OpenVAS (Open Vulnerability Assessment Scanner), now part of the Greenbone Community Edition, is a comprehensive vulnerability scanner that checks your server for thousands of known security issues. This guide covers installation and automated scanning.
What OpenVAS Scans For
- Known CVEs in installed software
- Misconfigured services (weak SSL, open relays)
- Default credentials on services
- Missing security patches
- Network-level vulnerabilities
Installation via Docker (Recommended)
# OpenVAS requires significant resources (4 vCPU, 8GB RAM minimum)
# Using Docker simplifies installation
curl -fsSL https://get.docker.com | sh
mkdir -p ~/greenbone && cd ~/greenbone
curl -fsSL https://greenbone.github.io/docs/latest/_static/docker-compose-community.yml \
-o docker-compose.yml
docker compose up -d
# Wait for feed sync (30-60 minutes on first run)
docker compose logs -f gvmdInitial Configuration
# Access web interface at https://YOUR_IP:9392
# Default: admin / admin (change immediately)
# Steps:
# 1. Configuration > Targets > Add your server IP
# 2. Scans > Tasks > Create new task
# 3. Select "Full and fast" scan config
# 4. Start the scanInterpreting Results
# Severity levels:
# Critical (9.0-10.0) — Fix immediately
# High (7.0-8.9) — Fix within 24-72 hours
# Medium (4.0-6.9) — Fix within 1 week
# Low (0.1-3.9) — Fix during next maintenance
# Log (0.0) — InformationalLightweight Alternative: Lynis
# If OpenVAS is too heavy, use Lynis instead
sudo apt install lynis
sudo lynis audit system
# Review results
cat /var/log/lynis-report.dat
# Automate weekly audits
echo "0 3 * * 0 lynis audit system --cronjob" | sudo tee -a /var/spool/cron/crontabs/rootBest Practices
- Scan weekly to catch new vulnerabilities quickly
- Scan after changes when deploying new software
- Prioritize by severity — Critical and high findings first
- Track remediation — Log findings and when they were fixed
- Avoid peak hours — Scans consume resources
- Update scan feeds regularly — New vulnerabilities are discovered daily