Took the below from an email I got today.
----------------------------------------------
Nessus 4.2.2 has been released today. This release contains the following fixes:
Nessus-fetch:
- Proxy issues have been resolved
NASL:
- Fixed a memory leak in the NASL xmlparse() function
Networking:
- Fixed IPv6 routing when talking to a remote host (FreeBSD, Mac OS X)
- Packet forgery was not always working on ES5 64 bits
Packaging:
- Fixed the Debian /etc/rc init script
- Upgraded OpenSSL to version 0.9.8n (Windows, Solaris)
Stability:
- Fixed a possible crash when using a badly written custom plugin
- Fixed a possible crash when running out of BPFs on Windows
Thursday, April 15, 2010
Sunday, April 11, 2010
Installing OpenVAS 3.0.x on Ubuntu Linux...
This is a follow-up to my earlier article on Installing OpenVAS 2.0.x on Ubuntu Linux...
Updating your Ubuntu Setup
Before we begin, it is best that we update our Ubuntu libraries and applications to the latest versions by typing the following in a terminal:
sudo apt-get update
sudo apt-get upgrade
Installing the libraries that OpenVAS uses
Once you have updated your machine, we will need to install the following libraries and applications to compile and install OpenVAS. Again, in the terminal:
sudo apt-get install cmake build-essential libgtk2.0-dev libglib2.0-dev libssl-dev htmldoc libgnutls-dev libpcap0.8-dev bison libgpgme11-dev libsmbclient-dev snmp pnscan
Downloading the source code and compiling them
Now that the machine is ready to work with the OpenVAS sources, you then need to download the following source codes from the OpenVAS website. You can find the sources at URL http://wald.intevation.org/frs/?group_id=29
Download the latest version of the following:
openvas-libraries (latest v3.0.x, I used 3.0.4)
openvas-scanner (latest v3.0.x, I used 3.0.2)
openvas-client (latest v3.0.x, I used 3.0.0)
You will need to install OpenVAS in the above listed order. To install each component, you will need to do the following:
tar -zxvf [filename of .tar.gz file]
cd [sub-folder of same name as .tar.gz file]
./configure
make
sudo make install
cd ..
If you are using the 64-bit version of Ubuntu, you may get an error message ("/usr/bin/ld: cannot find -lcrypto") when you 'make' the openvas-client. You can fix this by typing:
sudo ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so
Once all three components are compiled and installed, you will then need to let Ubuntu know about the new libraries you have just compiled before the can be used by typing in:
sudo ldconfig -v
First time OpenVAS users
For the first time use of OpenVAS, you will need to create a new cert and add in the first user that can login into the OpenVAS server by running both:
sudo openvas-mkcert
sudo openvas-adduser
Updating the latest plug-ins
Periodically (I usually run it once every day, or just before I am about to use OpenVAS), you will need to update the plugins that OpenVAS uses to detect newer vulnerabilities which are found everyday. You can do that by typing:
sudo openvas-nvt-sync
Note: There is a bug in the update script and you will get an error message (as of today, 11-Apr-2010). A quick look at the OpenVAS forums showed a typo made by one of the developers and the way to fix this is do the following (in a terminal):
gksu gedit /usr/local/sbin/openvas-nvt-sync
Search for the string (my script had it on line 63):
SYNC_TMP_DIR='mktemp -d openvas-nvt-sync'
and change it to:
SYNC_TMP_DIR='mktemp -d openvas-nvt-sync.XXXXXXXXXX -t'
To start the OpenVAS server, activate the server by typing in:
sudo openvassd
And running the OpenVAS client by typing:
sudo OpenVAS-Client
If you want to learn or know more about OpenVAS, visit them at http://www.openvas.org/
Note: Tested on Ubuntu 9.10, and I assume you are doing all this with user access (that is why, some root only commands have the "sudo" command in front of them) and am running the kernel in i386 (32-bit) mode. Also, as I did not test this on a 64-bit system, the 64-bit only error/solution mentioned in my article comes from the forums and I have not tested them myself.
Updating your Ubuntu Setup
Before we begin, it is best that we update our Ubuntu libraries and applications to the latest versions by typing the following in a terminal:
sudo apt-get update
sudo apt-get upgrade
Installing the libraries that OpenVAS uses
Once you have updated your machine, we will need to install the following libraries and applications to compile and install OpenVAS. Again, in the terminal:
sudo apt-get install cmake build-essential libgtk2.0-dev libglib2.0-dev libssl-dev htmldoc libgnutls-dev libpcap0.8-dev bison libgpgme11-dev libsmbclient-dev snmp pnscan
Downloading the source code and compiling them
Now that the machine is ready to work with the OpenVAS sources, you then need to download the following source codes from the OpenVAS website. You can find the sources at URL http://wald.intevation.org/frs/?group_id=29
Download the latest version of the following:
openvas-libraries (latest v3.0.x, I used 3.0.4)
openvas-scanner (latest v3.0.x, I used 3.0.2)
openvas-client (latest v3.0.x, I used 3.0.0)
You will need to install OpenVAS in the above listed order. To install each component, you will need to do the following:
tar -zxvf [filename of .tar.gz file]
cd [sub-folder of same name as .tar.gz file]
./configure
make
sudo make install
cd ..
