2019独角兽企业重金招聘Python工程师标准>>> 
配置最快源
本次环境为ubuntu 14.04 32bit 本次实验用的是mirrors.163.com
sudo vim /etc/apt/sources.list
用全部替换命令替换原有的网址
%s/mirrors.163.com/mirror.ubuntu.org/g
替换后更新下
apt-get update
安装openvas
下面全部摘抄自:这里
root模式配置安装源
echo "deb http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/ ./" >> /etc/apt/sources.list wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_7.0/Release.key apt-key add ./Release.key sudo apt-get update
快速安装openvas
apt-get -y install greenbone-security-assistant openvas-cli openvas-manager openvas-scanner openvas-administrator sqlite3 xsltproc rsync apt-get -y install texlive-latex-base texlive-latex-extra texlive-latex-recommended htmldoc apt-get -y install alien rpm nsis fakeroot
快速启动openvas
test -e /var/lib/openvas/CA/cacert.pem || openvas-mkcert -q openvas-nvt-sync test -e /var/lib/openvas/users/om || openvas-mkcert-client -n om -i /etc/init.d/openvas-manager stop /etc/init.d/openvas-scanner stop openvassd openvasmd --rebuild openvas-scapdata-sync openvas-certdata-sync
下面是设置openvas密码的,记得输入密码
test -e /var/lib/openvas/users/admin || openvasad -c add_user -n admin -r Admin
killall openvassd sleep 15 /etc/init.d/openvas-scanner start /etc/init.d/openvas-manager start /etc/init.d/openvas-administrator restart /etc/init.d/greenbone-security-assistant restart
更新漏洞库
参照这里
支持在线以及离线更新两种模式,可根据实际情况选择,建议使用定时任务在线更新。
在线更新
使用如下命令,增量更新:
openvas-nvt-sync
该命令支持rsync,wget,curl
离线更新
只需定期下载漏洞库压缩包解压覆盖到如下目录:
/var/lib/openvas/plugins/
压缩包地址(约14.6Mb):http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
商业支持
1、opevas培训
2、openvas框架开发
3、openvas NVT漏洞库开发
4、基于openvas的扫描设备:特殊定制设备,可以在10分钟完成500~5000个ip扫描,具体可以参见:这里
其他设置
添加Slave
配置端口监听IP(old)
'注意下面设置已经被新设置替换,注意下一条New 按照以上步骤,安装一台openvas机器,需要注意的是,openvas默认是监听127.0.0.1的端口,如下所示:
/usr/sbin/openvasmd --database=/var/lib/openvas/mgr/tasks.db --listen=127.0.0.1 --port=9390 --slisten=127.0.0.1 --sport=9391 /usr/sbin/openvasad --listen=127.0.0.1 --port=9393 --users-dir=/var/lib/openvas/users --scanner-config-file=/etc/openvas/openvassd.conf --sync-script=/usr/sbin/openvas-nvt-sync /usr/sbin/gsad --listen=127.0.0.1 --port=9392 --alisten=0.0.0.0 --aport=9393 --mlisten=127.0.0.1 --mport=9390
可以通过kill掉原有进程,然后将上述监听IP改成0.0.0.0即可(测试环境,生产环境可设置对应的监听ip)如下所示:
openvassd /usr/sbin/openvasmd --database=/var/lib/openvas/mgr/tasks.db --listen=0.0.0.0 --port=9390 --slisten=0.0.0.0 --sport=9391 /usr/sbin/openvasad --listen=0.0.0.0 --port=9393 --users-dir=/var/lib/openvas/users --scanner-config-file=/etc/openvas/openvassd.conf --sync-script=/usr/sbin/openvas-nvt-sync /usr/sbin/gsad --listen=0.0.0.0 --port=9392 --alisten=0.0.0.0 --aport=9393 --mlisten=0.0.0.0 --mport=9390
也可以通过编辑其服务文件中listen项为固定值,例如:
[ "$DATABASE_FILE" ] && DAEMONOPTS="--database="$DATABASE_FILE [ "$MANAGER_ADDRESS" ] && DAEMONOPTS="$DAEMONOPTS --listen=$MANAGER_ADDRESS" [ "$MANAGER_PORT" ] && DAEMONOPTS="$DAEMONOPTS --port=$MANAGER_PORT" [ "$SCANNER_ADDRESS" ] && DAEMONOPTS="$DAEMONOPTS --slisten=$SCANNER_ADDRESS" [ "$SCANNER_PORT" ] && DAEMONOPTS="$DAEMONOPTS --sport=$SCANNER_PORT"
配置端口监听IP(new)
通过查找发现这里有详细说明,原来openvass的默认配置文件位于/etc/default下面:
openvas-administrator openvas-manager openvas-scanner greenbone-security-assistant
共四个文件,描述如下:
