Friday 29 August 2014

The easy way to get OpenVAS-7 scanner with WMI and nmap support

Last updated: 2015-02-27
Components:
  • openvas-libraries-7.0.7
  • openvas-scanner-4.0.5
  • openvas-manager-5.0.8
  • greenbone-security-assistant-5.0.5
  • openvas-cli-1.3.1

    1. Install Debian 7.8.0
    2. Download and run installation script (as root).
    # wget http://avleonov.com/openvas_install.sh
    # chmod +x openvas_install.sh
    # ./openvas_install.sh
    This script will install all needed software packages from Debian repository (~750 Mb), download  OpenVAS and nmap 5.51 sources, build and install OpenVAS and nmap from sources.
    3. Restart OpenVAS. Script will update knowledge base and start OpenVAS.
    # ./openvas_restart.sh
    Known issues:

    • openvas_restart.sh script sometimes freezes on "Data Base Updated". Ctrl + C and run openvas_restart.sh again.
    • openvas-check-setup may find an error "The number in the OpenVAS Manager database is too low". Run openvas_restart.sh again.
    • openvas-check-setup may find an error "openvasmd/openvassd in Not running". Try to wait 5 minutes and check with ./openvas/openvas-check-setup. If it is not working run openvas_restart.sh again.

    4. Add new user
    # ./openvas_add_user.sh
    5. Connect to the scanner host with web-browser
    https://<host_ip>:443
    Read more »
    Posted by at 1 comment:
    Labels: , , ,

    Saturday 24 May 2014

    Remote vulnerability scanning with jOVALdi Community Edition

    jOVAL is an open-source Java OVAL interpreter. The first open-source OVAL interpreter that could perform remote scanning without installation of any agent on a host. 
    However, it seems that jOVAL Team, whose contribution in OVAL development sure enough is huge, does not very interested in development of open-source product anymore.
    Nowadays only default plugin is available for open-source version on jOVAL engine. All binary packages since 5.10.1.2b are not publically available. The only way to get jOVAL with remote scanning option is to purchase jOVAL Professional Edition ($1,000 per user per year).
    I tried to figure out the situation with available source codes of jOVAL.
    First, I was able to build it and it works. The only comment about building: for current jOVAL master you should use jPE branch 1.0.1 (not master!) and jSAF branch 1.1.2.
    The second thought is that it could be used for remote scanning with some bash magic, and it works fast enough.

    I have just copied jovaldi dist to remote RHEL host and started default plugin job with RHEL OVAL patch content and then received results back.


    Html results:

    Posted by at 1 comment:
    Labels: , , , ,

    Thursday 10 May 2012

    Introduction to XCCDF

    XCCDF (The Extensible Configuration Checklist Description Format) is a specification language based on XML for description of security configuration checklists and other similar documents. XCCDF is one of the languages of Security Content Automation Protocol (SCAP) and an important instrument for specialists engaged in automation of information security processes. This language, for instance, is used to describe configuration requirements for the USA federal agencies’ and their contractors’ workstations (FDCC/USGCB program). This article considers the way of describing security configuration checklists in the XCCDF language in terms of USGCB content for RedHat Enterprise Linux.
    Read more »
    Posted by at No comments:
    Labels: , ,

    Monday 19 December 2011

    Getting NLM file version and release date (shell oneliner)

    version (x.x.x)
    release date (dd.mm.yyyy)
    $ od xnfs.nlm -w2 -t x2 -v | awk '{sub(/^[^ ]*/,"",$0); gsub(/[ ]*/," ",$0); printf $3 $4" "$1 $2" "}' | awk '{sub(/^.*56 65 52 73 49 6f 4e 23/,"",$0);sub(/43 6f 50 79 52 69 47 68 54 3d.*$/,"",$0); $0=toupper($0);print "16i "$4 $2 $3 $1" p "$8 $7 $6 $5" p "$12 $11 $10 $9" p "$16 $15 $14 $13" p "$20 $19 $18 $17" p "$24 $23 $22 $21" p"}' | dc | awk '{printf $0" "}' | awk '{print $1"."$2"."$3;print $6"."$5"."$4}'
    1.6.0
    6.12.2010
    Posted by at No comments:
    Labels: , , ,

    Novell Netware loadable module (NLM) file format

    A NetWare Loadable Module (NLM) is a binary code module that can be loaded into Novell's NetWare operating system. NLMs can implement hardware drivers, server functions (e.g. clustering), applications (e.g. GroupWise), system libraries or utilities.

    Structure of NLM file:
     00   - char[0x18] : 'NetWare Loadable Module' 1a
     18   - long       : 00000004        ; load version
              04  = NW 3.11
              84  = NW 3.12 &amp; above (NLM compression)
    Read more »
    Posted by at No comments:
    Labels: , ,

    Sunday 16 October 2011

    IT Compliance FAQ video

    Posted by at No comments:
    Labels: ,

    Wednesday 7 September 2011

    DoD RHEL 5 SCAP Content


    DoD Consensus Security Configuration Checklist for Red Hat Enterprise Linux 5 (2.0)

    SCAP Content

    Files in archive
    • dcb-rhel5_cpe-dictionary.xml
    • dcb-rhel5_cpe-oval.xml
    • dcb-rhel5_oval.xml
    • dcb-rhel5_xccdf.xml
    • dcb-rhel5-patches.xml
    Supported OS (dcb-rhel5_cpe-dictionary.xml)
    • Red Hat Enterprise Linux 5
    • Red Hat Enterprise Linux Desktop (v.5 client)
    • Red Hat Enterprise Linux Desktop Workstation (v.5 client)
    Patches (dcb-rhel5-patches.xml )
    • Red Hat Enterprise Linux 3
    • Red Hat Enterprise Linux 4
    • Red Hat Enterprise Linux 5
    • Red Hat Enterprise Linux Extras 3
    • Red Hat Enterprise Linux Extras 4
    • Red Hat Enterprise Linux Extras 5
    Compliance (dcb-rhel5_oval.xml,dcb-rhel5_xccdf.xml)

    Total: 247 controls
    Posted by at No comments:
    Labels: , , ,
    Subscribe to: Posts (Atom)