It’s time to cover some vulnerability scanning! What better way to start this than with the installation of OpenVAS? Today I will show you how to install OpenVAS on Kali Linux in a step-by-step guide for you to follow along.
Table of Contents
- What is OpenVAS?
- Step 1 – Install OpenVAS on Kali Linux
- Step 2 – Configuring OpenVAS
- Step 3 – Running your first Scan
- Finding Exploits with OpenVAS
- Troubleshooting
- Conclusion
⚠️ Kali Linux Wiki
➡️ Download Kali Linux Safe & Easy
➡️ Install Kali Linux on VirtualBox
➡️ Install Kali Linux on VMWare Workstation
➡️ Dual Boot Kali Linux with Windows
➡️ Install Kali Linux on WSL 2
➡️ Install Kali Linux on a Laptop
➡️ Install VSCode on Kali Linux
➡️ Install OpenVAS on Kali Linux
➡️ Install Docker on Kali Linux
➡️ WiFi Adapter for Kali Linux
What is OpenVAS?
OpenVAS is an open-source vulnerability scanner. OpenVAS started under the name of GNessUs, a fork of the previously open-source Nessus scanning tool (which costs you money now). OpenVAS is also under the GNU General Public License (GPL).
I personally used this software in many different kinds of assessments and was always satisfied with the results I got (keeping in mind that it is completely free).
Of course, tools like Nessus and NeXpose are more feature-rich, but they come with a high price tag too.
For starters, OpenVAS is simply perfect and gives you a good idea of how a vulnerability scanner works. I also found it very intuitive to work with.
So without further ado, let’s dive right into the installation.
Step 1 – Install OpenVAS on Kali Linux
The first thing we want to do is to make sure that our Kali installation is up-to-date. So open a terminal window and run:
sudo apt update && sudo apt upgrade -y
Code language: Bash (bash)
This will update your repository and upgrade your Kali, the -y
at the end saves you a press of the button “Y” in the process.
The next thing we want to do is to install OpenVAS. Again in the Terminal type:
sudo apt install openvas
Code language: Bash (bash)
Confirm that you are aware that an additional ~1,2 Gigabyte of Disk Space will be used by pressing Y
.
Now this will take a good while. Grab a coffee or prepare some Yerba Mate while we are waiting 🙂
Once that is done we will run another command in the terminal window:
sudo gvm-setup
Code language: Bash (bash)
Note: In case you run into a PostgreSQL error – check out the troubleshooting section at the end of this article.
This is going to take very long.
Phew… That took about 2 hours for me to finish. I still didn’t get why it takes so long, but just go for a long walk and come back later…
After the setup process is finished, don’t forget to note down your password that was generated at the end, you need it to log in for the first time.
Step 2 – Configuring OpenVAS
The installation is now finished. Next, we verify if our installation is working.
sudo gvm-check-setup
Code language: Bash (bash)
I got an error (SCAP DATA are missing), but if you look through the error message, you can see that you can fix it by running:
sudo runuser -u _gvm -- greenbone-feed-sync --type SCAP
Code language: Bash (bash)
This fixed my issue.
First, we are starting the OpenVAS Service.
sudo gvm-start
Code language: Bash (bash)
Now your OpenVAS Service should be up and running. OpenVAS listens on the Ports: 9390, 9391, 9392, and on Port 80. Your web browser should automatically open and lead to the OpenVAS Login Page.
If not, open a web browser manually and enter the URL
https://127.0.0.1:9392
Code language: Bash (bash)
The first time you want to open this URL you will get a security warning. Click on Advanced and Add an Exception.
Remember the password you noted down before? Now we are going to need it.
Forgot your Admin Password?
Reset it by typing:sudo gvmd --user=admin --new-password=passwd;
Log in to OpenVAS with admin // your password
First things first – Navigate to To your User Profile / My Settings / Click on Edit and change the password.
This is basically all you need to do. OpenVAS is now running and ready for use.
Step 3 – Running your first Scan
Now it’s time to run our first scan.
As this is just the installation part I won’t go into details, but I will show you quickly how to run your first scan. There will be more articles covering OpenVAS and we will continue looking into all of the different options we have and how to process scan results.
So the easiest way is simply to Navigate to Scans / Tasks and click on the little Magic Wand icon and start the Task Wizard.
Now you can enter either a single IP, a whole subnet, a range of IP Addresses, or a domain.
This will start a default-depth scan. Depending on the scale of the Network you want to scan this can take from a few minutes up to several hours or even days if the network is large enough and you choose a deep scan.
This and more will be covered in the next article for OpenVAS, which is coming soon.
Finding Exploits with OpenVAS
I created a video a while ago on how to find Exploits using OpenVAS, which basically goes through the whole process of scanning and then finding Exploits for your findings. The video is a bit older but still valid. Give it a watch if you want to learn how to use OpenVAS in-depth.
Troubleshooting
There is a lot that can go wrong during the installation of OpenVAS as some of our readers has pointed out, therefore, we decided to create a little extra section here, covering the most common errors.