If you are using the 64-bit version of Ubuntu, you may get an error message ("/usr/bin/ld: cannot find -lcrypto") when you 'make' the openvas-client. You can fix this by typing:
sudo ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so
Once all three components are compiled and installed, you will then need to let Ubuntu know about the new libraries you have just compiled before the can be used by typing in:
sudo ldconfig -v
First time OpenVAS users
For the first time use of OpenVAS, you will need to create a new cert and add in the first user that can login into the OpenVAS server by running both:
sudo openvas-mkcert
sudo openvas-adduser
Updating the latest plug-ins
Periodically (I usually run it once every day, or just before I am about to use OpenVAS), you will need to update the plugins that OpenVAS uses to detect newer vulnerabilities which are found everyday. You can do that by typing:
sudo openvas-nvt-sync
Note: There is a bug in the update script and you will get an error message (as of today, 11-Apr-2010). A quick look at the OpenVAS forums showed a typo made by one of the developers and the way to fix this is do the following (in a terminal):
gksu gedit /usr/local/sbin/openvas-nvt-sync
Search for the string (my script had it on line 63):
SYNC_TMP_DIR='mktemp -d openvas-nvt-sync'
and change it to:
SYNC_TMP_DIR='mktemp -d openvas-nvt-sync.XXXXXXXXXX -t'
To start the OpenVAS server, activate the server by typing in:
sudo openvassd
And running the OpenVAS client by typing:
sudo OpenVAS-Client
If you want to learn or know more about OpenVAS, visit them at http://www.openvas.org/
Note: Tested on Ubuntu 9.10, and I assume you are doing all this with user access (that is why, some root only commands have the "sudo" command in front of them) and am running the kernel in i386 (32-bit) mode. Also, as I did not test this on a 64-bit system, the 64-bit only error/solution mentioned in my article comes from the forums and I have not tested them myself.
Saturday, March 13, 2010
Installing Firefox 3.6 into Ubuntu 9.10 (Karmic)
If you are like me and constantly want the latest version of everything in your Ubuntu installation, you will most probably want to install Firefox 3.6 into your Ubuntu installation. You first have the add in the Mozilla Team's firefox-stable repository by typing the following in a terminal shell:
sudo add-apt-repository ppa:mozillateam/firefox-stable
Once you have that entry in your source.list file, you will need to update the available installers with the command:
sudo apt-get update
Now you can simply get firefox 3.6 installed with the command:
Warning, this will remove your current installation of Firefox.
:::::::::::: For older Ubuntu users :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
If you are a Jaunty, Intrepid or Hardy user, you will need to edit the source.list file by typing the following into the terminal shell:
gksudo gedit /etc/apt/sources.list
You then need to add in the following two lines at the end of the file:
deb http://ppa.launchpad.net/mozillateam/firefox-stable/ubuntu BUILDNAME main
deb-src http://ppa.launchpad.net/mozillateam/firefox-stable/ubuntu BUILDNAME main
Remember to replace the name BUILDNAME, with jaunty, intrepid or hardy (depending on which version of Ubuntu you have installed).
You will then need to import the correct public key so that Ubuntu will trust the repository. To do that, please read my earlier post on Getting the public key of a Ubuntu repository.
Again, once you have done the above, you will need to issue the command for Ubuntu to update and install the repository data and install Firefox 3.6:
sudo apt-get update
sudo apt-get install firefox-3.6
You now have Firefox 3.6 installed. :)
Tuesday, January 12, 2010
Securing your Apache 2 web server...
I have done a lot of server security testing and one of the most common mistakes I see in most web server implementation of customer's web server is:
1. The server banner of the web server displays the product and version number of the seb server application.
2. The web server has the debug command TRACE enabled by default in the production environment.
When you install Apache 2 in a Ubuntu box (may be similar for other Linux distros), the above two options are by default enabled.
The easiest way to remove TRACE and obfuscate the server banner version is to add the following commands into apache2.conf found in the /etc/apache2/ folder. They are:
ServerTokens ProductOnly
ServerSignature Off
TraceEnable Off
The commands are self explainatory and you really should google for them...
