|
|
(6 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
− | How To Use OpenVAS to Audit the Security of Remote Systems on Ubuntu 12.04
| + | OpenVAS adalah open source suite yang dapat digunakan untuk men-scan kerentanan dan manajemen kerentanan. OpenVAS adalah singkatan dari Open Vulnerability Assessment System. OpenVAS adalah alternatif yang sangat baik bagi pen-scan keamanan komersial seperti Nessus, QualysGuard, dll. OpenVAS dibagi menjadi tiga bagian: OpenVAS Scanner, OpenVAS Manager, dan OpenVAS CLI. |
− | PostedJanuary 27, 2014 134.1k views Security Ubuntu
| |
− | Introduction
| |
| | | |
− | An important aspect of server security is being proactive about security screening. If you expose any services to the internet, penetration testing is essential to ensure that you are not vulnerable to known threats.
| + | Disini akan di perlihatkan cara instalasi OpenVAS Vulnerability Scanner di Ubuntu 16.04. |
| | | |
− | The Open Vulnerability Assessment System, known more commonly as OpenVAS, is a suite of tools that work together to run tests against client computers using a database of known exploits and weaknesses. The goal is to learn about how well your servers are guarded against known attack vectors.
| + | ==Prasyarat== |
| | | |
− | In this guide, we will install the OpenVAS suite on an Ubuntu 12.04 VPS. We can then use this system to scan itself and other servers.
| + | * Ubuntu Server 16.04 kosong. |
− | Add the OpenVAS PPA and Install Software
| + | * User di server tersebut dengan kemampuan sudo. |
| + | * Server memiliki IP statik. |
| + | * Server memiliki rsync |
| | | |
− | Although there are some OpenVAS components in Ubuntu's default repositories, we will use a PPA that maintains updated versions of the packages.
| + | ==Step 1: Update System== |
| | | |
− | To begin with, we need to install the python-software-properties package, which will allow us to work with PPAs easily.
| + | Update system |
| | | |
− | sudo apt-get update | + | sudo apt update -y |
− | sudo apt-get install python-software-properties | + | sudo apt-get upgrade -y |
| + | sudo reboot |
| | | |
− | We can then add the newest stable version to our system:
| + | ==Step 2: Install dependency== |
| | | |
− | sudo add-apt-repository ppa:openvas/openvas6
| + | Install |
| | | |
− | We need to rebuild the apt database to gather information about the packages available through our new PPA. Afterwards, we can install the needed software:
| + | sudo apt install python-software-properties sqlite3 |
| | | |
− | sudo apt-get update
| |
− | sudo apt-get install openvas-manager openvas-scanner openvas-administrator openvas-cli greenbone-security-assistant sqlite3 xsltproc texlive-latex-base texlive-latex-extra texlive-latex-recommended htmldoc alien rpm nsis fakeroot
| |
| | | |
− | This will download and install the components that are necessary to get us started.
| + | ==Step 3: Install OpenVAS== |
− | Initial Configuration
| |
| | | |
− | We can create SSL certificates for OpenVAS using a wrapper utility that is included by default. We need to call this with administrative privileges so that it can be placed in a restricted portion of the file system.
| + | Tambahkan OpenVAS PPA & install openvas |
| | | |
− | sudo openvas-mkcert | + | sudo add-apt-repository ppa:mrazavi/openvas |
| + | sudo apt update |
| + | sudo apt -y install openvas |
| | | |
− | You will be asked a number of questions that will help you build a certificate file for use with this server.
| + | Setelah OpenVAS di instalasi. |
| + | Jalankan OpenVAS menggunakan perintah: |
| | | |
− | Most of the questions, you can just type ENTER to accept the default values. This is mainly for your own use, so input the values you would like to use.