PostgreSQL Version Errors v13 and v14
There are multiple possible version errors for PostgreSQL. As our reader Tom has pointed out, the first one is:
[>] Starting PostgreSQL service
[-] ERROR: The default PostgreSQL version (13) is not 14 that is required by libgvmd
[-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster
Solution:
Open the postgresql.conf
file of version 14 and change the port to 5432:
sudo nano /etc/postgresql/14/main/postgresql.conf
Then open the postgresql.conf
file of version 13 and check if the port is the same as in version 14. If it is the same – change it to 5433:
sudo nano /etc/postgresql/13/main/postgresql.conf
Restart the PostgreSQL service:
sudo systemctl restart postgresql
PostgreSQL Version Errors v14 and v15
During my installation, I got the following error affecting v14 and v15 of PostgreSQL:
[>] Starting PostgreSQL service
[-] ERROR: The default PostgreSQL version (14) is not 15 that is required by libgvmd
[-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster
Gladly, the solution to this problem was easier than the one above and might as well work for the problem above:
sudo systemcctl stop postgresql@14-main
sudo /usr/bin/pg_dropcluster --stop 14 main
Code language: CSS (css)
OpenVAS failed to find config
Another common error is the failed to find config ‘long-string-value’ message. There are multiple possible solutions for this issue. The one that worked for me is the following:
sudo runuser -u _gvm – gvmd --get-scanners
Code language: JavaScript (javascript)
Note down the scanner ID.
Then run:
sudo runuser -u _gvm – gvmd --get-users --verbose
Code language: JavaScript (javascript)
This gives you the users, including their IDs. You are probably an admin. To solve the issue, enter:
sudo runuser -u _gvm – gvmd --modify-scanner [scanner id] --value [user id]
Code language: CSS (css)
Conclusion
This is how easy it is to install OpenVAS on Kali Linux and start a basic scan. There is a lot more to learn about OpenVAS, but this should get you up and running in no time!
👀 This Tutorial has some related Articles!
👉 How to get started in Cyber Security – The Complete Guide
👉 How to get started with Bug Bounties
👉 Terminal Customization Series
👉 Best Ethical Hacking Books
👉 Download Kali Linux Safe & Easy
👉 Best Ethical Hacking Tools
👉 Install VSCode on Kali Linux
👉 Dual Boot Kali Linux with Windows
👉 Install Kali Linux on VirtualBox – Complete Beginner Guide
👉 Top Things to do after installing Kali Linux
👉 WiFi Adapter for Kali Linux – The Ultimate Guide
👉 Nmap Beginner Guide Series
👉 Metasploit Tutorial Series
👉 Burp Suite Beginner Guide
This is so backwards. Installed and updated Kali. Installed gvm with no issues, but when i ran through set up i got the below error; however, i dont even have 15 installed. I have 14 and 16 installed. Anyone ever see the below. Seems so backwards.
>] Starting PostgreSQL service
[-] ERROR: The default PostgreSQL version (16) is not 15 that is required by libgvmd
[-] ERROR: libgvmd needs PostgreSQL 15 to use the port 5432
[-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster
i downloaded and installed openvas i did the setup and the check setup i am in openvas i logged in
and it is empty
i got no nvts i tried everything from feed update to deleteing kali and redownloading it please help
I need help in this. I don’t know how solve the error message.
┌──(root㉿kali)-[~]
└─# gvm-check-setup
gvm-check-setup 23.11.0
Test completeness and readiness of GVM-23.11.0
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 22.7.9.
OK: Notus Scanner is present in version 22.6.2.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 33029 NVTs.
OK: The notus directory /var/lib/notus/products contains 456 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-openvas service is active.
OK: ospd-OpenVAS is present in version 22.6.2.
Step 2: Checking GVMD Manager …
OK: GVM Manager (gvmd) is present in version 23.1.0.
Step 3: Checking Certificates …
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data …
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user …
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
ERROR: The new extension pgcrypto does not exist for gvmd database
FIX: Run ‘sudo runuser -u postgres — /usr/share/gvm/create-postgresql-database’
ERROR: Your GVM-23.11.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
I tried the instructions for “Failed to find config”, but it is not working for me. Does anyone have other solution?
I followed the instructions for “Failed to find conifg”, but it is showing me the same error.
I stopped and started gvm again and it still does not work for me. Does anyone have any other solution?
root㉿kali)-[~]
└─# sudo gvm-check-setup
gvm-check-setup 23.11.0
Test completeness and readiness of GVM-23.11.0
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 22.7.7.
OK: Notus Scanner is present in version 22.6.2.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 88173 NVTs.
OK: The notus directory /var/lib/notus/products contains 456 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-openvas service is active.
OK: ospd-OpenVAS is present in version 22.6.2.
Step 2: Checking GVMD Manager …
OK: GVM Manager (gvmd) is present in version 23.1.0.
Step 3: Checking Certificates …
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data …
OK: SCAP data found in /var/lib/gvm/scap-data.
ERROR: CERT data are missing.
FIX: Run the CERT synchronization script greenbone-feed-sync.
sudo greenbone-feed-sync –type cert.
ERROR: Your GVM-23.11.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
root㉿kali)-[~]
└─# sudo greenbone-feed-sync –type cert
Running as root. Switching to user ‘_gvm’ and group ‘_gvm’.