1. The server banner of the web server displays the product and version number of the seb server application.
2. The web server has the debug command TRACE enabled by default in the production environment.
When you install Apache 2 in a Ubuntu box (may be similar for other Linux distros), the above two options are by default enabled.
The easiest way to remove TRACE and obfuscate the server banner version is to add the following commands into apache2.conf found in the /etc/apache2/ folder. They are:
ServerTokens ProductOnly
ServerSignature Off
TraceEnable Off
The commands are self explainatory and you really should google for them...
Thursday, December 31, 2009
Goodbye 2009, Hello 2010...
Today is the last day of 2009, and I welcome 2010 with open arms...
I hope my blog the past year has made people more interested in Linux (especially Ubuntu) and/or computer security. I am looking forward to hearing from you... especially if you find my postings useful.
END!
I hope my blog the past year has made people more interested in Linux (especially Ubuntu) and/or computer security. I am looking forward to hearing from you... especially if you find my postings useful.
END!
Monday, November 23, 2009
Installing Websecurify 0.4...
Websecurify is a web application testing tool developed by Petko Petkov that automatically identifies web application vulnerabilities by using advanced discovery and fuzzing technologies. To know more about Websecurify, click on the link here.
For Ubuntu 8.10 (or older) users (others can skip to the Websecurify Installation section below)
Before installing Websecurify on your Ubuntu system, you will need to have xulrunner v1.9.1 (or higher) installed. Since your installation of Ubuntu has an older version of xulrunner, you will need to update your system to meet this pre-requisite. The easiest way to do this is by installing Firefox 3.5 which come with the required version xulrunner.
The easiest/safest way to do this is to go to the "ubuntu-mozilla-daily" PPA archive at URL:
https://launchpad.net/~ubuntu-mozilla-daily/+archive/ppa
Follow the instruction there to get your version of Ubuntu installed with the correct repository that holds the version on firefox 3.5 compatible with your Ubuntu installation. Remember to also install the public key to you don't get prompted with security warnings when trying to use the repository.
Then, we update the machine's repository database with:
sudo apt-get update
sudo apt-get upgrade
To install Firefox 3.5 (warning, this will replace older versions of firefox in your Ubuntu machine):
sudo apt-get install firefox-3.5
Websecurify Installation
Download the Linux version at URL http://websecurify.googlecode.com/files/Websecurify%200.4.tgz (download the file to your Desktop)
Create a folder to store the websecurify application:
mkdir ~/websecurify-0.4
Go into the folder you just created:
cd ~/websecurify-0.4
Extract the archive:
tar -zxvvf ~/Desktop/Websecurify\ 0.4.tgz
To install the application, type:
xulrunner --install-app application.ini
To launch Websecurify, type:
xulrunner --app application.ini
Note: For Ubuntu 8.10 (or older) users, you must type in xulrunner-1.9.1 instead of xulrunner to install and to launch Websecurify.
For Ubuntu 8.10 (or older) users (others can skip to the Websecurify Installation section below)
Before installing Websecurify on your Ubuntu system, you will need to have xulrunner v1.9.1 (or higher) installed. Since your installation of Ubuntu has an older version of xulrunner, you will need to update your system to meet this pre-requisite. The easiest way to do this is by installing Firefox 3.5 which come with the required version xulrunner.
The easiest/safest way to do this is to go to the "ubuntu-mozilla-daily" PPA archive at URL:
https://launchpad.net/~ubuntu-mozilla-daily/+archive/ppa
Follow the instruction there to get your version of Ubuntu installed with the correct repository that holds the version on firefox 3.5 compatible with your Ubuntu installation. Remember to also install the public key to you don't get prompted with security warnings when trying to use the repository.
Then, we update the machine's repository database with:
sudo apt-get update
sudo apt-get upgrade
To install Firefox 3.5 (warning, this will replace older versions of firefox in your Ubuntu machine):
sudo apt-get install firefox-3.5
Websecurify Installation
Download the Linux version at URL http://websecurify.googlecode.com/files/Websecurify%200.4.tgz (download the file to your Desktop)
Create a folder to store the websecurify application:
mkdir ~/websecurify-0.4
Go into the folder you just created:
cd ~/websecurify-0.4
Extract the archive:
tar -zxvvf ~/Desktop/Websecurify\ 0.4.tgz
To install the application, type:
xulrunner --install-app application.ini
To launch Websecurify, type:
xulrunner --app application.ini
Note: For Ubuntu 8.10 (or older) users, you must type in xulrunner-1.9.1 instead of xulrunner to install and to launch Websecurify.
Wednesday, November 18, 2009
Installing OpenVAS 2.0.x on Ubuntu Linux...
