The Greenbone Community Edition consists of a framework with several services.
It is developed as part of the commercial Greenbone Enterprise product line.
The Greenbone Community Edition was originally built as a community project
named OpenVAS and is primarily developed and forwarded by Greenbone.
The architecture for the Greenbone Community Edition is grouped into three major parts:
Executable scanner applications that run vulnerability tests (VT) against
target systems
Greenbone Vulnerability Management Daemon (gvmd)
Greenbone Security Assistant (GSA) with the Greenbone Security Assistant
Daemon (gsad)
The following figure shows an overview of the architecture for the 22.4 release.
The Greenbone Community Edition is released under open-source licenses. By using
it, Linux distributions can create and provide the software components in the
form of installation packages.
The [Greenbone Vulnerability Management Daemon (gvmd)] – also called Greenbone Vulnerability
Manager is the central service that consolidates plain vulnerability scanning into
a full vulnerability management solution. gvmd controls the OpenVAS Scanner via Open
Scanner Protocol (OSP).
The service itself offers the XML-based, Greenbone Management Protocol (GMP).
gvmd also controls an SQL database (PostgreSQL) where all configuration and scan result data is
centrally stored. Furthermore, gvmd also handles user management including permissions
control with groups and roles. And finally, the service has an internal runtime
system for scheduled tasks and other events.
The Greenbone Security Assistant (GSA) is the web interface that a
user controls scans and accesses vulnerability information with. It is the main
contact point for a user. It connects to gvmd via the web server Greenbone
Security Assistant Daemon (gsad) to provide a full-featured web application for
vulnerability management. The communication occurs using the
Greenbone Management Protocol (GMP) with which the user can also
communicate directly by using different tools.
The scanner consists of the components ospd-openvas and openvas-scanner.
The OpenVAS Scanner is controlled via OSP. The OSP Daemon for the
OpenVAS Scanner (ospd-openvas) communicates with gvmd via OSP: VT data is
collected, scans are started and stopped, and scan results are transferred to
gvmd via ospd.
The Notus Scanner scans during every regular scan, so no user interaction is
necessary. It offers better performance due to less system resource
consumption and thus, faster scanning.
The Notus Scanner replaces the logic of potentially all NASL-based local
security checks (LSCs). A comparison of installed software on a host against a
list of known vulnerable software is done instead of running a VT script for
each LSC.
The regular OpenVAS Scanner loads each NASL LSC individually and executes it
one by one for every host. A single known vulnerability is then compared with
the installed software. This is repeated for all LSCs.
With the Notus Scanner, the list of installed software is loaded in the same
way, but is directly compared with all known vulnerable software for the
operating system of the scanned host. This eliminates the need to run the
LSCs because the information about the known vulnerable software is collected
in one single list and not distributed in individual NASL scripts.
This module is comprised of interactive and non-interactive clients.
The programming language Python is supported directly for interactive scripting.
But it is also possible to issue remote GMP/OSP commands without programming in
Python.
