Ȼ/12

Top / Ȼ / 12

ȼ

ͥåȥФȤƤȼɤ줯餤ΤΤŪİΤϤʤʤ񤷤.
񤷤Ȥä֤ƤȤޤޤϰʤ꤫ͤʤΤǡİˤĤΩĥġѶŪ˻Ȥ.

Ūˤ(ͥåȥ)ʤȸƤФġ뤬.
ʲͭ̾ʤΤ󤲤Ƥ.

SAINT ( SATAN)ȼΤ뤿ΥʤȤƤϷŪġ. SATAN Ȥо줷ȤʪĤ򤫤⤷.
NessusSAINT Ȥ䤹ݡȤʬפʵǽץ饰󲽤Ƥʤɤħ. ver.3.0 GPL Ǥʤʤä(ĿŪѤ̵ǤǤ).
OpenVASNessus Υ饤󥹤ѹˤʤäΤdzȯ줿Nessus θѥեȥ.

OpenVAS Υ󥹥ȡ,

ơϥ饤ŪʤġȤ OpenVAS Ѥ褦.
OpenVAS ȼåºݤ˹ԤФȡ˻ؼФ饤ȤΥХ饤ʤΤǡФȥ饤Ȥơ󥹥ȡ뤹.

ˤޤĤν

 portsnap fetch; portsnap update

򤷤Ƥ.

󥹥ȡ

notes.png ޤФȡɬפʥ饤֥3Ĥ򥤥󥹥ȡ뤷褦(psearch openvas ȤС餬ꥹȥåפΤʬϤ).

ʤ餤ĤΤ褦 portinstall ʤɤǥФ򥤥󥹥ȡ뤹ɬפʥ饤֥⼫ưŪ˥󥹥ȡ뤵ΤǤΤϥ饤֥ΰĤ꤬ꡤǽܤɬפΤǽ֤˥饤֥Ƥ.
pkg_info ǰ¸طĴ٤ȡ

  1. openvas-libraries
  2. openvas-libnasl
  3. openvas-server
  4. openvas-plugins

νǥ󥹥ȡ뤹ɬפ뤳Ȥʬ(ʳνǤϤǤʤ).
ǡνǥ󥹥ȡ뤹.

 portinstall openvas-libraries
 rehash

openvas-libnasl 򥤥󥹥ȡ뤹뤬Υ饤֥ư꤬ΤǡʲΤ褦н褷Ƥ.
ʤߤˡн
http://wald.intevation.org/tracker/download.php/29/220/1079/350/10_fix_gpgme.dpatch
ǥѥåη󶡤Ƥ.

 cd /usr/ports/security/openvas-libnasl
 make configure
 cd work/openvas-libnasl-2.0.1/nasl
 cp nasl_signature.c nasl_signature.c.ORG

ȤƤ顤emacs vi nasl_signature.c ɤ߹ߡ173ԤʲΤ褦Խ.
ŪˤϡֻιԤ­.

gpgme_ctx_t ctx = NULL;

char * gpghome = determine_gpghome();


gpgme_check_version (NULL);


err = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);


if (err)

{

print_gpgme_error("gpgme_engine_check_version", err);

ǽѤΤǡȤϥ󥹥ȡ³.

 cd ../../..
 make
 make install
 rehash

ơϻĤΤΤ򥤥󥹥ȡ뤷褦.

 portinstall openvas-server
 rehash
 portinstall openvas-plugins
 rehash

libnet, coreutils, rsync, jbigkit ʤɤΡ¾ɬפʤΤ⤳βǥ󥹥ȡ뤵.
ʤrsync Υץ٤Ȥ줿顤
rsync-options.png
ǥեȤΤޤ(SSH Τߥå)Ǥ褤.

ˡ饤Ȥ򥤥󥹥ȡ뤷褦.
ϤĤΤ褦˴ñ

 portinstall openvas-client
 rehash

ȤФ褤.

