Difference between revisions of "Openvas: di ubuntu"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "How To Use OpenVAS to Audit the Security of Remote Systems on Ubuntu 12.04 PostedJanuary 27, 2014 134.1k views Security Ubuntu Introduction An important aspect of server secu...")
 
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
How To Use OpenVAS to Audit the Security of Remote Systems on Ubuntu 12.04
+
OpenVAS adalah open source suite yang dapat digunakan untuk men-scan kerentanan dan manajemen kerentanan. OpenVAS adalah singkatan dari Open Vulnerability Assessment System. OpenVAS adalah alternatif yang sangat baik bagi pen-scan keamanan komersial seperti Nessus, QualysGuard, dll. OpenVAS dibagi menjadi tiga bagian: OpenVAS Scanner, OpenVAS Manager, dan OpenVAS CLI.
PostedJanuary 27, 2014 134.1k views Security Ubuntu
 
Introduction
 
  
An important aspect of server security is being proactive about security screening. If you expose any services to the internet, penetration testing is essential to ensure that you are not vulnerable to known threats.
+
Disini akan di perlihatkan cara instalasi OpenVAS Vulnerability Scanner di Ubuntu 16.04.
  
The Open Vulnerability Assessment System, known more commonly as OpenVAS, is a suite of tools that work together to run tests against client computers using a database of known exploits and weaknesses. The goal is to learn about how well your servers are guarded against known attack vectors.
+
==Prasyarat==
  
In this guide, we will install the OpenVAS suite on an Ubuntu 12.04 VPS. We can then use this system to scan itself and other servers.
+
* Ubuntu Server 16.04 kosong.
Add the OpenVAS PPA and Install Software
+
* User di server tersebut dengan kemampuan sudo.
 +
* Server memiliki IP statik.
 +
* Server memiliki rsync
  
Although there are some OpenVAS components in Ubuntu's default repositories, we will use a PPA that maintains updated versions of the packages.
+
==Step 1: Update System==
  
To begin with, we need to install the python-software-properties package, which will allow us to work with PPAs easily.
+
Update system
  
sudo apt-get update
+
sudo apt update -y
sudo apt-get install python-software-properties
+
sudo apt-get upgrade -y
 +
sudo reboot
  
We can then add the newest stable version to our system:
+
==Step 2: Install dependency==
  
sudo add-apt-repository ppa:openvas/openvas6
+
Install
  
We need to rebuild the apt database to gather information about the packages available through our new PPA. Afterwards, we can install the needed software:
+
sudo apt install python-software-properties sqlite3
  
sudo apt-get update
 
sudo apt-get install openvas-manager openvas-scanner openvas-administrator openvas-cli greenbone-security-assistant sqlite3 xsltproc texlive-latex-base texlive-latex-extra texlive-latex-recommended htmldoc alien rpm nsis fakeroot
 
  
This will download and install the components that are necessary to get us started.
+
==Step 3: Install OpenVAS==
Initial Configuration
 
  
We can create SSL certificates for OpenVAS using a wrapper utility that is included by default. We need to call this with administrative privileges so that it can be placed in a restricted portion of the file system.
+
Tambahkan OpenVAS PPA & install openvas
  
sudo openvas-mkcert
+
sudo add-apt-repository ppa:mrazavi/openvas
 +
sudo apt update
 +
sudo apt -y install openvas
  
You will be asked a number of questions that will help you build a certificate file for use with this server.
+
Setelah OpenVAS di instalasi.
 +
Jalankan OpenVAS menggunakan perintah:
  
Most of the questions, you can just type ENTER to accept the default values. This is mainly for your own use, so input the values you would like to use.
+
sudo systemctl start openvas-scanner
 +
sudo systemctl start openvas-manager
 +
sudo systemctl start openvas-gsa
  
Next, we will create another certificate. This time, we will create a client certificate for a user named "om" this stands for OpenVAS Manager. We don't need any specific information for the client portion, so we will tell it to configure things automatically and install the certificates in the needed places:
+
Men-stop dengan perintah
  
sudo openvas-mkcert-client -n om -i
+
sudo systemctl stop openvas-scanner
 +
sudo systemctl stop openvas-manager
 +
sudo systemctl stop openvas-gsa
  
Build the Database Information
+
==Step 4: Buka Firewall==
  
Now that we have our certificates installed, we can begin building our database so that our local tools are aware of different kinds of threats and vulnerabilities.
+
Jika dibutuhkan buka firewall UFW melalui port 443
  
Update the network vulnerability tests database by issuing this command:
+
sudo ufw allow https
  
sudo openvas-nvt-sync
+
==Step 5: Akses OpenVAS Web Interface==
  
This will download the latest definitions to your local machine.
+
Sebelum di akses, update vulnerability
  
To continue we'll need to stop the manager and scanner applications so that we can call the commands without a conflict momentarily.
+
sudo openvas-nvt-sync
  
