Pular para o conteúdo principal

Openvas no Centos 7





OpenVAS known as Open Vulnerability Assessment System is the open source vulnerability suite to run the test against servers for known vulnerabilities using the database (Network Vulnerability Tests), OpenVAS is a free software, its components are licensed under GNU General Public License (GNU GPL). Here is the small guide to setup the OpenVAS on CentOS 7 / RHEL 7.

Setup Repository:

Issue the following command in the terminal to install atomic repo.
# wget -q -O - http://www.atomicorp.com/installers/atomic |sh
Accept the license Agreement.
Atomic Free Unsupported Archive installer, version 2.0.12BY INSTALLING THIS SOFTWARE AND BY USING ANY AND ALL SOFTWARE
PROVIDED BY ATOMICORP LIMITED YOU ACKNOWLEDGE AND AGREE:THIS SOFTWARE AND ALL SOFTWARE PROVIDED IN THIS REPOSITORY IS
PROVIDED BY ATOMICORP LIMITED AS IS, IS UNSUPPORTED AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ATOMICORP LIMITED, THE
COPYRIGHT OWNER OR ANY CONTRIBUTOR TO ANY AND ALL SOFTWARE PROVIDED
BY OR PUBLISHED IN THIS REPOSITORY BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.====================================================================
THIS SOFTWARE IS UNSUPPORTED.  IF YOU REQUIRE SUPPORTED SOFWARE
PLEASE SEE THE URL BELOW TO PURCHASE A NUCLEUS LICENSE AND DO NOT
PROCEED WITH INSTALLING THIS PACKAGE.
====================================================================For supported software packages please purchase a Nucleus license:
https://www.atomicorp.com/products/nucleus.html
All atomic repository rpms are UNSUPPORTED.
Do you agree to these terms? (yes/no) [Default: yes] yesConfiguring the [atomic] yum archive for this systemInstalling the Atomic GPG key: OK
Downloading atomic-release-1.0-19.el7.art.noarch.rpm: OKThe Atomic Rocket Turtle archive has now been installed and configured for your system
The following channels are available:
atomic          - [ACTIVATED] - contains the stable tree of ART packages
atomic-testing  - [DISABLED]  - contains the testing tree of ART packages
atomic-bleeding - [DISABLED]  - contains the development tree of ART packages

System Repo (Only for RHEL):

OpenVAS installation requires additional packages to be downloaded from internet, if your system does not have Redhat subscription you need to setup the CentOS repository.
# vi /etc/yum.repos.d/centos.repo
Add the following lines.
[CentOS]
name=centos
baseurl=http://mirror.centos.org/centos/7/os/x86_64/
enabled=1
gpgcheck=0
PS: CentOS machines do not requires the above repo setup, system automatically creates it during the installation.

Install & Setup OpenVAS:

Issue the following command to install OpenVAS.
# yum -y install openvas
Once the installation is completed, start the OpenVAS setup.
# openvas-setup
Setup will start to download the latest database from internet, Upon completion, setup would ask you to configure listening ip address.
Step 2: Configure GSAD
The Greenbone Security Assistant is a Web Based front end
for managing scans. By default it is configured to only allow
connections from localhost.
Allow connections from any IP? [Default: yes]
Restarting gsad (via systemctl):                           [  OK  ]
Configure admin user.
Step 3: Choose the GSAD admin users password.
The admin user is used to configure accounts,
Update NVT's manually, and manage roles.
Enter administrator username [Default: admin] : admin
Enter Administrator Password:
Verify Administrator Password:
Once completed, you would see the following message.
Setup complete, you can now access GSAD at:
https://youripaddress:9392
Disable Iptables.
# systemctl stop iptables.service
Create Certificate for OpenVAS manager.
# openvas-mkcert-client -n om -i
You do not require to enter any information, it will automatically creates for you.
Generating RSA private key, 1024 bit long modulus
…………………..++++++
………………………..++++++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [DE]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server’s hostname) []:Email Address []:Using configuration from /tmp/openvas-mkcert-client.2827/stdC.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName           :PRINTABLE:’DE’
localityName          :PRINTABLE:’Berlin’
commonName            :PRINTABLE:’om’
Certificate is to be certified until Aug  5 19:43:32 2015 GMT (365 days)Write out database with 1 new entries
Data Base Updated
Your client certificates are in /tmp/openvas-mkcert-client.2827 .You will have to copy them by hand.
Now Rebuild the OpenVAS database (If required)
# openvasmd --rebuild
Once Completed, Start the OpenVAS manager.
# openvasmd
Open your browser and point to https://your-ip-address:9392. Login as admin using the password created by you.

CentOS 7 - OpenVAS Login
CentOS 7 – OpenVAS Login
You can start the quick scan by entering ip address in the quick scan field.

