01 diciembre 2011

Configurar OpenVAS en Backtrack 5 R1


OpenVas es framework para el análisis de vulnerabilidades que nace con el cambio de licencia de Nessus.

Viene integrado en Backtrack y pese a que es sencillo configurarlo hay que seguir algunos pasos un poco engorrosos.

Lo más importante es recordar que el script: /pentest/miscellaneous/openvas/openvas-check-setup.sh se puede ejecutar para identificar problemas hasta que la instalación este completa.

root@bt:~# /pentest/miscellaneous/openvas/openvas-check-setup.sh 
openvas-check-setup 2.0.6
  Test completeness and readiness of OpenVAS-4

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ... 
        OK: OpenVAS Scanner is present in version 3.2.3.
        ERROR: No CA certificate file of OpenVAS Scanner found.
        FIX: Run 'openvas-mkcert'.

 ERROR: Your OpenVAS-4 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

Así que tal y como dice el error, hay que crear el certificado para el scanner de openvas:

root@bt:~# openvas-mkcert
/usr/local/var/lib/openvas/private/CA created
/usr/local/var/lib/openvas/CA created
-------------------------------------------------------------------------------
   Creation of the OpenVAS SSL Certificate
-------------------------------------------------------------------------------
This script will now ask you the relevant information to create the SSL certificate 
of OpenVAS. Note that this information will *NOT* be sent to anybody (everything stays
local), but anyone with the ability to connect to your OpenVAS daemon will be able to
 retrieve this information.

CA certificate life time in days [1460]: 
Server certificate life time in days [365]: 
Your country (two letter code) [DE]: ES
Your state or province name [none]: 
Your location (e.g. town) [Berlin]: Madrid
Your organization [OpenVAS Users United]: 
-------------------------------------------------------------------------------
   Creation of the OpenVAS SSL Certificate
-------------------------------------------------------------------------------
Congratulations. Your server certificate was properly created.

The following files were created:
. Certification authority:
   Certificate = /usr/local/var/lib/openvas/CA/cacert.pem
   Private key = /usr/local/var/lib/openvas/private/CA/cakey.pem
. OpenVAS Server : 
    Certificate = /usr/local/var/lib/openvas/CA/servercert.pem
    Private key = /usr/local/var/lib/openvas/private/CA/serverkey.pem
Press [ENTER] to exit

Si se vuelve a ejecutar el script de chequeo, mostrará otro error:

root@bt:~# /pentest/miscellaneous/openvas/openvas-check-setup.sh 
[...skip...]
Step 1: Checking OpenVAS Scanner ... 
  OK: OpenVAS Scanner is present in version 3.2.3.
  OK: OpenVAS Scanner CA Certificate is present as /usr/local/var/lib/openvas/CA/cacert.pem
  ERROR: The NVT collection is very small.
  FIX: Run a synchronization script like openvas-nvt-sync or greenbone-nvt-sync.

 ERROR: Your OpenVAS-4 installation is not yet complete!

[...skip...]

Por lo que hay que actualizar los plugins NVT de Openvas con el comando:
root@bt:~# openvas-nvt-sync
[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.
[i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'.
[i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed.html'.
[i] NVT dir: /usr/local/var/lib/openvas/plugins
[i] rsync not is recommended for the initial sync. Falling back on http.
[i] Will use wget
[i] Using GNU wget: /usr/bin/wget
[i] Configured NVT http feed: http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
[i] Downloading to: /tmp/openvas-nvt-sync.n8O2kCls0R/openvas-feed-2011-11-19-1796.tar.bz2
--2011-11-19 12:01:13--  http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
Resolving www.openvas.org... 78.47.251.62
Connecting to www.openvas.org|78.47.251.62|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9769693 (9.3M) [application/x-tar]
[...skip...]

