingo, you’re there.

Using SSH, there’s no GUI capabilities. Launching a browser on the server side is basically non-existent. To fix this, I had to configure the HTTP server to allow remote connections.

Enabling Access to the Web App Remotely

When installing OpenVAS via their website instructions using docker, the docker YAML file has an entry for websocket listening. You’ll need to modify this file, then restart the docker services. FYI, docker controls the HTTP server.

Typical location for the docker compose file when using the default installation instructions.

1. Find the docker-compose.yml file (choose the right one if you have multiple).
2. Open it for editing (I used nano)
3. Find the ‘gsa’ section and update the 127.0.0.1 address to either 0.0.0.0 or the IP address of the system.
4. Once complete, save the changes to disk, then restart the docker services.

Using a text editor, modify the bind address in the ‘gsa’ section.

SECURITY NOTE & DISCLAIMER: Web security is necessary if exposing the OpenVAS web application to the internet. Work with your system administrators and security teams to ensure these configuration changes meet your security standards as well as necessary logging and security devices are in front of the OpenVAS web application. Modifying these settings and exposing the web application publicly can have unintended consequences including allowing an intruder to gain access to your network. Making these changes is your responsibility for applying the correct security configurations.