ޤϥ󥹥ȡܤ̤.
Ȥꤢ󥹥ȡ뤷 openvas ϤΤƤˤĤƥå.

openvas-libraries Υ󥹥ȡȴ

(饤֥Υ󥯱¾)

openvas-libraries has been sucessfully installed.

Make sure that /usr/local/bin is in your PATH before you

continue

oepnvas-libnasl Υ󥹥ȡȴ

openvas-libnasl has been sucessfully installed.

Make sure that /usr/local/bin is in your PATH before you

continue

openvas-server Υ󥹥ȡȴ

openvas-server has been sucessfully installed.

Make sure that /usr/local/bin and /usr/local/sbin are in your PATH before

you continue.

openvasd has been installed into /usr/local/sbin

openvas-plugins Υ󥹥ȡȴ

(äܤ٤ϤϤʤ)

openvas-client Υ󥹥ȡȴ

(äܤ٤ϤϤʤ)

ʾΥߤȡä̵.
ǡʾˤ褦.

web ξ

http://www.openvas.org/compendium/configuring-openvas-server.html
򸫤ʤ顤Τ褦ꤷ褦.
ޤ

 openvas-mkcert

ȤơФξ뤳Ȥˤʤ.
ȡSSL طǰˤäΤ褦ʤ򤹤뤳Ȥˤʤ.
Ļб/ϤǤ.

-------------------------------------------------------------------------------

Creation of the OpenVAS SSL Certificate

-------------------------------------------------------------------------------


This script will now ask you the relevant information to create the SSL certificate of OpenVAS.

Note that this information will *NOT* be sent to anybody (everything stays local), but anyone with the ability to connect to your OpenVAS daemon will be able to retrieve this information.



CA certificate life time in days [1460]: Τޤ enter 򲡤Ƥ褤

Server certificate life time in days [365]: Τޤ enter 򲡤Ƥ褤

Your country (two letter code) [FR]: JP

Your state or province name [none]: Osaka

Your location (e.g. town) [Paris]: Toyonaka

Your organization [OpenVAS Users United]: Osaka Univ.



-------------------------------------------------------------------------------

Creation of the OpenVAS SSL Certificate

-------------------------------------------------------------------------------


Congratulations. Your server certificate was properly created.


/usr/local/etc/openvas/openvasd.conf updated

The following files were created:


. Certification authority:

Certificate = /usr/local/openvas/lib/openvas/CA/cacert.pem

Private key = /usr/local/openvas/lib/openvas/private/CA/cakey.pem


. OpenVAS Server :

Certificate = /usr/local/openvas/lib/openvas/CA/servercert.pem

Private key = /usr/local/openvas/lib/openvas/private/CA/serverkey.pem


Press [ENTER] to exit enter 򲡤

ˡopenvas Ф³Ǥ桼ԤȤȤʤΤǡ

 openvas-adduser

Ȥ. ȡʲΤ褦ʤ򤹤뤳Ȥˤʤ.
Ⱦϥ桼̾ȥѥɤǡȾϤΥ桼Ĵ٤뤳ȤǤ륿åȤΥФ¤Ǥ.

0: not found

Using /var/tmp as a temporary file holder.


Add a new openvasd user

---------------------------------



Login : 桼̾. FreeBSD Υ桼̾ʤɤȴطʤƤ褤

Authentication (pass/cert) [pass] : Τ褦ʻȤǤ pass ΤޤޤǤ褤

Login password : ѥɤ. ̤ˤϽФʤ

Login password (again) : ѥɤ. ̤ˤϽФʤ


User rules

---------------

openvasd has a rules system which allows you to restrict the hosts that paoon has the right to test.

For instance, you may want him to be able to scan his own host only.


Please see the openvas-adduser(8) man page for the rules syntax.