Trying to acquire lock on /var/lib/gvm/feed-update.lock
Acquired lock on /var/lib/gvm/feed-update.lock
⠧ Downloading CERT-Bund data from
rsync://feed.community.greenbone.net/community/vulnerability-feed/22.04/cert-
data/ to /var/lib/gvm/cert-data
rsync: write failed on “/var/lib/gvm/cert-data/CB-K13.xml”: No space left on
device (28)
rsync error: error in file IO (code 11) at receiver.c(380)
rsync error: error in file IO (code 11) at io.c(1700)
Releasing lock on /var/lib/gvm/feed-update.lock
same as me
my instalation was sucessfull, but now i would like to change the web address from 127.0.01:9392 to an external IP address, but I can´t do it. can you help?
I’ve that trouble, please help me. Try downloading again as the error mentions but it’s still the same.
└─# gvm-check-setup
gvm-check-setup 22.5.0
Test completeness and readiness of GVM-22.5.0
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 22.7.6.
OK: Notus Scanner is present in version 22.6.0.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
ERROR: Directories containing the NVT collection not found.
FIX: Run the NVT synchronization script greenbone-feed-sync.
sudo greenbone-feed-sync –type nvt
ERROR: Your GVM-22.5.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
————————————————————————–
┌──(root㉿kali)-[/home/kali]
└─# sudo greenbone-feed-sync –type nvt
Running as root. Switching to user ‘_gvm’ and group ‘_gvm’.
Trying to acquire lock on /var/lib/openvas/feed-update.lock
Acquired lock on /var/lib/openvas/feed-update.lock
⠹ Downloading Notus files from rsync://feed.community.greenbone.net/community/vulnerability-feed/22.04/vt-data/notus/ to
/var/lib/notus
rsync: [Receiver] safe_read failed to read 1 bytes: Connection timed out (110)
rsync error: error in rsync protocol data stream (code 12) at io.c(282) [Receiver=3.2.7]
⠋ Downloading NASL files from rsync://feed.community.greenbone.net/community/vulnerability-feed/22.04/vt-data/nasl/ to
/var/lib/openvas/plugins
rsync: [Receiver] safe_read failed to read 1 bytes: Connection timed out (110)
rsync error: error in rsync protocol data stream (code 12) at io.c(282) [Receiver=3.2.7]
Releasing lock on /var/lib/openvas/feed-update.lock
gvm-check-setup 23.11.0
Test completeness and readiness of GVM-23.11.0
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 22.7.9.
OK: Notus Scanner is present in version 22.6.2.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 90232 NVTs.
OK: The notus directory /var/lib/notus/products contains 456 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
Starting ospd-openvas service
Job for ospd-openvas.service failed because the control process exited with error code.
See “systemctl status ospd-openvas.service” and “journalctl -xeu ospd-openvas.service” for details.
Waiting for ospd-openvas service
ERROR: ospd-openvas service did not start.
Please check journalctl -xe
ERROR: Your GVM-23.11.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
Hello everyone. I encountered an error.
I ran the “sudo gvm-check-setup” command to see how the process was running. Since there is no FIX, I do not know what steps to take.
┌──(tendo㉿illuminary)-[~]
└─$ sudo gvm-check-setup
gvm-check-setup 22.5.0
Test completeness and readiness of GVM-22.5.0
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 22.7.3.
OK: Notus Scanner is present in version 22.5.0.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 1130 NVTs.
OK: The notus directory /var/lib/notus/products contains 444 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
Starting ospd-openvas service
Job for ospd-openvas.service failed because the control process exited with error code.
See “systemctl status ospd-openvas.service” and “journalctl -xeu ospd-openvas.service” for details.
Waiting for ospd-openvas service
ERROR: ospd-openvas service did not start.
Please check journalctl -xe
ERROR: Your GVM-22.5.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
┌──(tendo㉿illuminary)-[~]
└─$ systemctl status ospd-openvas.service
● ospd-openvas.service – OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
Loaded: loaded (/lib/systemd/system/ospd-openvas.service; disabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2023-09-07 18:17:06 CDT; 32s ago
Docs: man:ospd-openvas(8)
man:openvas(8)
Process: 10052 ExecStart=/usr/bin/ospd-openvas –config /etc/gvm/ospd-openvas.conf –log-config /etc/gvm/ospd-logging.conf (code=exited, status=1/FAILURE)
CPU: 889ms
┌──(tendo㉿illuminary)-[~]
└─$ journalctl -xeu ospd-openvas.service
Sep 07 18:18:07 illuminary ospd-openvas[10153]: ^^^^^^^^
Sep 07 18:18:07 illuminary ospd-openvas[10153]: File “/usr/lib/python3/dist-packages/ospd_openvas/db.py”, line 609, in __init__
Sep 07 18:18:07 illuminary ospd-openvas[10153]: super().__init__(self.DEFAULT_INDEX, ctx)
Sep 07 18:18:07 illuminary ospd-openvas[10153]: File “/usr/lib/python3/dist-packages/ospd_openvas/db.py”, line 431, in __init__
Sep 07 18:18:07 illuminary ospd-openvas[10153]: self.ctx = OpenvasDB.create_context(kbindex)
Sep 07 18:18:07 illuminary ospd-openvas[10153]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Sep 07 18:18:07 illuminary ospd-openvas[10153]: File “/usr/lib/python3/dist-packages/ospd_openvas/db.py”, line 102, in create_context
Sep 07 18:18:07 illuminary ospd-openvas[10153]: ctx = redis.Redis.from_url(