/etc/default/openvas-administrator //管理员:负责管理配置信息,用户授权等相关工作,默认监听地址为127.0.0.1,端口为9393
/etc/default/openvas-manager //管理器:与接口通信,分配扫描任务,并根据扫描结果生成评估报告,默认端口为9390
/etc/default/openvas-scanner //扫描器:调用各种漏洞测试插件,执行分配的扫描操作,默认端口为9391
/etc/default/greenbone-security-assistant //访问web 端接口(gsad):访问opebvas 服务层的web 接口,默认监听地址为127.0.0.1,端口为9392
下面是各个文件的具体内容,只需要把127.0.0.1改成需要的ip即可,允许所有就使用0.0.0.0
root@ubuntu:/etc/default# grep -v "^#" openvas-manager DATABASE_FILE=/var/lib/openvas/mgr/tasks.db MANAGER_ADDRESS=127.0.0.1 MANAGER_PORT=9390 SCANNER_ADDRESS=127.0.0.1 SCANNER_PORT=9391
root@ubuntu:/etc/default# grep -v "^#" openvas-administrator ADMINISTRATOR_ADDRESS=127.0.0.1 ADMINISTRATOR_PORT=9393 USER_DATA=/var/lib/openvas/users SCANNER_CONFIG=/etc/openvas/openvassd.conf SYNC_SCRIPT=/usr/sbin/openvas-nvt-sync
root@ubuntu:/etc/default# grep -v "^#" openvas-scanner SCANNER_ADDRESS=127.0.0.1 SCANNER_PORT=9391
root@ubuntu:/etc/default# grep -v "^#" greenbone-security-assistant GSA_ADDRESS=127.0.0.1 GSA_PORT=9392 ADMINISTRATOR_ADDRESS=127.0.0.1 ADMINISTRATOR_PORT=9393 MANAGER_ADDRESS=127.0.0.1 MANAGER_PORT=9390
登录web控制台添加slave
访问主服务器https://masterip:9392,登录后打开Configuration--Slaves项,然点击“五角星”标志进入添加界面,输入slave的IP、端口、账户、密码即可添加成功
具体可以参见:这里
配置slave扫描任务
Scan Management项中选择New Task,然后再Slave中选中需要的slave主机即可。
扫描结果
slave在扫描完成后,不保存扫描结果,而是在主服务器上查看。每个扫描有一个单独的扫描报告。
配置告警
在Configuration中的Alerts配置邮件等方式告警
配置定时扫描
在Configuration中的Schedules配置定时扫描任务
查看openvassd.conf配置文件
root@ubuntu:/home/aj# openvassd -s plugins_folder = /var/lib/openvas/plugins cache_folder = /var/cache/openvas include_folders = /var/lib/openvas/plugins max_hosts = 30 max_checks = 10 be_nice = no logfile = /var/log/openvas/openvassd.messages log_whole_attack = no log_plugins_name_at_load = no dumpfile = /var/log/openvas/openvassd.dump rules = /usr/share/openvas/openvassd.rules cgi_path = /cgi-bin:/scripts port_range = default optimize_test = yes checks_read_timeout = 5 network_scan = no non_simult_ports = 139, 445 plugins_timeout = 320 safe_checks = yes auto_enable_dependencies = yes silent_dependencies = no use_mac_addr = no save_knowledge_base = no kb_restore = no only_test_hosts_whose_kb_we_dont_have = no only_test_hosts_whose_kb_we_have = no kb_dont_replay_scanners = no kb_dont_replay_info_gathering = no kb_dont_replay_attacks = no kb_dont_replay_denials = no kb_max_age = 864000 slice_network_addresses = no nasl_no_signature_check = yes drop_privileges = no unscanned_closed = yes vhosts = vhosts_ip = report_host_details = yes cert_file = /var/lib/openvas/CA/servercert.pem key_file = /var/lib/openvas/private/CA/serverkey.pem ca_file = /var/lib/openvas/CA/cacert.pem reverse_lookup = no config_file = /etc/openvas/openvassd.conf
常见问题
在这里将遇到的相关问题记录,解决方法并未确认是非常准确的。
Openvas Service Temporarily Down(503)
参见这里 503 - Service temporarily down
openvas-mkcert-client -n om -i openvas-nvt-sync --wget /etc/init.d/openvas-scanner stop; /etc/init.d/openvas-manager stop; openvassd rm /var/lib/openvas/mgr/tasks.db openvasmd --progress --rebuild -v
SecInfo Database Missing
打开SecInfo栏,下面所有NVTs、CVEs均显示数据库丢失,如下所示:
SecInfo Management---CVEs Warning: SecInfo Database Missing SCAP and/or CERT database missing on OMP server.