Stop both of these services by typing:
+
Setelah database ter-update, buka browser ke
  
sudo service openvas-manager stop
+
https://ip-address-server-openvas/
sudo service openvas-scanner stop
 
  
Now, we can start the scanner application without the parameters found in the init file that are usually called. During this first run, OpenVAS will need to download and sync a lot of data. This will take quite awhile:
+
Default username & password
  
sudo openvassd
+
admin
 +
admin
  
Once this is finished, you'll have to rebuild the database generated by the scanner by typing:
+
Untuk mengubah username & password,
  
sudo openvasmd --rebuild
+
sudo openvasmd --user=admin --new-password=<new-password>
 
 
Next, we will download and update our security content automation protocol data. This is known as "SCAP" data. This is another database that OpenVAS checks against for our security tests.
 
 
 
sudo openvas-scapdata-sync
 
 
 
This will be another long wait. It downloads some general files and then updates them in the database.
 
 
 
We will then run a similar sync operation for the cert data:
 
 
 
sudo openvas-certdata-sync
 
 
 
Running this command for the first time, you might see some errors. They may look something like this:
 
 
 
Error: no such table: meta
 
 
 
This is because the Ubuntu package is actually missing some files that are packaged in some other versions.
 
 
 
We can get these from an RPM package for the manager component. Type this to download it to your home directory:
 
 
 
cd
 
wget http://www6.atomicorp.com/channels/atomic/fedora/18/i386/RPMS/openvas-manager-4.0.2-11.fc18.art.i686.rpm
 
 
 
Now that we have the file downloaded, we can extract and expand the directory structure present within the RPM. We can do this by typing:
 
 
 
rpm2cpio openvas* | cpio -div
 
 
 
We will create a directory for our new files in a place where OpenVAS will find them. We will then move the files into that directory:
 
 
 
sudo mkdir /usr/share/openvas/cert
 
sudo cp ./usr/share/openvas/cert/* /usr/share/openvas/cert
 
 
 
Now, we can safely run the cert syncing command again, and it should complete as expected this time:
 
 
 
sudo openvas-certdata-sync
 
 
 
Afterwards, we can delete the extracted RPM data and directories from our home directory:
 
 
 
rm -rf ~/openvas* ~/usr ~/etc
 
 
 
Set Up OpenVAS User and Ports
 
 
 
To sign into our service, we will need a user. We can create one with the OpenVAS administrator component.
 
 
 
Here, we will create a user called "admin" with the role of administrator. You will be asked to provide a password to use for the new account:
 
 
 
sudo openvasad -c add_user -n admin -r Admin
 
 
 
You will be informed that the user has been granted unlimited access.
 
 
 
Next, we need to change the way one of our components starts up. The Greenbone Security Assistant component is a web-based interface to the tools we have installed.
 
 
 
By default, the interface is only accessible from the local computer. Since we are installing the OpenVAS suite on a remote server, we won't be able to access the web interface with these settings. We need to make it accessible from the internet.
 
 
 
Open the following file with root privileges in your preferred text editor:
 
 
 
sudo nano /etc/default/greenbone-security-assistant
 
 
 
Near the top, you should see a parameter that specifies the address that the web interface will listen on. We need to change the value from 127.0.0.1 to the public IP address of your VPS. This will let it listen to connections from the internet, and we will be able to connect:
 
 
 
GSA_ADDRESS=your_server_IP_address
 
 
 
Save and close the file when you have made the above modification.
 
Start Up the Services
 
 
 
We will now start up the services that we have been configuring. Most of them are already running in some capacity, but we will have to restart them to make sure that they use the new information we have been gathering.
 
 
 
Start by killing all of the running OpenVAS scanner processes:
 
 
 
sudo killall openvassd
 
 
 
It can take up to 15 or 20 seconds for the process to actually be killed. You can check if there are processes still running by issuing:
 
 
 
ps aux | grep openvassd | grep -v grep
 
 
 
If anything is returned, then your processes have not finished yet and you should continue to wait.
 
 
 
Once the process exits completely, you can begin starting all of your services again:
 
 
 
sudo service openvas-scanner start
 
sudo service openvas-manager start
 
sudo service openvas-administrator restart
 
sudo service greenbone-security-assistant restart
 
 
 
Each of these may take a bit of time to start up.
 
Access the Web Interface and Run Some Tests
 
 
 
Once the services have all started, you use your web browser to access the Greenbone Security Assistant web interface.
 
 
 
To access this, you must precede the address of your server with https://. You then enter either the domain name or IP address of your server followed by :9392.
 
 
 
https://server_domain_or_IP:9392
 
 
 
You will be presented with a scary looking warning screen telling you that the certificate is not signed by someone that your browser trusts by default:
 
 
 
OpenVAS security warning
 
 
 
This is expected and not a problem. You should click on the "Proceed anyway" button to continue.
 
 
 
Next, you will be presented with the login screen:
 
 
 
OpenVAS login screen
 
 
 
You will need to enter the username and password you configured earlier. For this guide, the username was "admin".
 