Para evitar seguir copiando errores, lo siguiente es crear un certificado de cliente:

root@bt:~# openvas-mkcert-client -n om –i
Generating RSA private key, 1024 bit long modulus
......................................++++++
................++++++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Using configuration from /tmp/openvas-mkcert-client.2185/stdC.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'DE'
localityName          :PRINTABLE:'Berlin'
commonName            :PRINTABLE:'om'
Certificate is to be certified until Nov 18 16:46:51 2012 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
User om added to OpenVAS.
Your client certificates are in /tmp/openvas-mkcert-client.2185 .
You will have to copy them by hand.

Crear nuevamente la base de datos del manager:

root@bt:~# openvasmd –-rebuild

Arrancar el servicio, que carga los plugins y tarda bastante:

root@bt:~# openvassd
All plugins loaded                                   

Volver a recrear la base de datos:
root@bt:~#  touch /usr/local/var/lib/openvas/mgr/tasks.db
root@bt:~# openvasmd –-backup
root@bt:~# openvasmd –-rebuild

Crear el usuario administrador con nombre de usuario "openvasadmin" y un usuario normal.

root@bt:~# openvasad -c ‘add_user’ -n openvasadmin -r Admin
Enter password: 
ad   main:MESSAGE:32334:2011-11-19 12h14.10 EST: No rules file provided, the new user 
will have no restrictions.
ad   main:MESSAGE:32334:2011-11-19 12h14.10 EST: User openvasadm has been successfully
created.
root@bt:~# openvas-adduser
Using /var/tmp as a temporary file holder.
Add a new openvassd user
---------------------------------
Login : openvas
Authentication (pass/cert) [pass] : 
Login password : 
Login password (again) : 

User rules
---------------
openvassd has a rules system which allows you to restrict the hosts that openvas 
has the right to test.
For instance, you may want him to be able to scan his own host only.
Please see the openvas-adduser(8) man page for the rules syntax.
Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)

Login             : openvas
Password          : ***********
Rules             : 
Is that ok? (y/n) [y] y
user added.

Arrancar el manager, administrador, y el servicio web para el cliente:

root@bt:~# openvasmd -p 9390 -a 127.0.0.1
root@bt:~# openvasad -a 127.0.0.1 -p 9393
root@bt:~# gsad -–http-only -–listen=127.0.0.1 -p 9392

Para que finalmente el servicio sea accedido mediante web en la dirección: http://localhost:9302



En resumen:

openvas-mkcert
openvas-nvt-sync
openvas-mkcert-client -n om –i
openvasmd –-rebuild
openvassd
touch /usr/local/var/lib/openvas/mgr/tasks.db
openvasmd –-backup
openvasmd –-rebuild
openvasad -c ‘add_user’ -n openvasadmin -r Admin
openvas-adduser
openvasmd -p 9390 -a 127.0.0.1
openvasad -a 127.0.0.1 -p 9393
gsad -–http-only -–listen=127.0.0.1 -p 9392

6 comments :

CarŁoko Encrypted dijo...

Excelente :D..gracias

suaiper dijo...

Muy buen trabajo :)

Grax dijo...

Gracias, me ha servido de Guia :)

Demo Social dijo...

excelente... tengo dos preguntas... primero .. si quisiera pasar el que tengo (openvas  que configure en un equipo de prueba)instalado a otro equipo sin tener que hacer toda la configuracion de nuevo, que deberia hacer.
Segundo... donde quedan los reportes cuando se generan ... es que trato de descargarlos como pdf pero no funciona.

gracias

Hackargentina dijo...

Vi un video que me sirvio mucho:
http://www.nicklabs.com.ar/?p=1524 
Tiene un cursillo muy bueno de hacking, esta estancado pero no deja de ser chebere.

Irvingpalafox dijo...

Hola, muchas gracias por la información, he podido levantarlo sin ningun problema. solo una duda para poder ingresar via web desde otro equipo no puedo verla, ya revise a nivel firewall y no tengo bloqueado ese puerto, sera que backtrack tiene firewall o que linea agrego para verla desde otros equipos?