通过官方邮件列表找到解决方法,首先下载三个文件,放到/usr/share/openvas/cert/目录下面:
sudo wget https://scm.wald.intevation.org/svn/openvas/trunk/openvas-manager/tools/cert_db_init.sql --no-check-certificate sudo wget https://scm.wald.intevation.org/svn/openvas/trunk/openvas-manager/tools/dfn_cert_getbyname.xsl --no-check-certificate sudo wget https://scm.wald.intevation.org/svn/openvas/trunk/openvas-manager/tools/dfn_cert_update.xsl --no-check-certificate
然后用root账户运行下面命令:
openvas-certdata-sync
更新后重启openvas-scanner服务
/etc/init.d/openvas-scannerrestart
发送邮件失败
检测openvas服务器是否安装sendmail,如未安装,请按照sendmail配置即可
附件大于1M无法发送
配置扫描完成后,自动发送pdf格式扫描报告到邮箱,若扫描报告超过1MB,则提示如下:
Note: The report exceeds the maximum attachment length of 1048576 bytes.
开始判断是sendmail问题,通过调整sendmail附件大小,问题依旧,通过grep搜索关键字,在/usr/sbin/openvasmd中搜索到相应关键字:
... (report truncated after 20000 characters) ^@Note: This report exceeds the maximum length of ^@^@^@^@^@^@^@^@Note: The report exceeds the maximum attachment length of ^@^@^@^@^@^@--=-=-=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Disposition: inline
无具体大小修改,于是下载openvas-manager源码包,解压,查找10048576值
wget http://wald.intevation.org/frs/download.php/1795/openvas-manager-5.0.5.tar.gz tar zxvf openvas-manager-5.0.5.tar.gz cd openvas-manager-5.0.5 grep -nr 1048576 *
然后在manage_sql.c的7661行找到最大附件值:
src/manage_sql.c:7661:#define MAX_ATTACH_LENGTH 1048576
打开查看上下文,确定是邮件附件限制参数,修改1048576增加两个零,如下:
7658 /** 7659 * @brief Default max number of bytes of reports attached to email alerts. 7660 */ 7661 #define MAX_ATTACH_LENGTH 104857600 7662 7663 /** 7664 * @brief Maximum number of bytes of reports attached to email alerts. 7665 * 7666 * A value less or equal to 0 allows any size. 7667 */ 7668 static int max_attach_length = MAX_ATTACH_LENGTH;
然后重新编译openvas-manager即可解决问题
附编译安装openvas-manager
编译安装openvas-libraries
apt-get install pkg-config libssh-dev libgnutls-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev librarian-dev wget http://wald.intevation.org/frs/download.php/1787/openvas-libraries-7.0.5.tar.gz tar zxvf openvas-libraries-7.0.5.tar.gz cd openvas-libraries-7.0.5 mkdir build cd build export PKG_CONFIG_PATH=/usr/local/openvas/lib/pkgconfig:$PKG_CONFIG_PATH export CFGLAGS='-L/usr/local/openvas/lib -I/usr/local/openvas/include' cmake -DCMAKE_INSTALL_PREFIX=/usr/local/openvas -DCMAKE_INSTALL_RPATH=/usr/local/openvas/lib .. make make install
编译安装openvas-manager
wget http://wald.intevation.org/frs/download.php/1795/openvas-manager-5.0.5.tar.gz tar zxvf openvas-manager-5.0.5.tar.gz cd openvas-manager-5.0.5 mkdir build cd build export CC='gcc -Wl,-rpath,/usr/local/openvas/lib64 -Wl,-rpath,/usr/local/openvas/lib' export PKG_CONFIG_PATH=/usr/local/openvas/lib/pkgconfig:/usr/local/openvas/lib64/pkgconfig export CFLAGS="-I/usr/local/openvas/include" cmake -DCMAKE_INSTALL_PREFIX=/usr/local/openvas -DCMAKE_INSTALL_RPATH=/usr/local/openvas/lib .. make make install
运行omp失败
root@eqx-sec-1:~# omp Failed to setlocale
通过配置locale解决:
locale-gen en_US en_US.UTF-8 zh_CN.UTF-8 dpkg-reconfigure locales
omp命令
创建一个扫描目标:
aj@aj:~$ omp -u admin -w ajcheng --xml='' Test 192.168.110.09
创建一个扫描任务: 获取扫描策略ID
aj@aj:~$ omp -u admin -w ajcheng -g 085569ce-73ed-11df-83c3-002264764cea empty daba56c8-73ec-11df-a475-002264764cea Full and fast 698f691e-7489-11df-9d8c-002264764cea Full and fast ultimate 708f25c4-7489-11df-8094-002264764cea Full and very deep 74db13d6-7489-11df-91b9-002264764cea Full and very deep ultimate
获取扫描目标ID(创建时候返回ID)
947faab6-bc83-44f7-927a-aa78ada3c446
创建扫描任务
aj@aj:~$ omp -u admin -w ajcheng --xml='> > 'Scan Test >Hourly scan of Test >> >
创建一个定时扫描任务:
aj@aj:~$ omp -u admin -w ajcheng --xml='> > 'Every night >> >9 >22 >0 >12 >2014 >> 3 > >hour >> 1 > >day >
开启一个扫描任务
获取Report
omp -u admin -w openvas@vobile --xml='' |tee ip.log