 
 
Once you sign in, you will be immediately greeted by a quick start wizard, which will allow you to run a default scan against a target computer right away:
 
 
 
OpenVAS startup wizard
 
 
 
A good choice is to run against another server that you own. It is important to not run these scans against targets that are not under your control, because they may look like potential attacks to other users.
 
 
 
Enter the IP address of the computer you wish to test against and click the "Start Scan" button to begin.
 
 
 
The page will update as the scan progresses and you can also refresh the page manually to track the progress:
 
 
 
OpenVAS scan progress
 
 
 
When the scan is complete (or even before if you want to review the information as it is coming in), you can click on the purple magnifying glass icon to see the results of the scan. It is normal for the scan to rest on 98% for a while before completing:
 
 
 
OpenVAS magnifying glass
 
 
 
You will be taken to an overview of the scan results. Note that the immediate scan that we have completed is not the most in-depth scan we have available.
 
 
 
OpenVAS scan results
 
 
 
At the bottom, you can see the report that OpenVAS created telling us of potential vulnerabilities in the system we scanned. We can see that the "Threat" level has been categorized as "Medium".
 
 
 
This means that at least one vulnerability has been found in the system of the rating of "medium". We can find out more by clicking on the magnifying glass again.
 
 
 
This will take us to a full report of the findings. In the top portion, you have the option to download the results in various formats:
 
 
 
OpenVAS scan download
 
 
 
In the middle section, we can filter the results. By default, the interface will only show threats marked "high" or "medium". On your first time through, you should probably check all of the boxes under the "Threat" category. Click "Apply" to implement this:
 
 
 
OpenVAS filtering
 
 
 
The bottom section tells us about the specific items that were found. If you selected all of the boxes above, you will see some informational messages about open ports and similar findings.
 
 
 
The threats will be color-coded to match their button color. For instance, this is our medium threat:
 
 
 
OpenVas medium threat
 
 
 
This warning tells us that our target responds to timestamp requests. These requests can let an attacker know how long the host has been online continuously. This could let an attacker know that the host is vulnerable to any recent exploits.
 
 
 
As you can see, the report also includes information about how to address the issue.
 
Conclusion
 
 
 
You should now have a fully functional OpenVAS server set up to scan your hosts. This can help you spot vulnerabilities and highlight areas to focus on when you are tightening up security.
 
 
 
We have only shown a bare minimum of the functionality of the OpenVAS security suite. Among other tasks, you can easily schedule scans, automatically generate reports, and email alerts when certain threat levels are generated. Explore the Greenbone Security Assistant interface and take advantage of the great built-in help system to learn more about your options.
 
By Justin Ellingwood
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
==Referensi==
 
 
 
* https://www.digitalocean.com/community/tutorials/how-to-use-openvas-to-audit-the-security-of-remote-systems-on-ubuntu-12-04
 

Latest revision as of 06:02, 18 May 2018

OpenVAS adalah open source suite yang dapat digunakan untuk men-scan kerentanan dan manajemen kerentanan. OpenVAS adalah singkatan dari Open Vulnerability Assessment System. OpenVAS adalah alternatif yang sangat baik bagi pen-scan keamanan komersial seperti Nessus, QualysGuard, dll. OpenVAS dibagi menjadi tiga bagian: OpenVAS Scanner, OpenVAS Manager, dan OpenVAS CLI.

Disini akan di perlihatkan cara instalasi OpenVAS Vulnerability Scanner di Ubuntu 16.04.

Prasyarat

  • Ubuntu Server 16.04 kosong.
  • User di server tersebut dengan kemampuan sudo.
  • Server memiliki IP statik.
  • Server memiliki rsync

Step 1: Update System

Update system

sudo apt update -y
sudo apt-get upgrade -y
sudo reboot

Step 2: Install dependency

Install

sudo apt install python-software-properties sqlite3


Step 3: Install OpenVAS

Tambahkan OpenVAS PPA & install openvas

sudo add-apt-repository ppa:mrazavi/openvas
sudo apt update
sudo apt -y install openvas

Setelah OpenVAS di instalasi. Jalankan OpenVAS menggunakan perintah:

sudo systemctl start openvas-scanner
sudo systemctl start openvas-manager
sudo systemctl start openvas-gsa

Men-stop dengan perintah

sudo systemctl stop openvas-scanner
sudo systemctl stop openvas-manager
sudo systemctl stop openvas-gsa

Step 4: Buka Firewall

Jika dibutuhkan buka firewall UFW melalui port 443

sudo ufw allow https

Step 5: Akses OpenVAS Web Interface

Sebelum di akses, update vulnerability

sudo openvas-nvt-sync

Setelah database ter-update, buka browser ke

https://ip-address-server-openvas/

Default username & password

admin
admin

Untuk mengubah username & password,

sudo openvasmd --user=admin --new-password=<new-password>