OpenVAS (Open Vulnerability Assessment System), now distributed as Greenbone Community Edition, is a powerful open-source vulnerability scanner that identifies known CVEs, misconfigurations, and weak credentials across your network. Running it as a containerized stack on RHEL 8 keeps the scanner isolated and easy to update without conflicting with system packages. This tutorial covers deploying Greenbone Community Edition with Docker Compose, launching scans, interpreting CVSS scores, and exporting reports. Routine vulnerability scanning is a critical practice for maintaining a secure RHEL 8 environment.
Prerequisites
- RHEL 8 server with at least 4 GB RAM and 20 GB free disk space
- Root or sudo access
- Docker and Docker Compose installed (
dnf install -y docker-ce docker-compose-pluginfrom the Docker CE repo) - Outbound internet access to pull container images and NVT feeds
- Firewalld configured to allow port 9392 from trusted management IPs
Step 1 — Install Docker and Enable the Service
Greenbone Community Edition is distributed as a multi-container application. First ensure Docker is installed and running on RHEL 8.
dnf install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable --now docker
docker --version
docker compose versionStep 2 — Deploy Greenbone Community Edition with Docker Compose
Download the official Greenbone Community Edition Docker Compose file and start the stack. Initial feed synchronisation downloads several gigabytes of NVT data.
mkdir -p /opt/greenbone && cd /opt/greenbone
curl -fsSL https://greenbone.github.io/openvas-docker/docker-compose.yml
-o docker-compose.yml
# Pull all images
docker compose pull
# Start the stack in detached mode
docker compose up -d
# Monitor feed sync (takes 15-30 minutes on first run)
docker compose logs -f gvmdWait until you see Updating NVT cache... done in the gvmd logs before proceeding.
Step 3 — Create the Admin User and Access the Web UI
Generate an admin password and open the Greenbone Security Assistant web interface on port 9392.
# Create admin user (outputs a generated password)
docker compose exec -u gvmd gvmd gvmd --create-user=admin --password=StrongP@ssw0rd!
# Allow port 9392 through firewalld (restrict source to admin IP in production)
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="9392" protocol="tcp" accept'
firewall-cmd --reloadNavigate to https://<server-ip>:9392 in a browser. Accept the self-signed certificate warning and log in with admin and the password set above.
Step 4 — Create a Scan Target and Task
In the Greenbone web UI, configure what to scan and which scan policy to apply.
# You can also create targets via the CLI inside the gvmd container
docker compose exec -u gvmd gvmd gvm-cli --gmp-username admin
--gmp-password StrongP@ssw0rd! socket
--xml "RHEL8-Server192.168.1.100"
# List available scan configs (policies)
docker compose exec -u gvmd gvmd gvm-cli --gmp-username admin
--gmp-password StrongP@ssw0rd! socket
--xml "" | grep -oP '(?<=)[^<]+'Via the UI: go to Configuration → Targets, click the star icon to add a new target, enter the host IP or CIDR range, then navigate to Scans → Tasks and create a new task selecting the Full and Fast scan policy for a balanced speed/coverage trade-off.
Step 5 — Run the Scan and Interpret CVSS Results
Start the task from the Tasks list by clicking the play button. CVSS scores (Common Vulnerability Scoring System) rate severity from 0 to 10:
- 0.1–3.9 — Low
- 4.0–6.9 — Medium
- 7.0–8.9 — High
- 9.0–10.0 — Critical
# Check scan progress from the command line
docker compose exec -u gvmd gvmd gvm-cli --gmp-username admin
--gmp-password StrongP@ssw0rd! socket
--xml "" | grep -oP '(?<=)[^<]+'
# View results summary once status is Done
docker compose exec -u gvmd gvmd gvm-cli --gmp-username admin
--gmp-password StrongP@ssw0rd! socket
--xml "" | grep -oP '(?<=)[^<]+' | sort -rn | head -20Step 6 — Export Reports and Schedule Recurring Scans
Export scan results as HTML or PDF for documentation and compliance audits, then configure a schedule for automated recurring scans.
# Export report as HTML (replace REPORT_ID with actual ID from web UI)
docker compose exec -u gvmd gvmd gvm-cli --gmp-username admin
--gmp-password StrongP@ssw0rd! socket
--xml ""
> /opt/greenbone/reports/scan-report.html
# Create a weekly schedule via the UI:
# Scans → Schedules → New Schedule
# Set: First Time, Period = 1 week, Duration = unlimited
# Update NVT feeds manually
docker compose exec openvas openvas --update-vt-infoConclusion
You have deployed Greenbone Community Edition on RHEL 8, run a vulnerability scan, and exported a structured report with CVSS-ranked findings. Regular automated scans combined with prompt remediation of high and critical findings significantly reduce your attack surface. Keep the NVT feeds updated weekly to ensure new CVEs are detected as soon as signatures are published.
Next steps: How to Configure DNSSEC on RHEL 8, How to Harden Web Servers with Security Headers on RHEL 8, and How to Set Up Tripwire for File Integrity Monitoring on RHEL 8.
