css
+
+
+
http
vscode
marko
rs
+
argocd
+
+
swift
weaviate
+
<=
+
ember
!
+
+
+
+
+
scipy
+
numpy
+
+
+
go
+
+
+
+
+
vault
haiku
+
{}
+
redis
+
vercel
+
--
+
hack
+
backbone
gin
+
+
vue
cdn
mocha
::
quarkus
rider
+
+
+
+
nim
cypress
travis
+
+
โˆ‰
+
+
+
marko
+
+
+
+
+
+
+
phpstorm
jwt
+
svelte
vue
+
riot
+
spring
mocha
Back to Blog
๐Ÿ” Vulnerability Scanning with OpenVAS on AlmaLinux: Find Weaknesses Before Hackers Do!
almalinux openvas vulnerability-scanning

๐Ÿ” Vulnerability Scanning with OpenVAS on AlmaLinux: Find Weaknesses Before Hackers Do!

Published Sep 7, 2025

Master OpenVAS vulnerability scanning on AlmaLinux! Learn to install, configure, and run comprehensive security scans to identify vulnerabilities. Perfect for beginners wanting enterprise-grade security assessment! ๐Ÿ›ก๏ธ

5 min read
0 views
Table of Contents

๐Ÿ” Vulnerability Scanning with OpenVAS on AlmaLinux: Find Weaknesses Before Hackers Do!

Ever wondered how hackers find ways into systems? ๐Ÿ˜ฐ They look for vulnerabilities - the digital equivalent of unlocked doors and broken windows! Today, weโ€™re flipping the script and becoming the good guys who find these weaknesses first! Meet OpenVAS (now part of Greenbone Vulnerability Management) - your automated security scanner that checks for over 50,000 known vulnerabilities! Letโ€™s turn your AlmaLinux system into a vulnerability-hunting machine! ๐Ÿ”’

๐Ÿค” Why is Vulnerability Scanning Important?

Think of vulnerability scanning like a health check-up for your servers - but instead of checking blood pressure, weโ€™re checking for security weaknesses! Itโ€™s preventive medicine for your infrastructure! ๐Ÿ’Š

Hereโ€™s why OpenVAS is absolutely critical:

  • ๐ŸŽฏ Find vulnerabilities first - Discover weaknesses before attackers do
  • ๐Ÿ“Š Comprehensive scanning - Tests for 50,000+ known vulnerabilities
  • ๐Ÿ”„ Regular assessments - Continuous security posture monitoring
  • ๐Ÿ“ˆ Compliance reporting - Meet regulatory requirements easily
  • ๐Ÿ›ก๏ธ Patch prioritization - Know what to fix first
  • ๐Ÿ’ฐ Cost-effective - Free alternative to expensive commercial scanners
  • ๐Ÿ” Deep inspection - Tests services, ports, and configurations
  • ๐Ÿ“ Detailed reports - Get actionable remediation steps

๐ŸŽฏ What You Need

Before we start hunting vulnerabilities, letโ€™s check our requirements! Donโ€™t worry, itโ€™s manageable:

  • โœ… AlmaLinux 8 or 9 (fresh installation recommended)
  • โœ… Root or sudo access (scanner needs privileges! ๐Ÿ’ช)
  • โœ… Minimum 4GB RAM (8GB recommended for better performance)
  • โœ… 20GB free disk space (for vulnerability database)
  • โœ… Stable internet connection (for updates)
  • โœ… About 45 minutes for installation
  • โœ… Target systems to scan (with permission! โš ๏ธ)

๐Ÿ“ Step 1: Install Dependencies and Prepare System

Letโ€™s prepare your AlmaLinux system for OpenVAS installation! Weโ€™ll need several packages.

