Friday, November 22, 2013

Installation of OpenVAS from source code

This week I was trying to get OpenVAS working in one of our old Ubuntu laptops. Ubuntu does come with some working packages, but a bit old using precise release. After a while I managed to get it working, these are the steps it took:

First, download the source codes from http://www.openvas.org/install-source.html (for this tutorial I'm using V5). Save the files on /opt/openvas/v5 (for example).

Decompress all the files, and *READ* the README file to check for dependencies. Once all of them cleared, just follow the install instructions for all packages:
cd <package name>; mkdir build; cd build; cmake .. && make && sudo make install
Note: This line will install the contents on /usr/local. Personally I don't install the Greenbone security desktop as it's discontinued in later releases. Greenbone security assistant should be good enough.

Next step, is create the om user needed by openvas. We need to generate the site cert and client cert:
sudo /usr/local/sbin/openvas-mkcert -n om -i
sudo /usr/local/sbin/openvas-mkcert-client -n om -i
Now, we need to download the plugins for OpenVAS - otherwise, scans are empty. According to our installation prefix, the plugin path should be /usr/local/var/lib/openvas/plugins: 
sudo /usr/local/sbin/openvas-nvt-sync
Also we will update scap data - for vulnerabilities info. This should go to /usr/local/var/lib/openvas/scap-data.
sudo /usr/local/sbin/greenbone-scapdata-sync 
Now we launch the OpenVAS scanner daemon openvassd. At launch time it will load all the plugins we downloaded updating the nvt. If the plugin update went well, it will take a while loading plugins - if the message All plugins loaded appears right away then we updated the plugins in the wrong directory or they cannot be accessed.

The log /usr/local/var/log/openvas/openvassd.messages should show this message:
openvassd 3.3.1 started 
Now let's run the manager daemon and update the NVT cache:
/usr/local/sbin/openvasmd -v --update
Now is one of the most troublesome moments. Checking the log /usr/local/var/log/openvas/openvasmd.log we can find what went wrong - almost every time I install it there's something not right. These are messages I found and how I solved them:

openvas_server_new: failed to set credentials key file -> re create the certificates
openvas_server_connect: failed to shake hands with server: The TLS connection was non-properly terminated. -> check you have the right gnutls version (you might have seen a warning after make

 If you see these messages:

md   main:   INFO:2013-11-22 02h37.11 utc:6380:    OpenVAS Manager
md   main:   INFO:2013-11-22 02h37.11 utc:6380:    Set to connect to address 127.0.0.1 port 9391
md   main:   INFO:2013-11-22 02h37.11 utc:6380:    Updating NVT cache.
GLib:WARNING:2013-11-22 02h37.13 utc:6380: g_strcompress: trailing \

Seems all went good ! Now let's launch the daemon:
sudo /usr/local/sbin/openvasmd -v
Check this is the content of the log:

md   main:   INFO:2013-11-22 02h44.01 utc:6399:    OpenVAS Manager
md   main:   INFO:2013-11-22 02h44.02 utc:6400:    Manager bound to address * port 9390
md   main:   INFO:2013-11-22 02h44.02 utc:6400:    Set to connect to address 127.0.0.1 port 9391
lib  auth:WARNING:2013-11-22 02h44.02 utc:6400: Authentication configuration could not be loaded.

Next is the OpenVAS administrator daemon - controls the OAP:
sudo /usr/local/sbin/openvasad
You might see the following warning in the log file /usr/local/var/log/openvas/openvasad.log but for this example this can be ignored - on other scenarios it would matter:

lib  auth:WARNING:2013-11-25 15h00.36 SGT:30929: Authentication configuration could not be loaded.

Now it's time to launch the Greenbone security assistant. Launch the daemon with:
sudo /usr/local/sbin/gsad
And try to connect using https://<your openvas machine>. If you receive SSL errors and can't open the page, you can fall back to http version. Kill the gsad daemon and launch it like this:
sudo /usr/local/sbin/gsad --http-only
Now we need to create our user - i.e. openvasadmin. We can create it with this command:
sudo /usr/local/sbin/openvasad -c 'add_user' -n openvasadmin -r Admin 
Enter the password, and try it our in Greenbone. For non Admin users you can also use the tool /usr/local/sbin/openvas-adduser

That's all !
Posted by No comments:

Tuesday, November 5, 2013

ELB Multi AZ and Nginx Proxy

Recently I found out that my nginx proxy is not making use of the multi AZ feature of my Amazon ELB.

They way multiple availability zones in an ELB works is basically adding a A record to the existing ELB for round robin resolution on each area (50 - 50). Nginx, by default, will cache the initial response of the ELB as the parameter proxy_buffering is default enabled. Setting it to Off, it will stop caching the response and start to balance across all the AZs.

proxy_buffering off;
Another way would be set the cache to expire in 1 minute:

proxy_cache_valid 1m;
I have not really tried the following one throughout, but we could enable our other AZ instances only for specific locations with proxy_cache_bypass. In my configuration would be:
 location /place-with-heavy-load { 
 [...]
set $no_cache 1;
[...]
location / {
 [...]
 proxy_cache_bypass $no_cache;
 proxy_pass http://my-elb-at-aws.com;
[...]

Posted by No comments:
Subscribe to: Posts (Atom)