OpenVAS, now distributed as Greenbone Community Edition (GCE), is one of the most comprehensive open-source vulnerability scanners available, capable of identifying thousands of known CVEs across network services, web applications, and operating system configurations. Installing it natively on RHEL 9 requires complex dependency management, so the recommended approach is to deploy it via Docker Compose, which bundles all required Greenbone services cleanly. This tutorial walks through deploying Greenbone Community Edition, updating its NVT feed, running an authenticated vulnerability scan, and exporting a report. Regular vulnerability scanning is an essential component of a defence-in-depth security strategy.
Prerequisites
- RHEL 9 server with root or sudo access
- Docker and Docker Compose installed (
dnf install -y docker docker-compose-plugin) - At least 8 GB RAM and 20 GB free disk space for feed data
- Outbound internet access to download NVT feeds
Step 1 — Install Docker and Docker Compose
Enable the Docker CE repository and install Docker along with the Compose plugin. Then enable and start the Docker service.
dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable --now dockerVerify the installation:
docker --version
docker compose versionStep 2 — Create the Greenbone Docker Compose Configuration
Create a directory for Greenbone and write the official docker-compose.yml file. This configuration sets up all required Greenbone services including the vulnerability manager (gvmd), the scanner (openvas), the notus service for local checks, the feed sync containers, and the web interface (gsad).
mkdir -p /opt/greenbone && cd /opt/greenbonecat > docker-compose.yml << 'EOF'
services:
vulnerability-tests:
image: greenbone/vulnerability-tests
environment:
STORAGE_PATH: /var/lib/openvas/22.04/vt-data/nasl
volumes:
- vt_data_vol:/mnt
notus-data:
image: greenbone/notus-data
volumes:
- notus_data_vol:/mnt
scap-data:
image: greenbone/scap-data
volumes:
- scap_data_vol:/mnt
cert-bund-data:
image: greenbone/cert-bund-data
volumes:
- cert_bund_data_vol:/mnt
dfn-cert-data:
image: greenbone/dfn-cert-data
volumes:
- dfn_cert_data_vol:/mnt
depends_on:
- cert-bund-data
data-objects:
image: greenbone/data-objects
volumes:
- data_objects_vol:/mnt
report-formats:
image: greenbone/report-formats
volumes:
- data_objects_vol:/mnt
depends_on:
- data-objects
gpg-data:
image: greenbone/gpg-data
volumes:
- gpg_data_vol:/mnt
redis-server:
image: greenbone/redis-server
restart: on-failure
volumes:
- redis_socket_vol:/run/redis/
pg-gvm:
image: greenbone/pg-gvm:stable
restart: on-failure
volumes:
- psql_data_vol:/var/lib/postgresql
- psql_socket_vol:/var/run/postgresql
gvmd:
image: greenbone/gvmd:stable
restart: on-failure
volumes:
- gvmd_data_vol:/var/lib/gvm
- scap_data_vol:/var/lib/gvm/scap-data/
- cert_bund_data_vol:/var/lib/gvm/cert-data
- data_objects_vol:/var/lib/gvm/data-objects/gvmd
- vt_data_vol:/var/lib/openvas/plugins
- psql_data_vol:/var/lib/postgresql
- gvmd_socket_vol:/run/gvmd
- ospd_openvas_socket_vol:/run/ospd
- notus_data_vol:/var/lib/notus
- psql_socket_vol:/var/run/postgresql
depends_on:
pg-gvm:
condition: service_started
ospd-openvas:
image: greenbone/ospd-openvas:stable
restart: on-failure
init: true
cap_add:
- NET_ADMIN
- NET_RAW
security_opt:
- seccomp=unconfined
- apparmor=unconfined
volumes:
- gpg_data_vol:/etc/openvas/gnupg
- vt_data_vol:/var/lib/openvas/plugins
- notus_data_vol:/var/lib/notus
- ospd_openvas_socket_vol:/run/ospd
- redis_socket_vol:/run/redis/
depends_on:
redis-server:
condition: service_started
notus-scanner:
image: greenbone/notus-scanner:stable
restart: on-failure
volumes:
- notus_data_vol:/var/lib/notus
- gpg_data_vol:/etc/openvas/gnupg
depends_on:
redis-server:
condition: service_started
gvm-tools:
image: greenbone/gvm-tools
volumes:
- gvmd_socket_vol:/run/gvmd
- ospd_openvas_socket_vol:/run/ospd
depends_on:
- gvmd
- ospd-openvas
gsad:
image: greenbone/gsad:stable
restart: on-failure
ports:
- 9392:80
volumes:
- gvmd_socket_vol:/run/gvmd
depends_on:
- gvmd
volumes:
gpg_data_vol:
scap_data_vol:
cert_bund_data_vol:
dfn_cert_data_vol:
data_objects_vol:
gvmd_data_vol:
psql_data_vol:
vt_data_vol:
notus_data_vol:
ospd_openvas_socket_vol:
redis_socket_vol:
psql_socket_vol:
gvmd_socket_vol:
EOFStep 3 — Start Greenbone and Sync the NVT Feed
Pull the images and start all services. The first run also downloads the NVT (Network Vulnerability Tests) feed data. This process can take 15–30 minutes depending on your internet connection and server speed. The feed contains over 50,000 vulnerability check scripts.
