How to Compile OpenVAS on OpenBSD

OpenBSD notebook at the National Archives in Washington DC

How to Build OpenVAS on OpenBSD

The Open Vulnerability Assessment System (OpenVAS) security tool is great! It's a free fork of the Nessus project. It is a network security scanner with a graphical front end, and it applies many thousands of vulnerability tests to machines across a network.

The only problem, as often happens with OpenBSD, is that its developers didn't include what's needed to get it to compile there without a little help. But it isn't hard, just a little tedious.

Step 1:

Get a copy of the OpenBSD port of OpenVAS. I found it through some Google searching. For OpenVAS 2.0, I found it at both neohapsis.com and nabble.com. You definitely need this, there's no need to go beyond this step until you have the OpenBSD port.

Step 2:

Add the GNU libgcrypt shared library. Download it from ftp.gnupg.org. Downloading and installing it would be something like this: 

$ cd /tmp
$ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.4.tar.gz
$ gtar xvf libgcrypt-1.4.4.tar.gz
$ cd libgcrypt-1.4.4
$ ./configure
$ make
$ su root -c 'make install'

Step 3:

Install the OpenBSD ports tree if you haven't already: 

$ cd /tmp
$ wget ftp://ftp.openbsd.org/pub/OpenBSD/`uname -r`/ports.tar.gz
$ su
Password:
# cd /usr
# gtar xvf /tmp/ports.tar.gz

Step 4:

Add the OpenVAS port at the correct place in the ports tree: 

# cd /usr/ports/security
# gtar xvf /tmp/openvas2.0.tgz

Step 5:

Add a symbolic link for a shared library that one of the makefiles won't otherwise find: 

# cd /usr/lib
# ln -s /usr/local/lib/libgcrypt.so.16.2

Step 6:

Build and install OpenVAS. Note that you may have to first fix the below issues with /usr/local/lib links and Makefile definitions: 

# cd /usr/ports/security/openvas
# make package
# make install

I found this archived e-mail very useful.

I encountered a lot of errors in two categories. First, an error that a library could not be found:
library gthread-2.0.2600.0 not found
The package was installed, the library was there, but it was in /usr/local/lib instead of /usr/lib. The fix would be something like the below. I don't think the second ln is needed, I think it will find the library with the appended version string: 

# pushd /usr/lib
# ln -s /usr/local/lib/libgthread-2.0.so.2600.0
# ln -s /usr/local/lib/libgthread-2.0.so.2600.0 libgthread-2.0.so
# popd

The second type of error was caused by "old style" Makefile dependency definitions. My workaround was crude, but I simply removed everything up to and including the "::" in each case. For example, change this: 

LIB_DEPENDS =      openvas,openvas_hg::security/openvas/libraries \
                   gnutls::security/gnutls \
                   gpgme::security/gpgme

into this: 

LIB_DEPENDS =   security/openvas/libraries \
                security/gnutls \
		security/gpgme

Other OpenBSD Compilation Projects

Other Unix, Linux and Open Source Topics

Click here to inquire about advertising on this or any page on this site.
Home Unix/Linux Networking Cybersecurity Travel Technical Radio Site Map Contact


Use /bin/vi! Manipulate images with ImageMagick! Hosted on OpenBSD
Hosted on Apache This site is viewable with any browser Valid XHTML 1.0! Valid CSS!
© Bob Cromwell May 2012. Created with /bin/vi and ImageMagick, hosted on OpenBSD with Apache.    Root password available here, privacy policy here.