OpenVas es framework para el análisis de vulnerabilidades que nace con el cambio de licencia de Nessus.
Viene integrado en Backtrack y pese a que es sencillo configurarlo hay que seguir algunos pasos un poco engorrosos.
root@bt:~# /pentest/miscellaneous/openvas/openvas-check-setup.sh openvas-check-setup 2.0.6 Test completeness and readiness of OpenVAS-4 Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 3.2.3. ERROR: No CA certificate file of OpenVAS Scanner found. FIX: Run 'openvas-mkcert'. ERROR: Your OpenVAS-4 installation is not yet complete! Please follow the instructions marked with FIX above and run this script again. If you think this result is wrong, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
Así que tal y como dice el error, hay que crear el certificado para el scanner de openvas:
root@bt:~# openvas-mkcert /usr/local/var/lib/openvas/private/CA created /usr/local/var/lib/openvas/CA created ------------------------------------------------------------------------------- Creation of the OpenVAS SSL Certificate ------------------------------------------------------------------------------- This script will now ask you the relevant information to create the SSL certificate of OpenVAS. Note that this information will *NOT* be sent to anybody (everything stays local), but anyone with the ability to connect to your OpenVAS daemon will be able to retrieve this information. CA certificate life time in days [1460]: Server certificate life time in days [365]: Your country (two letter code) [DE]: ES Your state or province name [none]: Your location (e.g. town) [Berlin]: Madrid Your organization [OpenVAS Users United]: ------------------------------------------------------------------------------- Creation of the OpenVAS SSL Certificate ------------------------------------------------------------------------------- Congratulations. Your server certificate was properly created. The following files were created: . Certification authority: Certificate = /usr/local/var/lib/openvas/CA/cacert.pem Private key = /usr/local/var/lib/openvas/private/CA/cakey.pem . OpenVAS Server : Certificate = /usr/local/var/lib/openvas/CA/servercert.pem Private key = /usr/local/var/lib/openvas/private/CA/serverkey.pem Press [ENTER] to exit
Si se vuelve a ejecutar el script de chequeo, mostrará otro error:
root@bt:~# /pentest/miscellaneous/openvas/openvas-check-setup.sh [...skip...] Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 3.2.3. OK: OpenVAS Scanner CA Certificate is present as /usr/local/var/lib/openvas/CA/cacert.pem ERROR: The NVT collection is very small. FIX: Run a synchronization script like openvas-nvt-sync or greenbone-nvt-sync. ERROR: Your OpenVAS-4 installation is not yet complete! [...skip...]
Por lo que hay que actualizar los plugins NVT de Openvas con el comando:
root@bt:~# openvas-nvt-sync [i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'. [i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'. [i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed.html'. [i] NVT dir: /usr/local/var/lib/openvas/plugins [i] rsync not is recommended for the initial sync. Falling back on http. [i] Will use wget [i] Using GNU wget: /usr/bin/wget [i] Configured NVT http feed: http://www.openvas.org/openvas-nvt-feed-current.tar.bz2 [i] Downloading to: /tmp/openvas-nvt-sync.n8O2kCls0R/openvas-feed-2011-11-19-1796.tar.bz2 --2011-11-19 12:01:13-- http://www.openvas.org/openvas-nvt-feed-current.tar.bz2 Resolving www.openvas.org... 78.47.251.62 Connecting to www.openvas.org|78.47.251.62|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 9769693 (9.3M) [application/x-tar] [...skip...]
Para evitar seguir copiando errores, lo siguiente es crear un certificado de cliente:
root@bt:~# openvas-mkcert-client -n om –i Generating RSA private key, 1024 bit long modulus ......................................++++++ ................++++++ e is 65537 (0x10001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [DE]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Using configuration from /tmp/openvas-mkcert-client.2185/stdC.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'DE' localityName :PRINTABLE:'Berlin' commonName :PRINTABLE:'om' Certificate is to be certified until Nov 18 16:46:51 2012 GMT (365 days) Write out database with 1 new entries Data Base Updated User om added to OpenVAS. Your client certificates are in /tmp/openvas-mkcert-client.2185 . You will have to copy them by hand.
Crear nuevamente la base de datos del manager:
root@bt:~# openvasmd –-rebuild
Arrancar el servicio, que carga los plugins y tarda bastante:
root@bt:~# openvassd All plugins loaded
Volver a recrear la base de datos:
root@bt:~# touch /usr/local/var/lib/openvas/mgr/tasks.db root@bt:~# openvasmd –-backup root@bt:~# openvasmd –-rebuild
Crear el usuario administrador con nombre de usuario "openvasadmin" y un usuario normal.
root@bt:~# openvasad -c ‘add_user’ -n openvasadmin -r Admin Enter password: ad main:MESSAGE:32334:2011-11-19 12h14.10 EST: No rules file provided, the new user will have no restrictions. ad main:MESSAGE:32334:2011-11-19 12h14.10 EST: User openvasadm has been successfully created. root@bt:~# openvas-adduser Using /var/tmp as a temporary file holder. Add a new openvassd user --------------------------------- Login : openvas Authentication (pass/cert) [pass] : Login password : Login password (again) : User rules --------------- openvassd has a rules system which allows you to restrict the hosts that openvas has the right to test. For instance, you may want him to be able to scan his own host only. Please see the openvas-adduser(8) man page for the rules syntax. Enter the rules for this user, and hit ctrl-D once you are done: (the user can have an empty rules set) Login : openvas Password : *********** Rules : Is that ok? (y/n) [y] y user added.
Arrancar el manager, administrador, y el servicio web para el cliente:
root@bt:~# openvasmd -p 9390 -a 127.0.0.1 root@bt:~# openvasad -a 127.0.0.1 -p 9393 root@bt:~# gsad -–http-only -–listen=127.0.0.1 -p 9392
Para que finalmente el servicio sea accedido mediante web en la dirección: http://localhost:9302
En resumen:
openvas-mkcert openvas-nvt-sync openvas-mkcert-client -n om –i openvasmd –-rebuild openvassd touch /usr/local/var/lib/openvas/mgr/tasks.db openvasmd –-backup openvasmd –-rebuild openvasad -c ‘add_user’ -n openvasadmin -r Admin openvas-adduser openvasmd -p 9390 -a 127.0.0.1 openvasad -a 127.0.0.1 -p 9393 gsad -–http-only -–listen=127.0.0.1 -p 9392
6 comments :
Excelente :D..gracias
Muy buen trabajo :)
Gracias, me ha servido de Guia :)
excelente... tengo dos preguntas... primero .. si quisiera pasar el que tengo (openvas que configure en un equipo de prueba)instalado a otro equipo sin tener que hacer toda la configuracion de nuevo, que deberia hacer.
Segundo... donde quedan los reportes cuando se generan ... es que trato de descargarlos como pdf pero no funciona.
gracias
Vi un video que me sirvio mucho:
http://www.nicklabs.com.ar/?p=1524
Tiene un cursillo muy bueno de hacking, esta estancado pero no deja de ser chebere.
Hola, muchas gracias por la información, he podido levantarlo sin ningun problema. solo una duda para poder ingresar via web desde otro equipo no puedo verla, ya revise a nivel firewall y no tengo bloqueado ese puerto, sera que backtrack tiene firewall o que linea agrego para verla desde otros equipos?
Publicar un comentario