How to make OpenVAS listen on an external interface?
Since we're on systemd, you actually need to modify 3 .service files:
cd /lib/systemd/system
Files are: greenbone-security-assistant.service, openvas-manager.service and openvas-scanner.service.
To make it quick you may want to use sed. This line will replace all 127.0.0.1 to 0.0.0.0 which will allow all services be avaliable on all interfaces. You should replace 0.0.0.0 to the address of your choice.
sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service
Verify, that all will be done as you want. If you're happy with the changes, just add -i to the end of previous command.
sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service -i
Lastly you need to reload daemons, since you've made changes to files and restart services.
systemctl daemon-reload
systemctl restart greenbone-security-assistant.service openvas-manager.service openvas-scanner.service
Verify, that all services are listening on desired host:
ss -nalt
If restarting sevices didn't work, try to restart server itself.
- openvas-stop
- gsad --listen=0.0.0.0
- openvas-start
- From any client machine try https://kali-ip/
- Enjoy accessing openvas web
There is much more simple solution. You can redirect external ip port to localhost using firewall. Assuming that Your's server external IP is 10.0.0.10:
sysctl -w net.ipv4.conf.eth0.route_localnet=1
iptables -t nat -A PREROUTING -p tcp -d 10.0.0.10 --dport 443 -j DNAT --to-destination 127.0.0.1:9392
That's all, now connect to https://10.0.0.10
I also tried to edit configuration IPs but there are in many places and seem to break OMP authorization. This solution was tested with latest Kali/OpenVAS (2016.09).