确认四个服务都启动后的监听状态:
#netstat -anpt | grep :939
tcp 0 0 0.0.0.0:9390 0.0.0.0:* LISTEN 25540/openvasmd
tcp 0 0 0.0.0.0:9391 0.0.0.0:* LISTEN 25361/openvassd
tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 25442/gsad
tcp 0 0 127.0.0.1:9393 0.0.0.0:* LISTEN 25399/openvasad
5)、启动客户层组件
gsad服务默认只监听127.0.0.1,若要从客户机的浏览器中访问,建议将其改为0.0.0.0后再启动服务
#vim /etc/sysconfig/gsad
GSA_ADDRESS=0.0.0.0 //必须修改为0.0.0.0
GSA_PORT=9392
#/etc/init.d/gsad restart
# netstat-anpt | grep -i gsad
tcp 0 00.0.0.0:9392 0.0.0.0:* LISTEN 2074/gsad
五、添加普通用户与管理员用户
openvas-adduser //创建用户
openvas-rmuser //删除用户
1)、添加普通用户yy
#openvas-adduser
Using/var/tmp as a temporary file holder.
Add anew openvassd user
-------------------------
Login:yy //输入要添加的扫描用户名称
Authentication(pass/cert)[pass]: //直接回车使用默认的密码认证方式
Loginpassword: //设置密码
Loginpassword(again): //设置密码(确认)
Userrules
------------
openvassdhas a rules system which allows you to restrict the hosts that tsengyia has theright to test.
Forinstance, you may want him to be able to scan his own host only.
Pleasesee the openvas-adduser(8) man page for the rules syntax.
Enterthe rules for this user, and hit ctrl-D once you are done.
(theuser can have an empty rules set)
accept192.168.10.0/24 //设置授权规则(允许扫描哪些网段或主机)
accept10.0.0.0/24
defaultdeny //设置默认授权规则(若不指定任何规则,默认允许扫描任意主机、网络)
注:在这填写完默认授权规则要Ctrl+d提交,进行下一步
Login yy
Password ************
Rules
accept192.168.4.0/24
accept10.0.0.0/24
defaultdeny
Isthat ok? (y/n)[y] //直接回车接受前述设置,完成用户添加
useradded.
2)创建管理员用户admin
先使用openvas-adduser工具添加普通的扫描用户admin,然后其配置目录中建立isadmin文件,即可将角色设置为管理员。
# openvas-adduser
Using/var/tmp as a temporary file holder.
Adda new openvassd user
-------------------------
Login:admin
…… //省略其创建普通用户过程
#touch /var/lib/openvas/users/admin/isadmin //将普通用户admin设置成管理员
六、客户端访问OpenVAS
浏览器访问 https://192.168.134.133:9392 注意:是加密传输https
注意:如果登录失败,出现“Login failed. OMP service is down”,可执行下列操作修复(排错思路及过程附后):
#openvas-mkcert-client -n om -i
#openvasmd –rebuild
#service openvas-manager restart
#netstat -anpt | grep openvasmd
tcp 0 0 0.0.0.0:9390 0.0.0.0:* LISTEN 33097/openvasmd