Sep 07 18:18:07 illuminary ospd-openvas[10153]: ^^^^^^^^^^^^^^^^^^^^^
Sep 07 18:18:07 illuminary ospd-openvas[10153]: File “/usr/lib/python3/dist-packages/redis/client.py”, line 897, in from_url
Sep 07 18:18:07 illuminary ospd-openvas[10153]: connection_pool = ConnectionPool.from_url(url, **kwargs)
Sep 07 18:18:07 illuminary ospd-openvas[10153]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Sep 07 18:18:07 illuminary ospd-openvas[10153]: File “/usr/lib/python3/dist-packages/redis/connection.py”, line 1275, in from_url
Sep 07 18:18:07 illuminary ospd-openvas[10153]: url_options = parse_url(url)
Sep 07 18:18:07 illuminary ospd-openvas[10153]: ^^^^^^^^^^^^^^
Sep 07 18:18:07 illuminary ospd-openvas[10153]: File “/usr/lib/python3/dist-packages/redis/connection.py”, line 1212, in parse_url
Sep 07 18:18:07 illuminary ospd-openvas[10153]: raise ValueError(
Sep 07 18:18:07 illuminary ospd-openvas[10153]: ValueError: Redis URL must specify one of the following schemes (redis://, rediss://, unix://)
Sep 07 18:18:07 illuminary systemd[1]: ospd-openvas.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit ospd-openvas.service has exited.
░░
░░ The process’ exit code is ‘exited’ and its exit status is 1.
Sep 07 18:18:07 illuminary systemd[1]: ospd-openvas.service: Failed with result ‘exit-code’.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit ospd-openvas.service has entered the ‘failed’ state with result ‘exit-code’.
Sep 07 18:18:07 illuminary systemd[1]: Failed to start ospd-openvas.service – OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
░░ Subject: A start job for unit ospd-openvas.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit ospd-openvas.service has finished with a failure.
░░
░░ The job identifier is 6849 and the job result is failed.
I am encountering exact issue with you can anyone help please!
Check permissions in /var/log/gvm
Should be _gvm _gvm for all.
eg: sudo chown _gvm:_gvm openvas.log
just updated / upgraded to Kali Linux 2023.2 (with everything option)
gvm seems to come installed now – but always fails – been trying for 2 days now, so may have got my attempted fix’s out of order
finally took openvas / gvm completely off –
sudo apt autoremove
sudo apt-get purge openvas*
sudo apt-get purge openvas9*
sudo apt-get purge openvas*
sudo apt-get purge libopenvas9
sudo apt-get purge libopenvas9-dev
sudo apt autoremove
sudo rm -rf /var/lib/openvas/
then:
sudo apt install openvas
and doing what this vid says to do – still will not work
‘gvm-setup’ = seems ok, a few ‘permission denied’ when it tried to change to my home dir – no errors identified and screen log looks ok – downloads all rsync files
‘gvm-check-setup’ – fails, always get under starting ospd-openvas service getting this error:
“Checking that the obsolete redis database has been removed
Could not connect to Redis at /var/run/redis-openvas/redis-server.sock: No such file or directory
OK: No old Redis DB
Starting ospd-openvas service
Job for ospd-openvas.service failed because the control process exited with error code.
See “systemctl status ospd-openvas.service” and “journalctl -xeu ospd-openvas.service” for details.
Waiting for ospd-openvas service
ERROR: ospd-openvas service did not start.
Please check journalctl -xe
ERROR: Your GVM-22.5.0 installation is not yet complete!”
can anyone enlighten me as to how to fix this please – as this is a fresh Kali Linux 2023.2 and OpenVas you would think it would work out of the box
many thanks for any help
Hello,
Can anyone help me please?! I tried to open the link after installing on firefox. But it say unable to connect. I had the same problem with nessus. I tried many ways but it is not working. Can you help me pleaseee?
Hello,
Can anyone help me please?! I tried opening the link https://127.0.0.1:9392 and it say unable to connect even though there is internet connection. I had the same problem with Nessus eventhough i tried many ways. Can you please help me with this.
I did found this issue need to fix and already run the command but still failed. Is there any way for me to fix this issue? Sorry if it seem easy but I still failed to fix this after update my kali.
WARNING: database “postgres” has a collation version mismatch
DETAIL: The database was created using collation version 2.36, but the operating system provides version 2.37.
HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE postgres REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
found this here: https://forum.greenbone.net/t/the-database-was-created-using-collation-version-2-35-but-the-operating-system-provides-version-2-36/13562/3
This below solution worked for me :
Connect to postgres
sudo -u postgres psql
List all databases to ensure your database exists
\l
Alter gvmd & postgres database to refresh Collation version
ALTER DATABASE gvmd REFRESH COLLATION VERSION;
ALTER DATABASE postgres REFRESH COLLATION VERSION;
Exit postgres
\q or exit
Restart GSM services
systemctl daemon-reload && systemctl restart gvmd.service gsad.service
Check if warnings are fixed
gvm-check-setup
==
fix this error but still can not get gvm to work!!! – really annoying woth ospd service not running for some reason
Hey Albqir this issue still persists on my end today. If there is a solution I await an answer for this.