# Update system first
sudo dnf update -y
# Ensures latest packages

# Install EPEL repository
sudo dnf install -y epel-release
# Adds Extra Packages repository

# Install development tools
sudo dnf groupinstall -y "Development Tools"
# Installs compilers and tools

# Install required dependencies
sudo dnf install -y \
  wget vim curl git \
  python3 python3-pip \
  nodejs npm \
  redis postgresql postgresql-server \
  xmlstarlet gnutls-utils \
  nmap net-snmp
# Installs all required packages

# Initialize PostgreSQL
sudo postgresql-setup --initdb
# Creates database cluster

# Start and enable services
sudo systemctl enable --now postgresql
sudo systemctl enable --now redis
# Starts database services

Configure firewall for OpenVAS:

# Open required ports
sudo firewall-cmd --permanent --add-port=9392/tcp
# HTTPS web interface port

sudo firewall-cmd --permanent --add-port=9390/tcp
# GVM protocol port

sudo firewall-cmd --reload
# Apply firewall changes

# Verify ports are open
sudo firewall-cmd --list-ports
# Should show 9392/tcp and 9390/tcp

๐Ÿ”ง Step 2: Install Greenbone Vulnerability Management (GVM/OpenVAS)

Now letโ€™s install GVM, which includes OpenVAS! Weโ€™ll use the atomic repository for easier installation.

# Add Atomicorp repository
wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh
# Installs atomic repo

# Install GVM/OpenVAS
sudo dnf install -y gvm
# Installs complete GVM suite

# Alternative: Install from source (more control)
cd /opt
sudo git clone https://github.com/greenbone/gvm-libs.git
sudo git clone https://github.com/greenbone/openvas-scanner.git
sudo git clone https://github.com/greenbone/ospd-openvas.git
# Downloads source code

# Configure GVM
sudo gvm-setup
# Initial configuration - This takes time!

# The setup will:
# - Create certificates
# - Sync vulnerability database (NVT)
# - Configure PostgreSQL
# - Set up Redis
# - Generate admin credentials

During setup, save the admin password shown! It looks like:

Admin password: AbCd1234-EfGh-5678-IjKl-MnOpQrStUvWx
# SAVE THIS PASSWORD!

๐ŸŒŸ Step 3: Configure and Start OpenVAS Services

Letโ€™s configure OpenVAS for optimal performance and start all services! ๐Ÿš€

# Start GVM services
sudo gvm-start
# Starts all GVM components

# Verify services are running
sudo gvm-check-setup
# Should show "Installation OK"

# Check individual components
sudo systemctl status gsad
# Greenbone Security Assistant (Web UI)

sudo systemctl status gvmd
# Greenbone Vulnerability Manager

sudo systemctl status ospd-openvas
# OpenVAS Scanner Daemon

# Update vulnerability feeds
sudo greenbone-feed-sync --type GVMD_DATA
# Updates vulnerability database

sudo greenbone-feed-sync --type SCAP
# Updates SCAP data

sudo greenbone-feed-sync --type CERT
# Updates CERT data

# This process takes 30-60 minutes!

Configure scanner optimization:

# Edit OpenVAS configuration
sudo nano /etc/openvas/openvas.conf

Add these performance settings:

# Scanner performance settings
max_hosts = 5
max_checks = 10
time_between_request = 0
optimize_test = yes
plugins_timeout = 320
scanner_plugins_timeout = 36000
safe_checks = yes
auto_enable_dependencies = yes
use_mac_addr = no
nasl_no_signature_check = yes
drop_privileges = no

โœ… Step 4: Access Web Interface and Create Scan Targets

Time to access the web interface and set up your first scan! ๐ŸŽฏ

# Get the web interface URL
echo "https://$(hostname -I | awk '{print $1}'):9392"
# Shows your OpenVAS URL

# If you forgot the admin password
sudo gvmd --user=admin --new-password=NewSecurePassword123!
# Resets admin password

# Create additional users
sudo gvmd --create-user=security_team --password=TeamPassword123!
# Adds new user

# Assign roles
sudo gvmd --modify-user=security_team --role=Admin
# Grants admin privileges

Access the web interface:

  1. Open browser: https://your-server-ip:9392
  2. Accept the self-signed certificate warning
  3. Login with username: admin
  4. Use the password from setup

๐ŸŽฎ Quick Examples

Letโ€™s run real vulnerability scans! ๐Ÿ”ฅ

Example 1: Quick Network Scan

# Create target via command line
sudo gvmd --create-target="Local Network" \
  --hosts="192.168.1.0/24" \
  --exclude-hosts="192.168.1.1"
# Defines scan target

# Create scan task
sudo gvmd --create-task="Network Vulnerability Scan" \
  --target="Local Network" \
  --scanner="OpenVAS Default" \
  --config="Full and fast"
# Sets up scan task

