3 Setting up OPENVAS SECURITY INTELLIGENCE¶
3.1 Deploying OPENVAS SECURITY INTELLIGENCE¶
OPENVAS SECURITY INTELLIGENCE is delivered by Greenbone as a virtual machine containing the OPENVAS Operating System (OPENVAS OS) and a certificate which authorizes the users to deploy OPENVAS SECURITY INTELLIGENCE.
To use OPENVAS SECURITY INTELLIGENCE, users must first set up OPENVAS OS.
Note
If OPENVAS SECURITY INTELLIGENCE is installed on another operating system, it should be ensured that at least 15 million inodes are available on the partition used by the container orchestrator. This keeps the system running reliably over the long term.
For non-inode-based file systems, metadata storage must be available for approximately 4 million files.
OPENVAS SECURITY INTELLIGENCE is then installed as follows:
Access the shell of OPENVAS OS as the admin user.
Install OPENVAS SECURITY INTELLIGENCE by running the following command:
os-cli container-management install-product security-intelligence
Note
The address of the web interface must be specified explicitly.
Example: If the web interface should be reachable at
https://osi.example.net, the address must be set toosi.example.net.This setting must match the virtual machine’s network configuration. The command does not change the network configuration.
Set the address for the web interface by running the following command:
os-cli container-management configure-product security-intelligence --product-base-webaddress <WEB_INTERFACE_ADDRESS>
Note
To ensure consistent and correct handling of login sessions, the internal clocks of the OPENVAS SECURITY INTELLIGENCE instance and the system used to access it must be synchronized or at least nearly identical. For achieving this, it is recommended to activate NTP on both systems.
For OPENVAS SECURITY INTELLIGENCE, NTP can be activated by executing timedatectl set-ntp true in the OPENVAS OS CLI or by activating NTP on the respective host system.
3.2 Initially Signing in as the Super Admin¶
OPENVAS SECURITY INTELLIGENCE can initially be accessed as the super admin as follows:
Open the web browser.
Enter the IP address of OPENVAS SECURITY INTELLIGENCE.
Note
The IP address is that of the network interface configured in OPENVAS OS. It can be looked up in OPENVAS OS by running the command
os-cli network show-all-ethernets.More information can be found in the OPENVAS OS user manual.
Sign in using the user name
openvasand the initial passwordopenvas#user.When signing in for the first time, a new password must be set.
Note
The password must fulfill the following criteria:
At least 10 characters long
Different from the user name
Different from the e-mail address
Different from the last three passwords
Not a common word that could be found in an English or German dictionary
The user name cannot be changed.
Enter and repeat a new password.
Click Submit.
Fig. 3.1 Signing in to OPENVAS SECURITY INTELLIGENCE as the super admin for the first time¶
→ The super admin can now create additional users for OPENVAS SECURITY INTELLIGENCE.
Note
After signing in initially, the meta feed must be updated manually once, so that the relevant data is loaded into OPENVAS SECURITY INTELLIGENCE.
Select Data Management > Feed in the menu.
Click Update Feed.
→ The feed update is running. It may take up to three to four hours to complete.