Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Adding openvas to opnsense
« previous
next »
Print
Pages: [
1
]
Author
Topic: Adding openvas to opnsense (Read 6499 times)
loden_richard
Newbie
Posts: 27
Karma: 2
Adding openvas to opnsense
«
on:
May 30, 2016, 08:20:36 am »
Hi there,
I was wondering if it is possible to integrate openvas (
http://openvas.org/
) within opnsense. My problem is, it is not within the pkg source and I can't install the required packages for compiling openvas. Is there an option to enable the sources for it without breaking my opnsense installation?
with best regards
richard
Logged
cibomato
Newbie
Posts: 30
Karma: 4
Re: Adding openvas to opnsense
«
Reply #1 on:
May 30, 2016, 10:42:01 am »
Hi Richard,
I'd also like to have a system like OpenVAS available in my network but I'm not an opensense developer and I'm not sure, whether the right place for it is on the firewall?!
Kind regards,
Jochen
Logged
loden_richard
Newbie
Posts: 27
Karma: 2
Re: Adding openvas to opnsense
«
Reply #2 on:
May 30, 2016, 11:08:49 am »
Hello Jochen,
thanks for your reply. In my setup I have opnsense as my central router which combines LAN, WLAN and WAN. Therefore all of my assets are known by opnsense and could be reached. I want an analysis of the connected assets and their patch levels. Maybe it would be possible to load an jail with openvas installed?
with best regards
richard
Logged
cibomato
Newbie
Posts: 30
Karma: 4
Re: Adding openvas to opnsense
«
Reply #3 on:
May 30, 2016, 12:28:32 pm »
Hi Richard,
same setup here. Let's see what the devs are saying.
Best regards,
Jochen
Logged
loden_richard
Newbie
Posts: 27
Karma: 2
Re: Adding openvas to opnsense
«
Reply #4 on:
June 15, 2016, 12:30:09 pm »
Bump!
If the question is not specific enough then please provide some information how to integrate openvas ;-)
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: Adding openvas to opnsense
«
Reply #5 on:
July 11, 2016, 11:49:01 pm »
Hi Richard,
Sorry for the delay.
You should be able to build on your OPNsense from the ports tree. You need to run:
# pkg install git
# cd /usr
# git clone
https://github.com/opnsense/ports
# cd ports/security
The openvas ports are in "openvas-cli", "openvas-libraries", "openvas-manager", "openvas-scanner". You should be able to compile/install using e.g.:
# cd openvas-cli
# make install
Afterwards it should configure like on stock FreeBSD even without an OPNsense GUI plugin.
Not sure the scope for openvas fits a perimeter firewall or how big the packages/dependencies are. Deferring this for after 16.7.
Cheers,
Franco
Logged
loden_richard
Newbie
Posts: 27
Karma: 2
Re: Adding openvas to opnsense
«
Reply #6 on:
July 18, 2016, 02:27:15 pm »
The plan is within a small network environment is the best place to search actively for vulnerabilities from the edge firewall. All zones connected to the connected network (e.g. internet) are reachable from that point. Alternatively a jail could be hosted with a running vuln. scanner.
I am sure for big networks within companies it would not apply if opnsense is used as edge firewall. I have seen installations for separating internal networks from each other and for that reason it could be a nice feature to be able scan the network which should be separated.
e.g. a scada network (which is not my installation but is an argument for a specific installation of openvas):
The firewalls could also do an additional active security scanning service for ensuring patch levels and so on.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Adding openvas to opnsense
