Ȼ/12

Top / Ȼ / 12

ĤΥå

ĤΤ褦ˡƥˤĤƤޤʤåб褦
Ūˤϡ⼨ΥޥɤȤȤˤʤ롥

  1. freebsd-update
  2. portsnap
  3. portaudit

warning.png portaudit ǽФƤٹˤб٤ɤȽǤ񤷤ƥ꤬ɤ줯餤ports ΥС󥢥åפ֤˹äƤ뤫С󥢥åפȼ̵꤬˴ñˤɤΤǸƤƤȤ򤷤褦.


ȼ

ͥåȥФȤƤȼɤ줯餤ΤΤŪİΤϤʤʤ񤷤.
񤷤Ȥä֤ƤȤޤޤϰʤ꤫ͤʤΤǡİˤĤΩĥġѶŪ˻Ȥ.

Ūˤ(ͥåȥ)ʤȸƤФġ뤬.
ʲͭ̾ʤΤ󤲤Ƥ.

SAINT ( SATAN)ȼΤ뤿ΥʤȤƤϷŪġ. SATAN Ȥо줷ȤʪĤ򤫤⤷.
NessusSAINT Ȥ䤹ݡȤʬפʵǽץ饰󲽤Ƥʤɤħ. ver.3.0 GPL Ǥʤʤä(ĿŪѤ̵ǤǤ).
OpenVASNessus Υ饤󥹤ѹˤʤäΤdzȯ줿Nessus θѥեȥ.

OpenVAS Υ󥹥ȡ,

ơϥ饤ŪʤġȤ OpenVAS Ѥ褦.
OpenVAS ȼåºݤ˹ԤФȡ˻ؼФ饤ȤΥХ饤ʤΤǡФȥ饤Ȥơ󥹥ȡ뤹.

󥹥ȡ

notes.png ޤФȡɬפʥ饤֥3Ĥ򥤥󥹥ȡ뤷褦(psearch openvas ȤС餬ꥹȥåפΤʬϤ).

ʤ餤ĤΤ褦 portinstall ʤɤǥФ򥤥󥹥ȡ뤹ɬפʥ饤֥⼫ưŪ˥󥹥ȡ뤵ΤǤΤϥ饤֥ΰĤ꤬ꡤǽܤɬפΤǽ֤˥饤֥Ƥ.
ˡǰ¸طĴ٤ȡ

  1. openvas-libraries
  2. openvas-libnasl
  3. openvas-server
  4. openvas-plugins

νǥ󥹥ȡ뤹ɬפ뤳Ȥʬ(ʳνǤϤǤʤ).
ǡνǥ󥹥ȡ뤹.

 portinstall openvas-libraries
 rehash

openvas-libnasl 򥤥󥹥ȡ뤹뤬Υ饤֥ư꤬ΤǡʲΤ褦н褷Ƥ.
ʤߤˡн
http://wald.intevation.org/tracker/download.php/29/220/1079/350/10_fix_gpgme.dpatch
ǥѥåη󶡤Ƥ.

 cd /usr/ports/security/openvas-libnasl
 make configure
 cd work/openvas-libnasl-2.0.1/nasl
 cp nasl_signature.c nasl_signature.c.ORG

ȤƤ顤emacs vi nasl_signature.c ɤ߹ߡ173ԤʲΤ褦Խ.
ŪˤϡֻιԤ­.

gpgme_ctx_t ctx = NULL;

char * gpghome = determine_gpghome();


gpgme_check_version (NULL);


err = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);


if (err)

{

print_gpgme_error("gpgme_engine_check_version", err);

ǽѤΤǡȤϥ󥹥ȡ³.

 cd ../../..
 make
 make install
 rehash

ơϻĤΤΤ򥤥󥹥ȡ뤷褦.

 portinstall openvas-server
 rehash
 portinstall openvas-plugins
 rehash

libnet, coreutils, rsync ʤɡ¾ɬפʤΤ⤳βǥ󥹥ȡ뤵.
桤coreutils Υץϡ
coreutils-option.png
GMP 򳰤Ƥ
ޤ rsync Υץϡ
rsync-option.png
ǥեȤΤޤ(SSH Τߥå)Ǥ褤.