Enter the rules for this user, and hit ctrl-D once you are done:

(the user can have an empty rules set) 顤Υ桼Υå¤ꤹ

accept 192.168.125.0/24 ϤƤ

accept 127.0.0.0/24 ϤƤ

default deny ϤƤ

^D ctrl 򲡤ʤ d 򲡤


ʲǧΤϾ󤬽Ϥ

Login : 桼̾

Password : ***********


Rules :

accept 192.168.125.0/24

accept 127.0.0.0/24

default deny



Is that ok? (y/n) [y] ꤬ʤ y 褦

user added.

openvas ФȤ桼꤬Ѥ.

ʤߤˡΥ桼
/usr/local/openvas/lib/openvas/users/
β˥ե뤬֤.
ѹȤϡΥե񤭴ɤ.

ˡʥץ饰(͡ʵǽץ饰ˤʤäƤơƤ)򹹿Ƥ.

 openvas-nvt-sync

ȤФ褤. ֤Ϥ뤬.

OpenVAS Фεư

ޤ꤬ʤС

 openvasd -D

ȤƥФǡȤƵư褦. ʥץ饰ɤ߹Τ˽빽֤ΤǤФ餯ԤȤ.
Τ˵ưɤ

 lsof -i4

ȤƳΤ褦. port 9390 openvasd ԤƤʤ OK .

OpenVAS 饤Ȥεư

ơOpenVAS 饤Ȥư褦.
X window ĤΤ X Ω夲Ƥ.
ʤߤ gnome 饤֥꤬, gnome ΤΤưʤƤ褤.

ʲΥޥɤǤ⤦(ʸʸ϶̤).

 OpenVAS-Client &

ȡ
OpenVAS-Client.png
Τ褦ʲ̤ǥ饤ȤưϤ.

ȼν

ɤΥޥˤơɤΤ褦ʸԤΤȤƤ꤬ȤɬפǤ.
ΤȡФ³ơФ˸Ԥ碌뤳Ȥˤʤ.

Ūˤϡϥ饤ȤǰʲΤ褦ˤ.

task, scope ꤹ

task, scope ȤϸƤñ̤ȻפФ褤.
ޤϤ.

ŪˤϡʲΤ褦ˤФ褤
ޤ˥塼 Task -> New ǡ.
task-new.png
ΤȤä̾ĤƤʤΤǡŬ̾ĤƤ.
task-name.png

ˡ˥塼 Scope -> New ǡä˿פ.
scope-new.png
ΤȤäפˤ̾ĤƤʤΤǡŬ̾ĤƤ.
scope-name.png

Ǿ¤

ȤϤΥפФԤ.
ȤäƤޤϤۤɸǤ褤ΤǡʲΤ褦ˤФ褤.

ޤ˲(åȥФؤαƶ̵)ԤΤ˲(åȥФΥӥǽ.ƵưбƶϾä)ԤΤ.
˲ѤʤϤǤʤ.
˲ϡФΥǡǽ뤬(뤫ɤ򸡺)Ǥ.

Ϥޤ˲ˤƤ.
Ūˤϡ¦ Options General 򤹤ȡ䲼¦ "Safe checks" Ȥܤꡤ줬åƤ˲åƤʤ˲ȤȤˤʤ.
safe-check.png

ˡåȤ.
ǽϼʬȤ褤.
ǡ¦ Options Target selection 򤹤ȡ"Target(s):" ȤܤΤǡꤹФ褤.
餯ǥեȤ "localhost" (ʬȤΤ)Ƚ񤫤Ƥ顤ξϤΤޤޤǤ褤.
target-localhost.png

ǺǾ¤꤬λ.

饤Ȥ򥵡Ф³

ˡ饤Ȥ򥵡Ф³. ʤȥ饤Ȥ饵Ф˻᤬Фʤ̤ʤ.
Ūˤϡ(ꤷפ򤵤Ƥ뤳Ȥǧ), ˥塼 File -> Connect 򤹤.
file-connect.png

ȡ³ǧˡ̤Ф. ³ϥǥեȤ localhost, port 9390 ʤ. ǧڤϡۤɥѥ򤷤Τǡۤꤷ桼̾ȥѥɤϤơ OK 򲡤.
connect-server.png

³Ȥ SSL ΰˤĤƿҤͤ뤬־ǡȤ OK ɤ.
ssl-one.png

³뤳Ȥˤʤ. Τߥץ饰ΥɤǾԤΤǤäԤȤ.
Ф餯
openvas-connect-and-downloaded-plugin.png
ȤʤꡤɽλΤФϤʤΤǡ OK 򲡤Ф褤.

