INSTALLATION INSTRUCTIONS FOR OPENVAS-SCANNER
=============================================

Please note: The reference system used by most of the developers is Debian
GNU/Linux 'Lenny' 5.0.  The build might fail on any other systems.  Also
it is necessary to install dependent development packages.

Compiling openvas-scanner
-------------------------

Prerequisites:
* cmake
* glib-2.0
* gnutls
* openvas-libraries (4.0.0 or later)
* pkg-config

Prerequisites for building documentation:
* Doxygen
* xmltoman (optional, for building man page)
* sqlfairy (optional, for producing database diagram)

If you have installed required libraries to a non-standard location, remember to
set the PKG_CONFIG_PATH environment variable to the location of you pkg-config
files before configuring:

    $ export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/your/location/lib/pkgconfig

Then configure the build with

    $ cmake -DCMAKE_INSTALL_PREFIX=/path/to/your/installation .

or (if you want to use the default installation path /usr/local)

    $ cmake .

This only needs to be done once.  Note: It is assumed that the other
OpenVAS components are installed to the same path.  If not, you need to set
some paths separately, see below for details.

Thereafter, the following commands are useful.

    $ make                # build the scanner
    $ make doc            # build the documentation
    $ make doc-full       # build more developer-oriented documentation
    $ make install        # install the build
    $ make rebuild_cache  # rebuild the make system cache


$ make install

Please note that you may have to execute this command as root, especially if you
have specified a prefix for which your user does not have full permissions.


Setting up openvas-scanner
--------------------------

Setting up an openvas-scanner requires the following steps:

1) The scanner service communicate through an SSL connection.
   In order to establish this connection, the scanner needs to have
   an SSL certificate it can present to the client to prove its identity. You
   can interactively create this certificate by using the following command:

   $ openvas-mkcert

   This command will guide you through the certificate creation and place the
   certificates in the correct locations on your system.

2) In order to run vulnerability scans, you will need a collection of Network
   Vulnerability Tests (NVTs) that can be run by openvas-scanner. Initially,
   your NVT collection will be empty. It is recommended that you synchronize
   with an NVT feed service before starting openvas-scanner for the first time.

   Your installation is preconfigured to synchronize with the OpenVAS NVT Feed.
   Simply execute the following command to receive thousands of NVTs from this
   feed service:

   $ openvas-nvt-sync

   Please note that you will need at least one of the following tools for a
   successful synchronization:
   * rsync
   * wget
   * curl

   NVT feeds are usually updated a few times per week. Be sure to update your
   NVT collection regularly to detect the latest threats.
   Please visit the OpenVAS website for more information on available NVT feeds
   and instructions for integrating feeds into your scanner installation.

3) You can launch openvas-scanner using the following command:

   $ openvassd

   Be aware that the first launch of openvas-scanner after the initial feed
   synchronization or after large feed updates will take longer than usual since
   the internal scanner cache has to be updated. Subsequent launches will be
   much quicker.

   Please note that although you can start openvassd as a user without elevated
   privileges, it is recommended that you start openvassd as root since a number
   of Network Vulnerability Tests (NVTs) require root privileges to perform
   certain operations like packet forgery. If you run openvassd as a user
   without permission to perform these operations, your scan results are very
   likely to be incomplete.

4) Once the scanner has started, openvas-manager can act as a client and control
   the scanner. The actual user interfaces (for example GSA, GSD or CLI-OMP)
   will only interact with the manager, not the scanner.

   It is still possible to use the latest version of the old OpenVAS-Client as
   direct client application for the scanner but this will circumvent the whole
   vulnerability management storage and processes.

5) [conditional]: If you do plan to use OpenVAS-Client as direct client and do
   not plan to use OpenVAS Manager, then you need to create at least one user
   for the openvas-scanner to be able to login. This can be done via the command:

   $ openvas-adduser

   The command will guide you through the user creation and allow you to specify
   a name and authentication method for the user and to define rules restricting
   the usage of the scanner by this user.

   If you plan to use the OpenVAS Manager, you will be guided through
   creation of user accounts by the INSTALL file of OpenVAS Manager.


If you encounter problems, the files /var/log/openvas/openvassd.messages and
/var/log/openvas/openvassd.dump may contain useful information. (The exact
location of these files may differ depending on your distribution and
installation method.) Please have these files ready when contacting the OpenVAS
developers through the OpenVAS mailing list or the online chat or submitting bug
reports at http://bugs.openvas.org/ as they may help to pinpoint the source of
your issue.
