Friday, June 28, 2013

ssh key custom name note

this is just for me.

$ ssh-keygen -t rsa -b 2048 -f ~/id_rsa-taskrelatedkey
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): [press enter here]
Enter same passphrase again: [press enter here]
Your identification has been saved in /home/me/id_rsa-taskrelatedkey.
Your public key has been saved in /home/me/id_rsa-taskrelatedkey.pub.
The key fingerprint is:
8c:57:af:68:cd:b2:7c:aa:6d:d6:ee:0a:5a:a4:29:03 me@home

Now copy the public key to the remote machine via scp:

$ scp ~/id_rsa-taskrelatedkey.pub someuser@there:~

on there:
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ mv ~/id_rsa-taskrelatedkey.pub ~/.ssh/
$ cd ~/.ssh/
$ touch authorized_keys2
$ chmod 600 authorized_keys2
$ cat id_rsa-taskrelatedkey.pub >> authorized2_keys

openvas on ubuntu 12.04 lts recipe

Let's set up OpenVAS on Ubuntu 12.04 LTS x86_64.
lifted from: http://hackertarget.com/install-openvas-5-in-ubuntu-12-04/

root@ubuntu:~# mkdir openvas ; cd openvas

Let's wget the proper packages (circa 6/2012):

wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v5/xUbuntu_12.04/amd64/greenbone-security-assistant_3.0+beta8-1_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v5/xUbuntu_12.04/amd64/gsd_1.2.2-1_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v5/xUbuntu_12.04/amd64/libmicrohttpd10_0.9.21-1_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v5/xUbuntu_12.04/amd64/libopenvas5_5.0.4-1_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v5/xUbuntu_12.04/amd64/openvas-administrator_1.2.1-1_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v5/xUbuntu_12.04/amd64/openvas-cli_1.1.4-1_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v5/xUbuntu_12.04/amd64/openvas-manager_3.0.5-1_amd64.deb
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v5/xUbuntu_12.04/amd64/openvas-scanner_3.3.1-1_amd64.deb

The GUI Greenbone Security Desktop (gsd) isn't needed unless we plan on running it on a client system with a GUI.

Next step is to install a couple of extra packages that are required for OpenVAS.

# apt-get install libgpgme11 libpth20 sqlite3 xsltproc nmap

Then install the different OpenVAS components that we downloaded.

root@ubuntu:~# dpkg -i greenbone-security-assistant_3.0+beta8-1_amd64.deb openvas-administrator_1.2.1-1_amd64.deb \
libmicrohttpd10_0.9.21-1_amd64.deb openvas-cli_1.1.4-1_amd64.deb libopenvas5_5.0.4-1_amd64.deb openvas-manager_3.0.5-1_amd64.deb 

Since we are building a server based system for vulnerability scanning, we will be accessing the server components over the network. To change the default listen address from 127.0.0.1 localhost to the IP address of the local network interface we will change settings in these files.

root@ubuntu:~# vi /etc/default/greenbone-security-assistant 
root@ubuntu:~# vi /etc/default/openvas-manager 
root@ubuntu:~# vi /etc/default/greenbone-security-assistant 
root@ubuntu:~# vi /etc/default/openvas-administrator 
root@ubuntu:~# vi /etc/default/openvas-scanner

The init.d start scripts use these files to get the parameters for starting of the services.

The following steps are the straight from the OpenVAS project website, it involves setting up the certificates and creating the users.
http://www.openvas.org/

root@ubuntu:~# test -e /var/lib/openvas/CA/cacert.pem  || openvas-mkcert -q
root@ubuntu:~# openvas-nvt-sync
root@ubuntu:~# test -e /var/lib/openvas/users/om || openvas-mkcert-client -n om -i
root@ubuntu:~# /etc/init.d/openvas-manager stop
root@ubuntu:~# /etc/init.d/openvas-scanner stop
root@ubuntu:~# openvassd
root@ubuntu:~# openvasmd --migrate
root@ubuntu:~# openvasmd --rebuild
root@ubuntu:~# killall openvassd
root@ubuntu:~# /etc/init.d/openvas-scanner start
root@ubuntu:~# /etc/init.d/openvas-manager start
root@ubuntu:~# /etc/init.d/openvas-administrator restart
root@ubuntu:~# /etc/init.d/greenbone-security-assistant restart
root@ubuntu:~# test -e /var/lib/openvas/users/admin || openvasad -c add_user -n admin -r Admin