# Start the scan
sudo gvmd --start-task="Network Vulnerability Scan"
# Begins scanning

# Monitor scan progress
sudo gvmd --get-tasks
# Shows task status

# Get results
sudo gvmd --get-results
# Displays vulnerabilities found

Example 2: Web Application Scanning

# Create web app target
cat << EOF > web-target.xml
<create_target>
  <name>Web Application</name>
  <hosts>www.example.com</hosts>
  <port_list>80,443,8080,8443</port_list>
  <alive_test>Consider Alive</alive_test>
</create_target>
EOF

# Import target
sudo gvmd --xml=web-target.xml
# Creates web target

# Run web-focused scan
sudo gvmd --create-task="Web App Security" \
  --target="Web Application" \
  --config="Web application abuses"
# Specialized web scan

# Export results to PDF
sudo gvmd --get-report=[report-id] \
  --format=PDF > vulnerability-report.pdf
# Creates PDF report

Example 3: Automated Scheduled Scanning

# Create scheduled scan script
cat << 'EOF' > /usr/local/bin/weekly-scan.sh
#!/bin/bash
# Weekly vulnerability scan

# Start scan
TASK_ID=$(sudo gvmd --start-task="Weekly Security Scan" | grep -oP '[\w-]+$')
echo "Started scan: $TASK_ID"

# Wait for completion
while true; do
  STATUS=$(sudo gvmd --get-tasks | grep $TASK_ID | awk '{print $2}')
  if [ "$STATUS" = "Done" ]; then
    break
  fi
  sleep 300
done

# Get report
sudo gvmd --get-report=$TASK_ID --format=PDF > /var/reports/scan-$(date +%Y%m%d).pdf

# Email report
mail -s "Weekly Security Scan Complete" -a /var/reports/scan-$(date +%Y%m%d).pdf [email protected] < /dev/null
EOF

chmod +x /usr/local/bin/weekly-scan.sh

# Add to crontab
echo "0 2 * * 1 /usr/local/bin/weekly-scan.sh" | sudo crontab -
# Runs every Monday at 2 AM

๐Ÿšจ Fix Common Problems

Donโ€™t worry if you encounter issues! Here are solutions! ๐Ÿ’ช

Problem 1: โ€œScanner wonโ€™t start or database errorsโ€

# Solution: Reset and rebuild database
sudo systemctl stop gvmd
sudo systemctl stop gsad
sudo systemctl stop ospd-openvas

# Clean database
sudo -u gvm psql -d gvmd -c "DELETE FROM tasks;"
sudo -u gvm psql -d gvmd -c "DELETE FROM targets;"
# Clears existing data

# Rebuild NVT cache
sudo openvas --update-vt-info
# Rebuilds vulnerability tests

# Restart services
sudo gvm-start
# Fresh start

# Verify with setup check
sudo gvm-check-setup
# Should show OK

Problem 2: โ€œScans are extremely slowโ€

# Solution: Optimize scanner settings
# Adjust Redis for better performance
sudo nano /etc/redis/redis.conf

# Add/modify these lines:
maxmemory 2gb
maxmemory-policy allkeys-lru

# Restart Redis
sudo systemctl restart redis

# Optimize scanner
sudo nano /etc/default/ospd-openvas
# Increase workers:
OSPD_OPENVAS_OPTIONS="--max-scans 3 --max-queued-scans 10"

# Use faster scan configs
# In web UI, use "Discovery" for quick scans
# Use "Full and fast" for balance
# Avoid "Ultimate" unless necessary

Problem 3: โ€œCannot access web interfaceโ€

# Solution: Check certificates and services
# Regenerate certificates
sudo gvm-manage-certs -f
# Forces new certificates

# Check if services are listening
sudo ss -tlnp | grep -E "9392|9390"
# Should show listening ports

# Check logs for errors
sudo tail -f /var/log/gvm/gsad.log
# Web interface logs

# Allow through SELinux
sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_can_network_connect_db 1
# Permits connections

# Restart web service
sudo systemctl restart gsad
# Restarts web UI

Problem 4: โ€œFeed sync fails or takes foreverโ€

# Solution: Use alternative sync methods
# Use rsync instead of http
sudo greenbone-feed-sync --type=GVMD_DATA --method=rsync
# Faster sync method

# Sync only essential feeds
sudo greenbone-nvt-sync
# Just vulnerability tests

# Use community feed mirror
export COMMUNITY_NVT_RSYNC_FEED=rsync://feed.community.greenbone.net:/nvt-feed
sudo greenbone-nvt-sync
# Alternative feed source

