Thursday, 13 March 2014

How to setup OpenVAS on Ubuntu Server LTS 12.0.4

I had some trouble setting up OpenVAS on Ubuntu 12.0.4, so I thought I would record the steps required in order to help anyone else that has the same issues. The steps are an amlagmation of the steps found in these sites hackertarget.com, alienvault.com and kaarposoft.dk.

Installation Steps

I installed to a VM running under VirtualBox. So first step is to install Ubuntu Server LTS 12.0.4 into a virtual machine. I took all the defaults, except to opt to install SSHD server. Once installed, perform an update as root

apt-get update; apt-get upgrade;

For some packaging reason libmicrohttpd needs special treatment, so run the following to download and install.

wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/xUbuntu_12.10/amd64/libmicrohttpd10_0.9.26-1_amd64.deb
dpkg -i libmicrohttpd10_0.9.26-1_amd64.deb

Next add the OpenVAS repository and refresh apt-get

apt-get -y install python-software-properties
add-apt-repository "deb http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v5/xUbuntu_12.04/ ./" 
apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys BED1E87979EAFD54
apt-get update;

Next install some required packages

apt-get -y install libgpgme11 libpth20 sqlite3 xsltproc nmap

Next install OpenVAS

apt-get -y install greenbone-security-assistant openvas-cli openvas-manager openvas-scanner openvas-administrator sqlite3 rsync

To install support packages for report generation (downloads around 30 MB of additional packages):

apt-get -y install texlive-latex-base texlive-latex-extra texlive-latex-recommended htmldoc

With that all gone, you need to edit the following files to set the IP address. Search for 127.0.0.1 and change to your machines IP address.

vi /etc/default/greenbone-security-assistant 
vi /etc/default/openvas-manager 
vi /etc/default/openvas-administrator 
vi /etc/default/openvas-scanner

Finally run this script from the OpenVAS website

test -e /var/lib/openvas/CA/cacert.pem  || sudo openvas-mkcert -q
openvas-nvt-sync
openvas-scapdata-sync
test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i
/etc/init.d/openvas-manager stop
/etc/init.d/openvas-scanner stop
openvassd
openvasmd --migrate
openvasmd --rebuild
killall openvassd
sleep 15
/etc/init.d/openvas-scanner start
/etc/init.d/openvas-manager start
/etc/init.d/openvas-administrator restart
/etc/init.d/greenbone-security-assistant restart
test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin

There seems to be a problem running over ssl, so you have to turn that off. Yes not ideal, but better than a non working scanner. Change the line in /etc/init.d/greenbone-security-assistant from:

start_daemon() {
        start-stop-daemon --start --exec $DAEMON -- $DAEMONOPTS 2>&1 >/dev/null

to:

start_daemon() {
        start-stop-daemon --start --exec $DAEMON -- $DAEMONOPTS --http-only 2>&1 >/dev/null

Finally you should be able to connect via http://IP_ADDRESS:9392/.

Zero Results

After finally getting this to work, I was quite happy until I went to scan something. The results would come back in 20 seconds, with no records. It turns out, that by default OpenVAS ignores any host that it can't ping. To fix this, in the admin app Under Configuration -> Scan Configs find Ping Host and set Mark unrechable Hosts as dead (not scanning) to no and Report about unrechable Hosts to yes. Run the scan again, and it should work fine.

Run After Reboot

I discovered that the above steps work, but will not auto start the service after reboot. In the end I used the following to resolve. The first removes any old init.d settings, then the second creates new symlinks with dependencies.

update-rc.d -f openvas-scanner remove
update-rc.d -f openvas-manager remove
update-rc.d -f openvas-administrator remove
update-rc.d -f greenbone-security-assistant remove

 update-rc.d openvas-scanner start 20 2 3 4 5 . stop 80 0 1 6 .
update-rc.d openvas-manager start 21 2 3 4 5 . stop 79 0 1 6 .
update-rc.d openvas-administrator start 22 2 3 4 5 . stop 78 0 1 6 .
update-rc.d greenbone-security-assistant start 23 2 3 4 5 . stop 77 0 1 6 .

Posted by at No comments:

Sunday, 23 February 2014

How to setup The Bug Genie (thebuggenie) on Ubuntu using virtualbox virtual machine

I have had a very hard time setting up thebuggenie on windows. In the end I had to set the software to run on a virtual machine. This is a real shame as the software is first class, but the installation doesn't seem to be well documented. So I thought I would write this post to help share the steps that I took. These steps should work to install the software directly onto Ubuntu, or to install it onto a virtual machine running Ubuntu on any host.