Configure Feed Import Owner
could not change directory to “/home/kali”: Permission denied
psql: error: connection to server on socket “/var/run/postgresql/.s.PGSQL.5432” failed: FATAL: database “gvmd” does not exist
[*] Define Feed Import Owner
Don’t run the sudo apt-get upgrade
just skip ahead to sudo gvm-setup and it should work. You can run updates for now just not upgrades.
a face a issue
a can not start my openvas
whene i type sudo gvm-check-setup
then they tell me my installation is not cmplete yet
what should i do plz help me
After installing OpenVAS on Kali linux, ran gvm-setup command to setup GVM as per instructions: https://linuxhint.com/install-openvas-kali-linux/
However, the following error ocurred:
ERROR: The default postgresql version is not 13 required by libgvmd
Error: Use pg_upgradecluster to update your postgres cluster
So, I checked the version of PostgreSQL installed by:
$ su postgres
$ psql –version
psql (PostgreSQL) 13.2 (Debian 13.2-1)
The version was 13. How can I complete the gvm-setup?
gvm-setup will look for PostgreSQL on port 5432. If you have more than one version of PostgreSQL installed, they will be assigned incremental port numbers starting at 5432. To check for other versions of PostgreSQL, you can look in the /etc/postgresql/ directory. You may see multiple directories, corresponding to the PostgreSQL versions you have installed.
You should go into each version and edit the postgresql.conf file to change the port number of PostgreSQL 13 to 5432, and assign other port numbers to the other versions. So if you had PostgreSQL 14 and 15 installed:
Edit the PostgreSQL 12 config file
$ nano /etc/postgresql/12/main/postgresql.conf
find the line port = 5432 and change to:
port = 5433
Edit the PostgreSQL 13 config file
$ nano /etc/postgresql/13/main/postgresql.conf
find the line port = 5433 and change to:
port = 5432
Finally restart PostgreSQL:
systemctl restart postgresql
and then run gvm-setup again
gvm-setup
The error message tells you, that you should upgrade your postgres cluster. There could already be a higher version of postgres cluster created in your system, which you can examine with the following command:
sudo pg_lsclusters
However, this auto generated cluster might not always function as intended (e.g. it operates on different from default port). Thus, it’s best to perform manual cluster upgrade (you can omit step 1 if you don’t have any auto generated cluster). Assuming that you want to upgrade from version 13 to 14:
1. delete automatically generated cluster version 14 (use –stop if service status is not down):
2. sudo pg_dropcluster –stop 14 main
3. migrate cluster version 14 to version 15:
4. sudo pg_upgradecluster 14 main
5. optionally, you can drop the old cluster:
6. sudo pg_dropcluster –stop 14 main
That’s it! The new cluster will listen on the port, that were previously used by the old cluster. It might be needed to start or enable postgres service in systemd in order to use PostgreSQL in other applications.
I have tried so many things to try to get my openVas open. however, I continue to receive an error can you please help? I have tried multiple sources and no solution. The setup is not complete.
OK: redis-server configuration is OK and redis-server is running.
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
ERROR: Directories containing the NVT collection not found.
FIX: Run the NVT synchronization script greenbone-nvt-sync.
sudo runuser -u _gvm — greenbone-nvt-sync.
ERROR: Your GVM-22.4.1 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
┌──(ccoll207㉿Kali)-[~]
└─$ sudo runuser -u _gvm — greenbone-feed-sync –type SCAP
rsync: getaddrinfo: feed.community.greenbone.net 873: Name or service not known
rsync error: error in socket IO (code 10) at clientserver.c(139) [Receiver=3.2.7]
help me to t=fix it.thank you sir
and after set up 6.imean set up 7:
: Checking if GVM services are up and running …
Starting ospd-openvas service
Job for ospd-openvas.service failed because the control process exited with error code.
See “systemctl status ospd-openvas.service” and “journalctl -xeu ospd-openvas.service” for details.
Waiting for ospd-openvas service
ERROR: ospd-openvas service did not start.
Please check journalctl -xe
ERROR: Your GVM-22.4.1 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
I have the same problem, some to help
until step6 :every things was ok .
gvm-check-setup 22.4.1
Test completeness and readiness of GVM-22.4.1
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 22.4.1.
OK: Notus Scanner is present in version 22.4.4.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 85506 NVTs.
OK: The notus directory /var/lib/notus/products contains 427 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 22.4.6.
Step 2: Checking GVMD Manager …
OK: GVM Manager (gvmd) is present in version 22.4.2.
Step 3: Checking Certificates …
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data …
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user …
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | libc |
16435|pg-gvm|10|2200|f|22.4.0||
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) …
OK: Greenbone Security Assistant is present in version 22.04.1~git.
hi
please help me.
how can i fix this problem?
Job for ospd-openvas.service failed because the control process exited with error code.
See “systemctl status ospd-openvas.service” and “journalctl -xeu ospd-openvas.service” for details.
This error caused the browser to not connect.
https://127.0.0.1:9392
Stephan i have tried for 3 days now to install openvas and i get this issue step 7: Checking if GVM services are up and running …
Starting ospd-openvas service
Job for ospd-openvas.service failed because the control process exited with error code.