| + | sudo systemctl start openvas-scanner |
| + | sudo systemctl start openvas-manager |
| + | sudo systemctl start openvas-gsa |
| | | |
− | Next, we will create another certificate. This time, we will create a client certificate for a user named "om" this stands for OpenVAS Manager. We don't need any specific information for the client portion, so we will tell it to configure things automatically and install the certificates in the needed places:
| + | Men-stop dengan perintah |
| | | |
− | sudo openvas-mkcert-client -n om -i | + | sudo systemctl stop openvas-scanner |
| + | sudo systemctl stop openvas-manager |
| + | sudo systemctl stop openvas-gsa |
| | | |
− | Build the Database Information
| + | ==Step 4: Buka Firewall== |
| | | |
− | Now that we have our certificates installed, we can begin building our database so that our local tools are aware of different kinds of threats and vulnerabilities.
| + | Jika dibutuhkan buka firewall UFW melalui port 443 |
− | | |
− | Update the network vulnerability tests database by issuing this command:
| |
− | | |
− | sudo openvas-nvt-sync
| |
− | | |
− | This will download the latest definitions to your local machine.
| |
− | | |
− | To continue we'll need to stop the manager and scanner applications so that we can call the commands without a conflict momentarily.
| |
− | | |
− | Stop both of these services by typing:
| |
− | | |
− | sudo service openvas-manager stop
| |
− | sudo service openvas-scanner stop
| |
− | | |
− | Now, we can start the scanner application without the parameters found in the init file that are usually called. During this first run, OpenVAS will need to download and sync a lot of data. This will take quite awhile:
| |
− | | |
− | sudo openvassd
| |
− | | |
− | Once this is finished, you'll have to rebuild the database generated by the scanner by typing:
| |
− | | |
− | sudo openvasmd --rebuild
| |
− | | |
− | Next, we will download and update our security content automation protocol data. This is known as "SCAP" data. This is another database that OpenVAS checks against for our security tests.
| |
− | | |
− | sudo openvas-scapdata-sync
| |
− | | |
− | This will be another long wait. It downloads some general files and then updates them in the database.
| |
− | | |
− | We will then run a similar sync operation for the cert data:
| |
− | | |
− | sudo openvas-certdata-sync
| |
− | | |
− | Running this command for the first time, you might see some errors. They may look something like this:
| |
− | | |
− | Error: no such table: meta
| |
− | | |
− | This is because the Ubuntu package is actually missing some files that are packaged in some other versions.
| |
− | | |
− | We can get these from an RPM package for the manager component. Type this to download it to your home directory:
| |
− | | |
− | cd
| |
− | wget http://www6.atomicorp.com/channels/atomic/fedora/18/i386/RPMS/openvas-manager-4.0.2-11.fc18.art.i686.rpm
| |
− | | |
− | Now that we have the file downloaded, we can extract and expand the directory structure present within the RPM. We can do this by typing:
| |
− | | |
− | rpm2cpio openvas* | cpio -div
| |
− | | |
− | We will create a directory for our new files in a place where OpenVAS will find them. We will then move the files into that directory:
| |
− | | |
− | sudo mkdir /usr/share/openvas/cert
| |
− | sudo cp ./usr/share/openvas/cert/* /usr/share/openvas/cert
| |
− | | |
− | Now, we can safely run the cert syncing command again, and it should complete as expected this time:
| |
− | | |
− | sudo openvas-certdata-sync
| |
− | | |
− | Afterwards, we can delete the extracted RPM data and directories from our home directory:
| |
− | | |
− | rm -rf ~/openvas* ~/usr ~/etc
| |
− | | |
− | Set Up OpenVAS User and Ports
| |
− | | |
− | To sign into our service, we will need a user. We can create one with the OpenVAS administrator component.
| |
− | | |
− | Here, we will create a user called "admin" with the role of administrator. You will be asked to provide a password to use for the new account:
| |
− | | |
− | sudo openvasad -c add_user -n admin -r Admin
| |
− | | |
− | You will be informed that the user has been granted unlimited access.
| |
− | | |
− | Next, we need to change the way one of our components starts up. The Greenbone Security Assistant component is a web-based interface to the tools we have installed.
| |
− | | |
− | By default, the interface is only accessible from the local computer. Since we are installing the OpenVAS suite on a remote server, we won't be able to access the web interface with these settings. We need to make it accessible from the internet.
