Saturday, November 13, 2010
Open Vulnerability Assessment System (OpenVAS)
It's took time in search for the alternative software because the default Ubuntu repository send dont have Nessus.But you may add the repository if you insist to install Nessus in your Ubuntu.For me,I seem less trusting unknown repository and decided to look for OpenVas.
Below I show you how to install an OpenVas tools for Vulnerability Scanner.
*==============*
About OpenVAS
*==============*
The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 18,000 in total (as of August 2010).
All OpenVAS products are Free Software and mostly licensed under the GNU General Public License (GNU GPL).
*============*
HOW TO
*============*
1.Install from Default Ubuntu Repository:
#apt-get install openvas-server openvas-plugins-base openvas-plugins-dfsg openvas-client libopenvasnasl2 libopenvas2
2.Basic Configuration:
a) openvas-mkcert (Press "Enter" act as default setting and key in your location)
b) openvas-adduser
-Login = Your Login Name
-pass/cert = pass
-Login Password = Your Password
-Login Password (again) = Your Password
c) User Rules will Pop-Up
-Just Hit Enter for Root User with no restriction
d) Is that ok ?(y/n) [y]
3. OpenVAS NVT Feed Sync.
You need to follow these steps:
a. Check the configuration of the synchronization command:
Usually you will find this shell script installed as "/usr/sbin/openvas-nvt-sync".
You should verify that the variables "NVT_DIR" and "FEED" are correct. This should be the case for NVT_DIR if you did not deviate from the standard build and install routine. For FEED there is currently only the pre-configured one available anyway. So, just don't change it.
b. Run the synchronization command:
# openvas-nvt-sync
It will connect to the currently only available NVT feed. At the end, it will verify the md5 checksums of all synchronized files. If any of them fails, an error is reported. In this case you should retry a couple of minutes later (reasons for failures could be network lags or that feed was updated at the same time.)
c. Restart the OpenVAS server (openvasd):
# kill -1 PID
Where PID is the process ID of the main openvasd. You may see in the "openvas-nvt-sync" script how this should work ideally, but currently it does not work. You might consider using the "killall openvasd" command if you really know what this means.
(*IT'S TOOK TIMES TO SYNC. BE PATIENT!)
4.Edit your configuration file "/etc/openvas/openvasd.conf" and change the nasl_no_signature_check option to the following:
Code:
nasl_no_signature_check = yes
(*Default it will #Comment for nasl_no_signature_check = no )
5.Finally
Type OPENVASD and you vulnerability scanner will be started.
------------------------------------------------------------------------
Another way on how to install OpenVAS
=====================================
# apt-get install openvas
# openvas-adduser
# openvas-mkcert
# openvas-nvt-sync
# openvasd
# openvas-mkcert-client -n om -i
# openvasmd –rebuild
# openvasad -c ‘add_user’ -n openvasadmin -r Admin
# openvasmd -p 9390 -a 127.0.0.1
# openvasad -a 127.0.0.1 -p 9393
# gsad –http-only –listen=127.0.0.1 -p 9392
And you may access it at [Web Interface: http://127.0.0.1:9392]
EOF
====
Tuesday, November 9, 2010
MINICOM A Serial Comm. Program for Linux/Ubuntu/Mac and etc
Minicom have a lots of features can be used and their commons features are as belows :-
=> Setting up a remote serial console
=> Access a computer / server if the LAN is down
=> Connect to embedded Linux / BSD device via null modem cable
=> Connect to Cisco routers for configuration
=> Connect to dump device i.e. device w/o keyboard and mouse
=> Dialing directory with auto-redial
=> Support for UUCP-style lock files on serial devices
=> Separate script language interpreter
=> Capture to file
=> Multiple users with individual configurations
Now let's configure Minicom inside our Linux Box...
Install minicom
Use apt-get under Debian / Ubuntu Linux, enter:
$ sudo apt-get install minicom
If you are using Red hat Linux (RHEL) / CentOS / Fedora Linux, enter:
# yum install minicom
How do I use minicom?
First, make sure Linux has detected serial ports. Use setserial command to set and/or report the configuration information associated with a serial port.