See “systemctl status ospd-openvas.service” and “journalctl -xeu ospd-openvas.service” for details.
Waiting for ospd-openvas service
ERROR: ospd-openvas service did not start.
Please check journalctl -xe
ERROR: Your GVM-22.4.1 installation is not yet complete!
can you please guide me what to do
this should not be so hard
regards
nathan (very frustrated)
you are having a space issue, try checking your disk space with “df -H”,
Hello my good friend, good day. Did you manage to solve your problem? I have the same problem as yours. Please help.
[email protected]
gvm-stop
chmod 666 /var/log/gvm/openvas.log
gvm-start
thanks me later
HAhaha its works!
Thanks bro!
Thank you
This solution has worked
I recommend everyone who is facing the same problem to try the above solution
Thank you Dare-devil
Just so everyone knows, you need to have port 873 and port 24 open on Kali. If you work in an org like me, those ports are blocked by default by the firewall. Opening port 873 will allow you to execute the command, “sudo runuser -u _gvm — greenbone-feed-sync –type SCAP”. Port 24 will allow you to obtain the NVTs.
Hi John T,
I hope this doesn’t sound stupid: I’m very new to Kali Linux (3 days!). I am getting the problem that you mention above so need to open ports 24 and 873.
My system “Linux kali-linux 6.1.0-kali5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.12-1kali2 (2023-02-23) x86_64 GNU/Linux” doesn’t appear to have a firewall (ufw, gufw, iptables, etc.) that I can see. But when I run nmap from another machine I see only ports 25, 110, 119, 143, 465, 563, 587, 993 and 995 open. So a firewall must be in place.
Please could you suggest where I might look for this firewall?
I have been doing Google searches, but I am finding nothing.
Thanks.
If you’re in an org, you have a dedicated FW and need to make the changes on that. At home, your FW is probably integrated in your router.
Great tutorial
Hoping you can help… I too get the failed to find config ‘long-string-value’ error, but when I run
sudo runuser -u _gvm – gvmd –get-scanners
I get an error, unrecognised option ‘–get-scanners’
nor does sudo runuser -u _gvm – gvmd -get-scanners work. –help doesn’t throw any light on the issue.
Any thoughts?
A couple of things about this error I ran into:
1) the spacing & dashes on the command can be confusing depending on how all the webpages that all talk about this error display on your screen. What worked for me was:
sudo runuser u_gvmgvmdgetscanners
2) If this is a fresh install of OpenVAS, it might be giving this error because OpenVAS hasn’t had a chance to fully sync yet.
If you are still getting the error after running the commands here, login to your OpenVAS, then go to “Administration” > “Feed Status”. Verify all the feeds say “Current”. On mine (fresh install), it was taking a while for all of them to go from “Updating” to “Current”, including the “GVMD_DATA” feed, which was the issue since the GVMD_DATA feed says it includes the scan configs. Once they all changed to “Current”, I was able to kick off a scan without any more issues.
Well, the command I typed up didn’t make it through the parsing on the page to display correctly.
Basically:
* single dash and “u” for the user flag
* after the -u do a single space and then “_gvm”
* after “_gvm”, do a space, then 2 dashes, then another space and then “gvmd”
* then do a space, 2 dashes, then get-scanners immediately after the 2 dashes
you can run command : sudo -E -u _gvm(user gvm daemon) gvmd [command gvm]
i am trying to install it on kali 22.4 i have gone through all the comment and procedure still facing the redis issue.
ValueError: Redis URL must specify one of the following schemes (redis://, rediss://>
i have deleted one of the two redis config files as well still the same error in starting the service.
please give solution.
this is my conf file, please correct if anything wrong
[OSPD – openvas]
log_level = INFO
socket_mode = 0o770
unix_socket = /run/ospd/ospd.sock
pid_file = /run/ospd/ospd-openvas.pid
log_file = /var/log/gvm/ospd-openvas.log
redis_url = redis://127.0.0.1:6379
kb_location=/var/run/redis/redis.sock
hola! si tenes ṕroblemas de POSTGRES en Kali puede probar el commando mencionado aqui:
https://forum.greenbone.net/t/gvm-install-setting-on-kali-linux-2020-3/7298/6
Kali is shipping some extra stuff like the gvm-setup or gvm-check-setup tools. These tools are not maintained at Greenbone nor do we contribute to these tools!
saludos desde Argentina!!
am getting this errors and the URL isnt opening
ERROR: Your GVM-22.4.0 installation is not yet complete!
Hi Stefan
Thank you do this well documented procedure.
but unfortunately I am in trouble trying to install openVAS on my KALI 2022.4 (updated and upgraded today)
gvm-check-setup 22.4.0 reports :
…
Step 2: Checking GVMD Manager …
OK: GVM Manager (gvmd) is present in version 22.4.0~dev1.
Step 3: Checking Certificates …
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data …
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user …
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | libc |
16435|pg-gvm|10|2200|f|22.4.0||
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) …
Oops, secure memory pool already initialized
OK: Greenbone Security Assistant is present in version 22.04.0~git.
Step 7: Checking if GVM services are up and running …
Starting ospd-openvas service
Job for ospd-openvas.service failed because the control process exited with error code.