| |
− | | |
− | Open the following file with root privileges in your preferred text editor:
| |
− | | |
− | sudo nano /etc/default/greenbone-security-assistant
| |
− | | |
− | Near the top, you should see a parameter that specifies the address that the web interface will listen on. We need to change the value from 127.0.0.1 to the public IP address of your VPS. This will let it listen to connections from the internet, and we will be able to connect:
| |
− | | |
− | GSA_ADDRESS=your_server_IP_address
| |
− | | |
− | Save and close the file when you have made the above modification.
| |
− | Start Up the Services
| |
− | | |
− | We will now start up the services that we have been configuring. Most of them are already running in some capacity, but we will have to restart them to make sure that they use the new information we have been gathering.
| |
− | | |
− | Start by killing all of the running OpenVAS scanner processes:
| |
− | | |
− | sudo killall openvassd
| |
− | | |
− | It can take up to 15 or 20 seconds for the process to actually be killed. You can check if there are processes still running by issuing:
| |
− | | |
− | ps aux | grep openvassd | grep -v grep
| |
− | | |
− | If anything is returned, then your processes have not finished yet and you should continue to wait.
| |
− | | |
− | Once the process exits completely, you can begin starting all of your services again:
| |
− | | |
− | sudo service openvas-scanner start
| |
− | sudo service openvas-manager start
| |
− | sudo service openvas-administrator restart
| |
− | sudo service greenbone-security-assistant restart
| |
− | | |
− | Each of these may take a bit of time to start up.
| |
− | Access the Web Interface and Run Some Tests
| |
− | | |
− | Once the services have all started, you use your web browser to access the Greenbone Security Assistant web interface.
| |
− | | |
− | To access this, you must precede the address of your server with https://. You then enter either the domain name or IP address of your server followed by :9392.
| |
− | | |
− | https://server_domain_or_IP:9392
| |
− | | |
− | You will be presented with a scary looking warning screen telling you that the certificate is not signed by someone that your browser trusts by default:
| |
− | | |
− | OpenVAS security warning
| |
− | | |
− | This is expected and not a problem. You should click on the "Proceed anyway" button to continue.
| |
− | | |
− | Next, you will be presented with the login screen:
| |
− | | |
− | OpenVAS login screen
| |
− | | |
− | You will need to enter the username and password you configured earlier. For this guide, the username was "admin".
| |
− | | |
− | Once you sign in, you will be immediately greeted by a quick start wizard, which will allow you to run a default scan against a target computer right away:
| |
− | | |
− | OpenVAS startup wizard
| |
− | | |
− | A good choice is to run against another server that you own. It is important to not run these scans against targets that are not under your control, because they may look like potential attacks to other users.
| |
− | | |
− | Enter the IP address of the computer you wish to test against and click the "Start Scan" button to begin.
| |
− | | |
− | The page will update as the scan progresses and you can also refresh the page manually to track the progress:
| |
− | | |
− | OpenVAS scan progress
| |
− | | |
− | When the scan is complete (or even before if you want to review the information as it is coming in), you can click on the purple magnifying glass icon to see the results of the scan. It is normal for the scan to rest on 98% for a while before completing:
| |
− | | |
− | OpenVAS magnifying glass
| |
− | | |
− | You will be taken to an overview of the scan results. Note that the immediate scan that we have completed is not the most in-depth scan we have available.
| |
− | | |
− | OpenVAS scan results
| |
− | | |
− | At the bottom, you can see the report that OpenVAS created telling us of potential vulnerabilities in the system we scanned. We can see that the "Threat" level has been categorized as "Medium".
| |
− | | |
− | This means that at least one vulnerability has been found in the system of the rating of "medium". We can find out more by clicking on the magnifying glass again.