# Check available space
df -h /var/lib/gvm
# Needs at least 10GB free

๐Ÿ“‹ Simple Commands Summary

Your OpenVAS command cheat sheet - essential reference! ๐Ÿ“Œ

CommandWhat It DoesExample
gvm-startStart all servicessudo gvm-start
gvm-stopStop all servicessudo gvm-stop
gvm-check-setupVerify installationsudo gvm-check-setup
greenbone-feed-syncUpdate vulnerabilitiessudo greenbone-feed-sync
gvmd --get-tasksList scan taskssudo gvmd --get-tasks
gvmd --get-resultsShow scan resultssudo gvmd --get-results
gvmd --create-userAdd new usersudo gvmd --create-user=john
openvas --update-vt-infoUpdate scannersudo openvas --update-vt-info
gvm-manage-certsManage certificatessudo gvm-manage-certs -f

๐Ÿ’ก Tips for Success

Ready to become a vulnerability scanning expert? Here are pro tips! ๐Ÿš€

Scanning Best Practices

  • ๐ŸŽฏ Always get written permission before scanning
  • ๐Ÿ“… Schedule scans during maintenance windows
  • ๐Ÿ”„ Start with discovery scans, then detailed
  • ๐Ÿ“Š Prioritize critical systems first

Report Management

# Create report template script
cat << 'EOF' > /usr/local/bin/generate-report.sh
#!/bin/bash
DATE=$(date +%Y%m%d)
sudo gvmd --get-reports --format=PDF > reports/scan-$DATE.pdf
sudo gvmd --get-reports --format=CSV > reports/scan-$DATE.csv
sudo gvmd --get-reports --format=XML > reports/scan-$DATE.xml
# Generate summary
echo "High: $(grep -c High reports/scan-$DATE.csv)"
echo "Medium: $(grep -c Medium reports/scan-$DATE.csv)"
echo "Low: $(grep -c Low reports/scan-$DATE.csv)"
EOF
chmod +x /usr/local/bin/generate-report.sh

Integration Ideas

  • ๐Ÿ“ง Email reports to security team automatically
  • ๐Ÿ”” Send critical findings to Slack/Teams
  • ๐Ÿ“Š Export to SIEM for correlation
  • ๐ŸŽซ Create tickets for remediation

Performance Optimization

  • ๐Ÿ’พ Use SSD for database storage
  • ๐Ÿ”„ Scan in segments for large networks
  • โฐ Schedule feed updates during off-hours
  • ๐Ÿ“ˆ Monitor resource usage during scans

๐Ÿ† What You Learned

Amazing work! Look at what youโ€™ve accomplished! ๐ŸŽŠ Youโ€™re now a vulnerability scanning expert:

  • โœ… Installed and configured OpenVAS/GVM on AlmaLinux
  • โœ… Set up PostgreSQL and Redis for backend
  • โœ… Configured web interface access
  • โœ… Created and managed scan targets
  • โœ… Ran comprehensive vulnerability scans
  • โœ… Generated professional security reports
  • โœ… Automated scanning workflows
  • โœ… Troubleshot common issues
  • โœ… Optimized scanner performance
  • โœ… Built enterprise-grade vulnerability assessment

๐ŸŽฏ Why This Matters

Youโ€™ve just deployed the same technology that security professionals use to protect Fortune 500 companies! ๐Ÿข OpenVAS gives you the power to find vulnerabilities before they become breaches. Youโ€™re not waiting for attacks - youโ€™re actively hunting for weaknesses and fixing them proactively.

This isnโ€™t just about running scans - itโ€™s about taking ownership of your security posture. You can now identify risks, prioritize patches, prove compliance, and sleep better knowing your systems are checked regularly. Youโ€™ve transformed from reactive to proactive security!

Your AlmaLinux system is now a professional vulnerability assessment platform. Youโ€™re equipped to protect not just one server, but entire networks. Youโ€™ve got the tools that cost thousands of dollars in commercial versions - for free! ๐Ÿ’ช

Keep scanning, keep securing, and remember - the best defense is knowing your weaknesses! Youโ€™ve got this! โญ

Happy hunting, AlmaLinux security guardian! ๐Ÿ™Œ