It is likely that starting greenbone-security-assistant resulted in an error. This is due to a TLS issue in libmicrohttpd.  Note that GSAD is only required if you wish to use the web client, it is not necessary to run the GSD (Greenbone Security Desktop Client) and the OMP (command line client).

root@ubuntu:~# /etc/init.d/greenbone-security-assistant start

Starting Greenbone Security Assistant: ERROR.
To make this work we will disable HTTPS under gsad. Take note that this means the openvas username and password are transmitted over HTTP (unencrypted) when logging into gsad - whatever.

Edit and add --http-only to the execute command like so:

Change the line in /etc/init.d/greenbone-security-assistant from:

start_daemon() {
        start-stop-daemon --start --exec $DAEMON -- $DAEMONOPTS 2>&1 >/dev/null

to:

start_daemon() {
        start-stop-daemon --start --exec $DAEMON -- $DAEMONOPTS --http-only 2>&1 >/dev/null

Restarting greenbone security administrator, may now still result in an error but if you execute netstat -anp you will see that gsad is now running on 9392.

Run the omp command line client to authenticate against the OpenVAS manager. To do this the following command queries the manager and lists all tasks.

omp -h ubuntu -p 9390 -u admin -w admin -T -v

---- snip lots of xml -----
b493b7a8-7489-11df-a3ec-002264764cea  Localhost

Command completed successfully.

This indicates that the OpenVAS manager is working, and we have gotten past the libgnutls problem.

Now when connecting to http://ubuntu:9392/ in the browser, we are able to access the GSAD login screen. 
OpenVAS is now working and we can access the scanner via either the gsad web client, the gsd local client or the omp command line client.

A note about the OpenVAS configuration File
The openvas scanner has a configuration file /etc/openvas/openvas.conf however in a default installation of the Ubuntu packages this is not present after installation.
The file can be created from the running openvassd.

root@ubuntu:~# openvassd -s

This shows the current running configuration, so simply redirect the output from that command to a new file /etc/openvas/openvas.conf and you then have a configuration that can be modified to suit your requirements. Restart openvassd to have the configuration file read in.

root@ubuntu:~# touch /etc/openvas/openvassd.conf
root@ubuntu:~# openvassd -s >> /etc/openvas/openvassd.conf

..
addendum

check your installation:
root@ubuntu:~# wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup --no-check-certificate
root@ubuntu:~# chmod +x openvas-check-setup
root@ubuntu:~# ./openvas-check-setup --server

Friday, June 14, 2013

for those us who are impatient and just want some quick hpacucli commands to allay fears of silent disk corruption

HPACUCLI command in Linux
1. =>ctrl all show config detail  ---> To view complete details of the Array
2. =>ctrl all show status  ---> To view the Controller,Battery and Cache Status
3. =>ctrl slot=0 create type=id drives=2:1,2:2,2;3 raid=1  --->if you added the 3 disk by hard swapped, this is the command to use for creation Array.
4. =>ctrl all show config  ---> To view the new array which created now(how many physical and logical drives).
5. =>ctrl slot=0 array B add spares=2.5 ---> To add the extra disk to particular array.
6. =>rescan ---> It will start the scanning for newly added device.