| |
− | | |
− | This will take us to a full report of the findings. In the top portion, you have the option to download the results in various formats:
| |
− | | |
− | OpenVAS scan download
| |
− | | |
− | In the middle section, we can filter the results. By default, the interface will only show threats marked "high" or "medium". On your first time through, you should probably check all of the boxes under the "Threat" category. Click "Apply" to implement this:
| |
− | | |
− | OpenVAS filtering
| |
− | | |
− | The bottom section tells us about the specific items that were found. If you selected all of the boxes above, you will see some informational messages about open ports and similar findings.
| |
− | | |
− | The threats will be color-coded to match their button color. For instance, this is our medium threat:
| |
− | | |
− | OpenVas medium threat
| |
− | | |
− | This warning tells us that our target responds to timestamp requests. These requests can let an attacker know how long the host has been online continuously. This could let an attacker know that the host is vulnerable to any recent exploits.
| |
− | | |
− | As you can see, the report also includes information about how to address the issue.
| |
− | Conclusion
| |
− | | |
− | You should now have a fully functional OpenVAS server set up to scan your hosts. This can help you spot vulnerabilities and highlight areas to focus on when you are tightening up security.
| |
− | | |
− | We have only shown a bare minimum of the functionality of the OpenVAS security suite. Among other tasks, you can easily schedule scans, automatically generate reports, and email alerts when certain threat levels are generated. Explore the Greenbone Security Assistant interface and take advantage of the great built-in help system to learn more about your options.
| |
− | By Justin Ellingwood
| |
| | | |
| + | sudo ufw allow https |
| | | |
| + | ==Step 5: Akses OpenVAS Web Interface== |
| | | |
| + | Sebelum di akses, update vulnerability |
| | | |
| + | sudo openvas-nvt-sync |
| | | |
| + | Setelah database ter-update, buka browser ke |
| | | |
| + | https://ip-address-server-openvas/ |
| | | |
| + | Default username & password |
| | | |
| + | admin |
| + | admin |
| | | |
− | ==Referensi==
| + | Untuk mengubah username & password, |
| | | |
− | * https://www.digitalocean.com/community/tutorials/how-to-use-openvas-to-audit-the-security-of-remote-systems-on-ubuntu-12-04
| + | sudo openvasmd --user=admin --new-password=<new-password> |
OpenVAS adalah open source suite yang dapat digunakan untuk men-scan kerentanan dan manajemen kerentanan. OpenVAS adalah singkatan dari Open Vulnerability Assessment System. OpenVAS adalah alternatif yang sangat baik bagi pen-scan keamanan komersial seperti Nessus, QualysGuard, dll. OpenVAS dibagi menjadi tiga bagian: OpenVAS Scanner, OpenVAS Manager, dan OpenVAS CLI.
Disini akan di perlihatkan cara instalasi OpenVAS Vulnerability Scanner di Ubuntu 16.04.
Prasyarat
- Ubuntu Server 16.04 kosong.
- User di server tersebut dengan kemampuan sudo.
- Server memiliki IP statik.
- Server memiliki rsync
Step 1: Update System
Update system
sudo apt update -y
sudo apt-get upgrade -y
sudo reboot
Step 2: Install dependency
Install
sudo apt install python-software-properties sqlite3
Step 3: Install OpenVAS
Tambahkan OpenVAS PPA & install openvas
sudo add-apt-repository ppa:mrazavi/openvas
sudo apt update
sudo apt -y install openvas
Setelah OpenVAS di instalasi.
Jalankan OpenVAS menggunakan perintah:
sudo systemctl start openvas-scanner
sudo systemctl start openvas-manager
sudo systemctl start openvas-gsa
Men-stop dengan perintah
sudo systemctl stop openvas-scanner
sudo systemctl stop openvas-manager
sudo systemctl stop openvas-gsa
Step 4: Buka Firewall
Jika dibutuhkan buka firewall UFW melalui port 443
sudo ufw allow https
Step 5: Akses OpenVAS Web Interface
Sebelum di akses, update vulnerability
sudo openvas-nvt-sync
Setelah database ter-update, buka browser ke
https://ip-address-server-openvas/
Default username & password
admin
admin
Untuk mengubah username & password,
sudo openvasmd --user=admin --new-password=<new-password>