Virtualbox

Download virtualbox from here, and install

Virtual Machine

To create the virtual machine, start Virtualbox, and then
  1. Create a new virtual machine
  2. Use name Ubuntu, type Linux, Version Ubuntu 64
  3. Update memory to 1024mb
  4. Choose Create a virtual hard drive
    1. Type VDI 
    2. Dynamically allocated
    3. Give name ubuntu and leave size at 8gb
  5. Now you have created it, we need to update the network settings to other computers on the network can see it. To do this, choose Settings, Network, and change Attached to from NAT to Bridged Adapter
  6. Next we need to point the CD rom at the ubuntu iso
    1. Download Ubuntu 12.04 LTS from here
    2. Choose Settings, Storage, then on the left choose Controller IDE, Empty. On the right choose the disk icon to the right of IDE Secondary Master, and "choose a virtual CD/DVD disk file...". In the popup, choose the iso file you previously downloaded
  7. Start the virtual machine
  8. Go through the installation procedure for Ubuntu, taking all the defaults
  9. At the point of sofware setup, choose to install OpenSSH server
  10. When the virtual machine finally boots, login using the credentials you configured during setup
  11. To update all the software, enter sudo apt-get update, then sudo apt-get upgrade
  12. Type ifconfig, to see the ip address that has been allocated
  13. The Virtualbox terminal isn't very nice - can't scroll back and has no history. So from the host machine, use either SSH if running Linux/Mac or putty if running Windows, and connect to the machine. This will give you a nicer shell to enter the commands into

Software

You need to install several pieces of software, to enter the command sudo -s to become root - this just speeds up installation. Once finished with the installation, exit the root session with the command exit.

Install Apache

To install apache, enter the following command and accept the prompt

apt-get install apache2

Once installed test from your host by opening a browser and navigating to http://your.ip.address/. You should see a page that says "It works!".

To enable .htaccess files to override settings, you need to edit the file /etc/apache2/sites-available/default and add the following just below the entry for /var/www

  <Directory /var/www/thebuggenie>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
  </Directory>

PHP

To install php, enter the following command

apt-get install php5 libapache2-mod-php5 php5-mysql php5-gd

 To test, we need to create a simple php page. So enter the following command
  • vi /var/www/test.php
  • Paste in the following and save
<?php phpinfo(); ?>
  • From the host, navigate to http://your.ip.address/test.php. You should see details of the php installation
  • Next you have to enable MySql integration, so enter the following commands
cd /etc/php5/apache2
vi php.ini

Then add the following lines to the file

extension=mysql.so

Restart apache

service apache2 restart

MySql

To install MySql, enter the following command

apt-get install mysql-server

Now you need to setup a user and a database. To do this, enter the following commands
  • Connect to mysql with mysql -u root -p
  • Create the database with CREATE DATABASE thebuggenie;
  • Create the user with CREATE USER thebuggenie@localhost IDENTIFIED BY 'password';
  • Grant privileges with GRANT ALL ON thebuggenie.* TO thebuggenie;
  • Flush privileges with FLUSH PRIVILEGES;
  • Logout from root - quit
  • Then test you can connect using mysql -u thebuggenie -p, and then enter the password. If you can connect successfully, then quit and continue

The Bug Genie

To install thebuggenie, follow these steps

  • Download the bug genie from here. I downloaded v3.2.6
  • unzip to a temporary directory using the command unzip thebuggenie_3.2.6.zip thebuggenie
  • Move the directory to where apache can serve it mv thebuggenie /var/www
  • Next we have to fix some directory permission using the following commands
chmod a+w /var/www/thebuggenie/
chmod a+w -R /var/www/thebuggenie/core/cache
chmod a+w /var/www/thebuggenie/thebuggenie/
touch /var/www/thebuggenie/core/b2db_bootstrap.inc.php
chmod a+w /var/www/thebuggenie/core/b2db_bootstrap.inc.php

  • the bug genie uses url rewriting to make the urls look nice. To make apache allow this, you need to use the following command to enable mod_rewrite, and restart apache

a2enmod rewrite
service apache2 restart

Now you should be able to navigate to http://your.ip.address/thebuggenie/thebuggenie/ and complete the setup.

Incoming Email

In order to allow for thebuggenie to poll for incoming email, you need to install imap support in php. To do this, execute the following commands

cd /etc/php5/apache2
vi php.ini

Then add the following lines to the file

extension=imap.so

Then install the software, and finally restart apache

apt-get install php5-imap
service apache2 restart

Hopefully that little lot will help someone else.
Posted by at No comments:
Subscribe to: Posts (Atom)