This is a follow-up to my earlier article on Installing OpenVAS 1.0.x
OpenVAS has started releasing betas of v3.0.x, so I thought I'd write a tutorial on how to install the latest stable version of OpenVAS (v2.0.x).
Before we begin, it is best that we update our Ubuntu libraries and applications to the latest versions by typing the following in a terminal:
sudo apt-get update
sudo apt-get upgrade
Once you have updated your machine, we will need to install the following libraries and applications to compile and install OpenVAS. Again, in the terminal:
sudo apt-get install build-essential libgnutls-dev libpcap0.8-dev bison
sudo apt-get install libgtk2.0-dev libglib2.0-dev libgpgme11-dev libssl-dev htmldoc
Now that the machine is ready to work with the OpenVAS sources, you then need to download the following source codes from the OpenVAS website. You can find the sources at URL http://wald.intevation.org/frs/?group_id=29
Download the latest version of the following:
openvas-libraries (latest v2.0.x)
openvas-libnasl (latest v2.0.x)
openvas-server (latest v2.0.x)
openvas-plugins (latest v1.0.x)
openvas-client (latest v2.0.x)
You will need to install OpenVAS in the above listed order. To install each component, you will need to do the following:
tar zxvf [filename of .tar.gz file]
cd [sub-folder of same name as .tar.gz file]
./configure
make
sudo make install
cd ..
Once all five components are compiled and installed, you will then need to let Ubuntu know about the new libraries you have just compiled before the can be used by typing in:
sudo ldconfig -v
For the first time use of OpenVAS, you will need to create a new cert and add in the first user that can login into the OpenVAS server by running both:
sudo openvas-mkcert
sudo openvas-adduser
Periodically (I usually run it once every day, or just before I am about to use OpenVAS), you will need to update the plugins that OpenVAS uses to detect newer vulnerabilities which are found everyday. You can do that by typing:
sudo openvas-nvt-sync
To start the OpenVAS server, activate the server by typing in:
sudo openvasd -D
And running the OpenVAS client by typing:
sudo OpenVAS-Client
If you want to learn or know more about OpenVAS, visit them at http://www.openvas.org/
Note: Tested on Ubuntu 9.10, and I assume you are doing all this with user access (that is why, some root only commands have the "sudo" command in front of them) and am running the kernel in i386 (32-bit) mode.
OpenVAS has started releasing betas of v3.0.x, so I thought I'd write a tutorial on how to install the latest stable version of OpenVAS (v2.0.x).
Before we begin, it is best that we update our Ubuntu libraries and applications to the latest versions by typing the following in a terminal:
sudo apt-get update
sudo apt-get upgrade
Once you have updated your machine, we will need to install the following libraries and applications to compile and install OpenVAS. Again, in the terminal:
sudo apt-get install build-essential libgnutls-dev libpcap0.8-dev bison
sudo apt-get install libgtk2.0-dev libglib2.0-dev libgpgme11-dev libssl-dev htmldoc
Now that the machine is ready to work with the OpenVAS sources, you then need to download the following source codes from the OpenVAS website. You can find the sources at URL http://wald.intevation.org/frs/?group_id=29
Download the latest version of the following:
openvas-libraries (latest v2.0.x)
openvas-libnasl (latest v2.0.x)
openvas-server (latest v2.0.x)
openvas-plugins (latest v1.0.x)
openvas-client (latest v2.0.x)
You will need to install OpenVAS in the above listed order. To install each component, you will need to do the following:
tar zxvf [filename of .tar.gz file]
cd [sub-folder of same name as .tar.gz file]
./configure
make
sudo make install
cd ..
Once all five components are compiled and installed, you will then need to let Ubuntu know about the new libraries you have just compiled before the can be used by typing in:
sudo ldconfig -v
For the first time use of OpenVAS, you will need to create a new cert and add in the first user that can login into the OpenVAS server by running both:
sudo openvas-mkcert
sudo openvas-adduser
Periodically (I usually run it once every day, or just before I am about to use OpenVAS), you will need to update the plugins that OpenVAS uses to detect newer vulnerabilities which are found everyday. You can do that by typing:
sudo openvas-nvt-sync
To start the OpenVAS server, activate the server by typing in:
sudo openvasd -D
And running the OpenVAS client by typing:
sudo OpenVAS-Client
If you want to learn or know more about OpenVAS, visit them at http://www.openvas.org/
Note: Tested on Ubuntu 9.10, and I assume you are doing all this with user access (that is why, some root only commands have the "sudo" command in front of them) and am running the kernel in i386 (32-bit) mode.
Subscribe to:
Comments (Atom)