cd /opt/greenbone
docker compose up -d
# Watch feed sync progress
docker compose logs -f vulnerability-tests notus-data scap-dataWait until the feed containers exit (status Exited (0)), then check that gvmd is healthy:
docker compose ps
docker compose exec gvmd gvm-cli --gmp-username admin
--gmp-password admin socket --xml ""Step 4 — Access the Web UI and Create an Admin User
Retrieve the auto-generated admin password and open the Greenbone Security Assistant (GSA) web interface. Open your browser to http://<server-ip>:9392 to access the dashboard.
# Retrieve the generated admin password
docker compose logs gsad 2>&1 | grep -i password
# Or create/reset the admin user manually
docker compose exec gvmd gvmd --user=admin --new-password='YourSecurePassword123!'Log in with username admin and the password retrieved above. If accessing from a remote machine, open port 9392 in the firewall:
firewall-cmd --permanent --add-port=9392/tcp
firewall-cmd --reloadStep 5 — Create a Scan Target and Run a Vulnerability Scan
In the GSA web interface, navigate to Configuration → Targets and create a new target by entering the IP address or hostname of the system you want to scan. Then go to Scans → Tasks and create a new task, selecting your target and the Full and Fast scan config for a thorough scan. Click the play button to start the scan. You can monitor progress in real time on the Tasks page. For command-line scanning using gvm-cli:
# List available scan configs
docker compose exec gvm-tools gvm-cli --gmp-username admin
--gmp-password 'YourSecurePassword123!' socket
--xml ""
# Check scan task status
docker compose exec gvm-tools gvm-cli --gmp-username admin
--gmp-password 'YourSecurePassword123!' socket
--xml ""Step 6 — Review Results and Export a PDF Report
Once the scan completes, navigate to Scans → Reports in the web UI. Click the report to view detailed findings. Each finding includes a CVSS score (0–10), severity rating (Low/Medium/High/Critical), CVE identifiers, affected host, and remediation guidance. To export a PDF report from the command line using the report ID:
# List reports to get the report ID
docker compose exec gvm-tools gvm-cli --gmp-username admin
--gmp-password 'YourSecurePassword123!' socket
--xml ""
# Export PDF report (replace REPORT_ID with actual UUID)
docker compose exec gvm-tools gvm-cli --gmp-username admin
--gmp-password 'YourSecurePassword123!' socket
--xml ""
> /opt/greenbone/scan-report.pdfFocus remediation efforts on Critical and High severity findings first, prioritising those with publicly available exploits (marked with an exploit status in the report).
Conclusion
You have successfully deployed Greenbone Community Edition via Docker Compose on RHEL 9, synced the NVT vulnerability feed, run a vulnerability scan, and exported findings with CVSS severity scores. Regular scheduled scanning — weekly for internet-facing systems and monthly for internal hosts — is recommended to maintain visibility into your attack surface. Integrate scan reports into your patch management workflow to ensure timely remediation.
Next steps: How to Schedule Automated Vulnerability Scans with Greenbone on RHEL 9, How to Integrate OpenVAS Scan Results with SIEM Tools on RHEL 9, and How to Harden Web Servers with Security Headers, CSP, and HSTS on RHEL 9.