See “systemctl status ospd-openvas.service” and “journalctl -xeu ospd-openvas.service” for details.
Waiting for ospd-openvas service
Waiting for ospd-openvas service
ERROR: ospd-openvas service did not start.
Please check journalctl -xe
ERROR: Your GVM-22.4.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
—-
problem is that there is no FIX to help to solve the problem.
journalctl is reporting :
déc. 08 19:25:05 kali ospd-openvas[25746]: super().__init__(self.DEFAULT_INDEX, ctx)
déc. 08 19:25:05 kali ospd-openvas[25746]: File “/usr/lib/python3/dist-packages/ospd_openvas/db.>
déc. 08 19:25:05 kali ospd-openvas[25746]: self.ctx = OpenvasDB.create_context(kbindex)
déc. 08 19:25:05 kali ospd-openvas[25746]: File “/usr/lib/python3/dist-packages/ospd_openvas/db.>
déc. 08 19:25:05 kali ospd-openvas[25746]: ctx = redis.Redis.from_url(
déc. 08 19:25:05 kali ospd-openvas[25746]: File “/usr/lib/python3/dist-packages/redis/client.py”>
déc. 08 19:25:05 kali ospd-openvas[25746]: connection_pool = ConnectionPool.from_url(url, **kw>
déc. 08 19:25:05 kali ospd-openvas[25746]: File “/usr/lib/python3/dist-packages/redis/connection>
déc. 08 19:25:05 kali ospd-openvas[25746]: url_options = parse_url(url)
déc. 08 19:25:05 kali ospd-openvas[25746]: File “/usr/lib/python3/dist-packages/redis/connection>
déc. 08 19:25:05 kali ospd-openvas[25746]: raise ValueError(
déc. 08 19:25:05 kali ospd-openvas[25746]: ValueError: Redis URL must specify one of the following>
déc. 08 19:25:05 kali systemd[1]: ospd-openvas.service: Control process exited, code=exited, statu>
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit ospd-openvas.service has exited.
░░
░░ The process’ exit code is ‘exited’ and its exit status is 1.
déc. 08 19:25:05 kali systemd[1]: ospd-openvas.service: Failed with result ‘exit-code’.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit ospd-openvas.service has entered the ‘failed’ state with result ‘exit-code’.
déc. 08 19:25:05 kali systemd[1]: Failed to start OSPd Wrapper for the OpenVAS Scanner (ospd-openv>
░░ Subject: L’unité (unit) ospd-openvas.service a échoué
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ L’unité (unit) ospd-openvas.service a échoué, avec le résultat failed.
do you have any hints for me to solve the problem and be able to try openVAS ?
thank you in advance for your time to read this and evenmore if you can help me.
Hey Alain,
check the other comments! Maybe Mick Chung’s comment can help?
hi AainB
i am Nathan, i am getting the exact problem you mentioned, can you tell me if you managed to fix it and how?
kind regards
nathan
Kali version : 2022.4
GVM : 22.4.0
While following the instruction, I encountered several problems :
1. Postgresql 14 / 15 issues
Following the instruction mentioned above, the issue can be solved, but make sure you reconfigure the postgresql.conf with the right port ( 5432).
2. under /etc/redis/ there are 2 configuration files , I managed to remove the redis.conf then restart the redis service to make it work
3. If you encountered the postgresql conf issue, make certain after you modify the configuration file, you have to re-run “sudo gvm-setup” again, otherwise you will not be able to generate the admin and password, and you will not be able to initiate the GVM.
Thanks for leaving that here Mick!
Hi! When I run sudo gvm-check-setup I get an error saying:
Step 5: Checking Postgresql DB and user …
/usr/bin/gvm-check-setup: line 392: [: =: unary operator expected
/usr/bin/gvm-check-setup: line 398: [: -ne: unary operator expected
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | libc |
16439|pg-gvm|10|2200|f|22.4.0||
ERROR: No users found. You need to create at least one user to log in.
FIX: create a user by running ‘sudo runuser -u _gvm — gvmd –create-user= –password=’
I ran sudo runuser -u _gvm — gvmd –create-user= –password=’ but still could not fix it.
I am running GVM 22.4.0 on Kali 2022.4. Any ideas how to fix this?
Hm, that is one error I haven’t encountered.
Are you sure you followed every step? If yes, did you try to google the exact error message?
I know installing OpenVAS can be frustrating since there are so many variables at play, that’s why I created this tutorial – but still we can’t get it to work for everyone 🙁
Hi, Even i am facing the same issue, any idea on how to resolve this??
Got Postgresql error on gvm-setup. Solution:
https://vedran-zulin.from.hr/en/it/security/158-openvas-kali-fixing-the-default-postgresql-version-13-is-not-14-that-is-required-by-libgvmd-error.html
From time to time the error from the subject can appear while trying to finish the OpenVAS installation (on your Kali instance).