ȼԤ

ǤȤϸ»ܤǤ.
Ϥ⤦ñǡ˥塼 Scope -> Execute 򤹤Ф褤.
scope-execute.png

ȡФ餯ƸϤޤĽ٤ɽΤǡȤϤäԤƤФ褤.
openvas-scanning.png

̤å

̤ϥ饤Ȥ "report" ܤ֥륯åʤɤФΤޤ޸褦ˤʤäƤ.
٤⤤Ȼפۤɷٹ𿧤Ȥ줿󤬤ĤƤꤹΤǡϰ.
report.png

notes.png ʬΥޥθ̤򸫤ơȻפܤ̤(ä Apache mod_proxy_ftp ˴ؤƤʬ).
notes.png ξǡɤ٤ȽǤ.
notes.png кɬפȽǤϡкܤ.

ʤ̤ϥ˥塼 Report -> Export 򤹤뤳Ȥǥե˽Ϥ뤳ȤǤϤ٤.
report-export.png
report-export-form.png

¾ΥФ򥿡åȤȤƸ򤷤Ƥߤ

notes.png ̤кʤɤǤȴ顤Ʊοͤ˶ϤäơߤοͤΥФ򥿡åȤȤƸƤӹԤäƤߤ褦.
notes.png ˲Ƥߤ褦("safe check" ιܤΥå򳰤).
warning.png ȼϡ֥åΰפȸʤΤǡε̵ˤФ˹Ԥʤ!!

ϵå

ơƥˤĤƤŪʴФܤˡޤǤμʤɤѤơФؤΥåϵŪ˹ԤäƤߤ褦.
ˤդˡɸ椹ˤϤɤ褤פ褯ǤϤǤ.

ʤϵŪˡפȤΤϡPC ˲ƥϡɥǥȴФΥեʤɤƥå롤ʤɤΡָ˻پ㤬Ĥꤽʡˡ򤱤ƤȤƤɤΰ̣Ǥ.
ŪˤϡʲΤ褦˹Ԥ.

ѥɤǰꤷƼʬΥޥ˥

notes.png ʬΥѥɤƼǰɤƤɤߤե뤬¸ߤΤǤʤȤȤΤȤǡʬΥޥ˥ʤϥե륢ǽʾ֤ˤޤǤäƤäƤߤ褦.
ˤϤˡϽ񤫤ʤΤǡ褯ͤƹԤ.
֤򤫤ƤɤС(Ūˤ)̤꤫פĤ.

ѥɤǰꤷ¾ͤΥޥ˥

notes.png Ʊͤλߤ¾ͤΥޥФƹԤäƤߤ褦. 󡤻ˤΥޥδԤ˵Ĥ꤫Ԥ.

warning.png Ԥεĥʥˤ԰٤ԤȤФˤʤ褦.

ݡ

ȼη̤Ӥкȡϵåη̤ˤĤ𤻤.
ޤºݤ˹ԤʤäΤޤᡤåˡˤĤƻפĤΤ⤻.
ơåˡФơɸˡͻ.

Ƽ

  1. °(ز)
  2. ֹ
  3. ǯ
  4. ̾
  5. οΥݡ(θȤˤĤƵŤ)

񤯤Τ˺ʤ褦.

about Icons

Some icons in this page are downloadable at ICONFINDER.
The "note" icon notes.png designed by Marco Martin is distributed with the LGPL licence
and the "warning" icon warning.png designed by Alexandre Moore with the GPL licence.
Thank you Marco and Alexandre!