Setup minicom
The -s option use to setup minicom. Type the following command at shell prompt:
$ minicom -s
Configure the first time when you run minicom
Some terminals such as the Linux console support color with the standard ANSI escape sequences. Type the following command start minicom with colours:
$ minicom -s -c on
Minicom in configuration mode with colour console
When minicom starts, it first searches the MINICOM environment variable for command-line arguments, which can be over-ridden on the command line. Thus, if you have done:
$ export MINICOM="-m -c on"
Start minicom
$ minicom
minicom will assume that your terminal has a Meta or key and that color is supported. You can add MINICOM variable to your shell startup script such as ~/.bash_profile.
minicom keyboard short cut keys
Use the following keys:
1. UP arrow-up or k
2. DOWN arrow-down or j
3. LEFT arrow-left or h
4. RIGHT arrow-right or l
5. CHOOSE (select menu) Enter
6. CANCEL ESCape
Configure serial port
You need to configure serial port. Use up and down arrows to select menus. Press down and select Serial port setup.As for me my box detected the serial connected as ttyUSB0 :
Minicom serial port configuration
* Press A to setup serial device name such as /dev/ttyUSB0
* Press E to setup Bps/Par/Bits
* Press [ESC] to exit
* Save setup as DFL
* Exit
More on shortcut keys
To activate help menu press [CTRL+A] followed by [Z] for help on special keys:
minicom command summary
minicom in action
You need to connect your serial device such as router or modem using modem cable. Once connected power on device and type minicom command without -s option:
$ minicom -c on
Minicom is active to connect to your Cisco Box via Serial Comm. Port.
---------------
If you used RS232 Cable below is the setup
==========================================
A - Serial Device : /dev/ttyUSB0
E - Bps/Par/Bits : 115200 8N1
F - Hardware Flow Control : No
A - Serial Device : /dev/tty.PL2303-000012FD │
│ B - Lockfile Location : /usr/local/Cellar/minicom/2.8/var │
│ C - Callin Program : │
│ D - Callout Program : │
│ E - Bps/Par/Bits : 9600 8N1 │
│ F - Hardware Flow Control : No │
│ G - Software Flow Control : No │
│ H - RS485 Enable : No │
│ I - RS485 Rts On Send : No │
│ J - RS485 Rts After Send : No │
│ K - RS485 Rx During Tx : No │
│ L - RS485 Terminate Bus : No │
│ M - RS485 Delay Rts Before: 0 │
│ N - RS485 Delay Rts After : 0
Tuesday, November 2, 2010
VPN Tunnel via CISCO 1721 ROUTER!!
Below is the config on how I done the vpdn tunnel and the output I got once connected to vpdn tunnel.
====================
Router 1721 config =
====================
Building configuration...
Current configuration : 1202 bytes
!
! Last configuration change at 20:19:35 UTC Mon Jun 23 2008
! NVRAM config last updated at 20:19:15 UTC Mon Jun 23 2008
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname VPN_PPTP
!
logging queue-limit 100
logging buffered 4096 debugging
!
username bard password 0 t3st
!
aaa new-model
!
!
aaa authentication ppp default local
aaa session-id common
ip subnet-zero
!
!
!
vpdn enable
!
vpdn-group TEST-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
ip address 192.168.1.23 255.255.255.224
no ip route-cache
no ip mroute-cache
speed auto
!
interface Serial0
no ip address
shutdown
!
interface Virtual-Template1
ip unnumbered FastEthernet0
peer default ip address pool defaultpool
ppp authentication ms-chap-v2
!
ip local pool defaultpool 192.168.1.11 192.168.1.22
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server
!
!
!
!
radius-server authorization permit missing Service-Type
!
line con 0
line aux 0
line vty 0 2
line vty 3 4
!
end
VPN_PPTP#
=================
VPDN TUNNEL ==
=================
VPN_PPTP#sh vpdn
%No active L2TP tunnels
%No active L2F tunnels
PPTP Tunnel and Session Information Total tunnels 1 sessions 1
LocID Remote Name State Remote Address Port Sessions VPDN Group
3 estabd Celcom IP 27449 1 TEST-VPN
LocID RemID TunID Intf Username State Last Chg Uniq ID
3 11037 3 Vi3.1 bard estabd 00:19:08 2
%No active PPPoE tunnels
VPN_PPTP#