HP ACUCLI Commands  in Linux:

 1. Display and Detailed Information:
  hpacucli> ctrl all show config
  hpacucli> ctrl all show config detail

 2. Display the Status:
 
  hpacucli> ctrl all show status

 3. Display the Cache details:
 
  hpacucli> ctrl slot=0 modify dwc=disable
  hpacucli> ctrl slot=0 modify dwc=enable

 4. Rescan the newly added device:
 
  hpacucli> rescan
  Note: detects newly added devices since the last rescan  
Physical Drive Commands :
 5. Display the prysical drive(detailed)
   
  hpacucli> ctrl slot=0 pd all show  --> it will list the all Physical disk detail
  hpacucli> ctrl slot=0 pd 2:3 show detail  --> it will show mention physical drive details.
  Note: you can obtain the slot number by displaying the controller configuration (see above)  
  Status hpacucli> ctrl slot=0 pd all show status  --> It will show physical disk status
  hpacucli> ctrl slot=0 pd 2:3 show status


 6. Erase the physical disk deatils:
 
  hpacucli> ctrl slot=0 pd 2:3 modify erase

 7. Blink disk LED:
 
  hpacucli> ctrl slot=0 pd 2:3 modify led=on
  hpacucli> ctrl slot=0 pd 2:3 modify led=off

Logical Drive Commands  :
 8. Display logical drive (detailed)
 
  hpacucli> ctrl slot=0 ld all show [detail]
  hpacucli> ctrl slot=0 ld 4 show [detail] 

 9. To view the Status of Logical drive:
 
  hpacucli> ctrl slot=0 ld all show status 
  hpacucli> ctrl slot=0 ld 4 show status

 10. Blink disk LED:
 
  hpacucli> ctrl slot=0 ld 4 modify led=on
  hpacucli> ctrl slot=0 ld 4 modify led=off

 11. Re-enabling failed drive:
 
  hpacucli> ctrl slot=0 ld 4 modify reenable forced 

 12. Create # logical drive - one disk:
 
  hpacucli> ctrl slot=0 create type=ld drives=1:12 raid=0 
 13. # logical drive - mirrored :
  hpacucli> ctrl slot=0 create type=ld drives=1:13,1:14 size=300 raid=1
 14. # logical drive - raid 5 
 
  hpacucli> ctrl slot=0 create type=ld drives=1:13,1:14,1:15,1:16,1:17 raid=5
Note:
drives - specific drives, all drives or unassigned drives
size - size of the logical drive in MB
raid - type of raid 0, 1 , 1+0 and 5  
 15. Remove:
 
  hpacucli> ctrl slot=0 ld 4 delete 
 16. Expanding:
  hpacucli> ctrl slot=0 ld 4 add drives=2:3 
 17 Extending:
  hpacucli> ctrl slot=0 ld 4 modify size=500 forced 
 18. Spare:
 
  hpacucli> ctrl slot=0 array all add spares=1:5,1:7

Wednesday, June 12, 2013

exim4 + splunk = violent happiness

exim4 + splunk

yes.  syslog is shot over udp and the ordering can be weird and stuff can be lost, 
because well, that's udp.  but, just for fun, let's throw our mail logs over to a 
splunk server.  and to the local system.  exim4 only allows for two places to 
plop logs, so be mindful

i'm runng ubuntu 12.02.1 lts.  it has rsyslogd (default conf) and exim4.

regarding syslog facilities, do recall:
main log is mapped to LOG_INFO
reject log is mapped to LOG_NOTICE
panic log is mapped to LOG_ALERT

you'll need to uncomment out those and have them forwarded to @loghost . 

first thing, edit /etc/exim4/update-exim4.conf to your liking.  make sure

dc_use_split_config='true'

is set.

at the very end of:

/etc/exim4/conf.d/main/02_exim4-config_options 

place:

.ifndef LOG_FILE_PATH     
LOG_FILE_PATH = syslog : /var/log/exim4/%slog
.endif
log_file_path = LOG_FILE_PATH          

those variable definitions are important.  no definitions mean no application.

then issue:
update-exim4.conf

and:
/etc/init.d/exim4 restart

to see if exim4 for real took that setting, issue:

exim4 -bP log_file_path

and it should look like:

log_file_path = syslog : /var/log/exim4/%slog

send some mail and check mainlog and splunk.  yeah.  awesome.