CentOS 7 - Scan Machine
CentOS 7 – Scan Machine
After that you would the see immediate task like below. currently 98% scanning is completed

CentOS 7 - Scanning Status
CentOS 7 – Scanning Status
Click on the task to view the details of the scan, details will be like below. Once the scan is completed, click on “Date” to see the report.

CentOS 7 - VA Scanning Completed
CentOS 7 – VA Scanning Completed
In report page you have option to download the report in multiple format like pdf, html,xml, etc,.. or you can click on the each Vulnerability to see the full information.

CentOS 7 - OpenVAS Report Page
CentOS 7 – OpenVAS Report Page
Actual report will look like below.

CentOS 7 - OpenVAS Report



CentOS 7 – OpenVAS Report

At this point, OpenVas is setup and configured. However, you will not be able to log into the web interface yet As of CentOS 7, iptables was replaced with firewalld (which I do not like). So, we’re going to disable firewalld. If you want to install iptables in it’s place, click here to see my guide on removing firewalld and installing iptables on CentOS 7. For now, we’re just going to disable firewalld.
systemctl mask firewalld

systemctl stop firewalld
Now you will be able to login to the web interface of OpenVAS by navigating to https://:9392 But, you will not be able to run any scans. If you try, it will error out and you’ll get this error on your report.
WARNING: Cannot connect to KB at '/tmp/redis.sock': Connection refused'
Screen Shot 2015-05-21 at 11.31.33 AM
To resolve this, we need to make a couple changes to redis and disable SELinux.
echo "unixsocket /tmp/redis.sock" >> /etc/redis.conf

sed -i 's/enforcing/disabled/g' /etc/selinux/config /etc/selinux/config

systemctl enable redis.service

shutdown -r now
After the reboot is complete, wait about 5 minutes for OpenVAS to load up. It can take a few minutes. Then, you’re ready to log into the web interface and run your first scan! Navigate to https://:9392 and login with username admin and the password you specified earlier.

Comentários

Postar um comentário

Postagens mais visitadas deste blog

Upgrading Iomega ix2-200 to Cloud Edition

You just got your ix2-200 from eBay and there are no disks inside the NAS. Or you have a brand new ix2-200 -yet you could not afford Cloud Edition. No problem. With just a USB stick and a SATA adapter or desktop PC, you will easily upgrade your ix2-200 to ix2-200 Cloud Edition. Not only your ix2-200 will have a brand new interface and Cloud options, but also will become Mac OS X Lion compatible! What do we need? Decrypted! ix2-200 Cloud Edition Firmware 3.1.12.47838 S endSpace or RapidShare * USB Flash Drive with at least 2 GB capacity and LED indicator** SATA to USB adapter or desktop PC Toothpick or paperclip Preparing Hard Drives Preparing hard drives is the first step because you have to wipe all the data inside the hard drives and make them just like brand new. We used 2 x Seagate 2 TB 5900 RPM Drives. Backup any files if you have and then remove both disks from ix2-200 and attach them to SATA to USB adapter or your desktop PC's SATA port. Using
Postar um comentário
Leia mais

Cuckoo com Vmware Esxi

Cuckoo is an open-source malware analysis platform using sandboxing technology. The tool allows people like us to analyze malicious binaries in an isolated environment. Since Cuckoo is commonly used with Oracle VirtualBox as its virtualization platform, a majority of online documentation is focused on configuration using VirtualBox. PlantainStan and I decided to test running Cuckoo on ESXi and document our success. This guide will help with the basic configuration of ensuring Cuckoo properly interacts with ESXi. We will continue to update this post as we make continue to make an even more baller Cuckoo environment! Note: In order to successfully interact with vSphere's API, you will need the VMWare ESX Standard license. API functionality is required for Cuckoo to work with ESX. Configure ESX Since this guide is not a "how to" on installing ESXi, we will assume that you have successfully installed the hypervisor on your system. There
Postar um comentário
Leia mais

CentOS7 with Snort Barnyard2 Snorby PulledPork SElinux

This post is about how to install Snort "stack" on CentOS7 with potentially all the latest libs an stuff. Here I will install and configure everything to run Snort as IDS. I will write another post shortly how to run it as IPS - INLINE. System details: [ root@nfsec-ids-01 ~ ] # cat /etc/redhat-release CentOS Linux release 7.3.1611 ( Core ) [ root@nfsec-ids-01 ~ ] # uname -a Linux nfsec-ids-01.nfsec.co.uk 3.10.0-514.2.2.el7.x86_64 #1 SMP Tue Dec 6 23:06:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Snort 2.9.9.0 Installation of snort is very basic: yum install https://www.snort.org/downloads/snort/daq-2.0.6-1.centos7.x86_64.rpm yum install https://www.snort.org/downloads/snort/snort-2.9.9.0-1.centos7.x86_64.rpm Register at Snort and download registered rule set: mkdir /usr/local/src/snortrules cd /usr/local/src/snortrules wget https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz?oinkcode = < oinkcode > tar -zxvf snort
Postar um comentário
Leia mais