Basically, after issuing the sudo gvm-setup command, the following messages may appear:
[>] Starting PostgreSQL service
[-] ERROR: The default PostgreSQL version (13) is not 14 that is required by libgvmd
[-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster
One of the most probable reasons what may be preventing the service start is the port configuration – the following changes have to be done:
sudo nano /etc/postgresql/14/main/postgresql.conf – search for port and change it to 5432;
sudo nano /etc/postgresql/13/main/postgresql.conf – check whether the port is the same as in the config. file above – if so, change it to e.g. 5433 (this must be different!)
run sudo systemctl restart postgresql
(re)run sudo gvm-setup and wait for the procedure to end (updating the GVM feeds may take a while).
Thank you very much for pointing that out, Tom!
I just went ahead and recorded the OpenVAS video and while doing so, encountered that same error.
Although, on the latest Kali version I run into the problem that I was getting the same error with Postgresql version 14 and 15.
Your solution didn’t work for me, I had to do the following:
sudo systemcctl stop postgresql@14-main
sudo /usr/bin/pg_dropcluster –stop 14 main
Post will be updated including your and my solution!
The following command causes file lock error (Could not open lock file /var/lib/dpkg/lock-frontend):
sudo apt update && apt upgrade -y
Should be:
sudo apt update && sudo apt upgrade -y
Oh wow, how did that end up in there! Thank you very much. Corrected!
Please help me, I need a solution for this.
Failed to find config ‘daba56c8-73ec-11df-a475-002264764cea’
Thanks! There was an issue with error “config file missing” and no SCAP database found, but I found solution on one website:
https://github.com/dgiorgio/gvm-docker/issues/9
Because GVMD_DATA is missing. The solution was:
greenbone-feed-sync –type GVMD_DATA
Thank you for that Ricky!
thank you so much!
Many thanks for the excellent article Stefan. I hadn’t used OpenVAS in quite some time and your article really helped me get it up and running. I was stuck until you shared the gvm-setup command. I did hit one more snag. I got the following error: Failed to find config ”.
I found the solution here: https://community.greenbone.net/t/cant-create-a-scan-config-failed-to-find-config/5509/12. Basically, run the following commands:
sudo runuser -u _gvm — greenbone-nvt-sync
sudo runuser -u _gvm — gvmd –get-scanners
(note your scanner id)
sudo runuser -u _gvm — gvmd –get-users –verbose
(note your user id)
sudo runuser -u _gvm — gvmd –modify-scanner [scanner id] –value [user id]
Hey Ted,
glad to see you around here. Thank you for pointing that out and sharing the solution!
Don;’t post comment. Just realised my VM didn’t have internet connection. bridge broken. Working now! thanks.
Great article and instruction for the installs. I ran into a slight problem when i try to execute “openvas-setup” after installation. System responds command not found
“Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
openvas is already the newest version (21.4.3).
The following packages were automatically installed and are no longer required:
kali-wallpapers-2021.4 libaom0 libcbor0 libcodec2-0.9 libfluidsynth2
libfmt7 libgdal29 libgdk-pixbuf-xlib-2.0-0 libgdk-pixbuf2.0-0
libgeos3.10.1 libigdgmm11 libodbc1 libodbccr2 libqhull8.0 libvpx6
libwireshark14 libwiretap11 libwsutil12 odbcinst odbcinst1debian2
python3-orjson ruby-atomic ruby-thread-safe
Use ‘apt autoremove’ to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
┌──(root💀kali)-[~]
└─# openvas-setup
openvas-setup: command not found
Article is updated now. Should work 🙂
If you in trouble to execute openvas-setup… it will probably because the project was renamed, so instead of the ‘openvas-setup’ use ‘gvm-setup’.
Thanks a bunch Rafael, I’ll update this article very soon 🙂
Please update this valuable article. openvas commands no longer works.
kk!
Just a heads-up: The commands no longer work and ‘gvm’ should be used instead of ‘openvas’.
See https://en.wikipedia.org/wiki/OpenVAS: ‘The OpenVAS framework got renamed to Greenbone Vulnerability Management (GVM) and OpenVAS (now Open Vulnerability Assessment Scanner) is now only a part of it. The article should be updated to reflect this change.. Relevant discussion may be found on the talk page. Please update this to reflect recent events or newly available information. (May 2020)’
Thanks for the great articles. i followed the Top Things to do after installing KaliLinux and found the link to installing OpenVAS and running the first scan. Have you added additional articles about OpenVAS? If so, can you provide the links?
Not yet! But they will come 🙂
I got the install to run, and it LOOKS like it’s running and listening in a netstat, but I can’t hit the web interface on the localhost. The „site can’t be reached“. This is after dealing with the security warning. I just can’t get to the dashboard to login that first time.
Thanks a lot for the addition. This worked fine on Kali 2018 as well.
Hi If you are using Kali linux 2017.1 then installation is become a problem. to solve this follow my steps:-
open a terminal try this command
#apt-get update
#apt get install openvas
E:Unable to locate package openvas
then follow this steps:-
in a new terminal type
#sudo leafpad /etc/apt/sources.list
leaf pad will open edit and save the source list with this scripts:
deb https://mirrors.ocf.berkeley.edu/kali kali-rolling main contrib non-free
# For source package access, uncomment the following line
deb-src https://mirrors.ocf.berkeley.edu/kali kali-rolling main contrib non-free
deb http://security.debian.org/ stretch/updates main
after save it come back to a new terminal and type
#apt-get install openvas
-its start installing other process is just like same
Thank you! Great addition to the article!