ˡ饤Ȥ򥤥󥹥ȡ뤷褦.
⤤ĤΤ褦˴ñ

 portinstall openvas-client
 rehash

ȤФ褤.
cups-client ΥץɬפʤȤϡ
cups-client-option.png
Ȥꤢ GnuTLS on ˤƤФ褤

ޤ glib Ť˥󥹥ȡ뤬ߤ褦ʾϡ

 portupgrade glib

Ȥ glib ΥС夲Ƥ openvas-client Υ󥹥ȡٹԤ
glib ΥץˤĤƤϡ
glib-option.png
collation_fix ȤꤢƤƤ褤


ޤϥ󥹥ȡܤ̤.
Ȥꤢ󥹥ȡ뤷 openvas ϤΤƤˤĤƥå.

openvas-libraries Υ󥹥ȡȴ

(饤֥Υ󥯱¾)

openvas-libraries has been sucessfully installed.

Make sure that /usr/local/bin is in your PATH before you

continue

oepnvas-libnasl Υ󥹥ȡȴ

ǥѥåκȤ򤷤˥ĤʤξϤˤĤƤäʤ

openvas-server Υ󥹥ȡȴ

openvas-server has been sucessfully installed.

Make sure that /usr/local/bin and /usr/local/sbin are in your PATH before

you continue.

openvasd has been installed into /usr/local/sbin

Ȥʬȡ

This port has installed the following files which may act as network

servers and may therefore pose a remote security risk to the system.

/usr/local/sbin/openvasd


This port has installed the following startup scripts which may cause

these network services to be started at boot time.

/usr/local/etc/rc.d/openvasd


If there are vulnerabilities in these programs there may be a security

risk to the system. FreeBSD makes no guarantee about the security of

ports included in the Ports Collection. Please type 'make deinstall'

to deinstall the port if this is a concern.


For more information, and contact details about the security

status of this software, see the following webpage:

http://www.openvas.org/

ȤʬĤ롥ޤäܤۤɤλϤʤ

openvas-plugins Υ󥹥ȡȴ

(äܤ٤ϤϤʤ)

openvas-client Υ󥹥ȡȴ

(äܤ٤ϤϤʤ)

ʾΥߤȡä̵.
ǡʾˤ褦.

web ξ

http://www.openvas.org/setup-and-start.html
ʤɤ򸫤ʤ顤Τ褦ꤷ褦.

warning.png ޥ˥奢 /var ȤȤϡ/usr/local/openvas ɤؤ뤳Ȥˤʤ롥

  • ¦
    ޤ
 openvas-mkcert

ȤơФξ뤳Ȥˤʤ.
ȡSSL طǰˤäΤ褦ʤ򤹤뤳Ȥˤʤ.
Ļб/ϤǤ.

-------------------------------------------------------------------------------

Creation of the OpenVAS SSL Certificate

-------------------------------------------------------------------------------


This script will now ask you the relevant information to create the SSL certificate of OpenVAS.

Note that this information will *NOT* be sent to anybody (everything stays local), but anyone with the ability to connect to your OpenVAS daemon will be able to retrieve this information.



CA certificate life time in days [1460]: Τޤ enter 򲡤Ƥ褤

Server certificate life time in days [365]: Τޤ enter 򲡤Ƥ褤

Your country (two letter code) [FR]: JP

Your state or province name [none]: Osaka

Your location (e.g. town) [Paris]: Toyonaka

Your organization [OpenVAS Users United]: Osaka Univ.



-------------------------------------------------------------------------------

Creation of the OpenVAS SSL Certificate

-------------------------------------------------------------------------------


Congratulations. Your server certificate was properly created.


/usr/local/etc/openvas/openvasd.conf updated

The following files were created:


. Certification authority:

Certificate = /usr/local/openvas/lib/openvas/CA/cacert.pem

Private key = /usr/local/openvas/lib/openvas/private/CA/cakey.pem


. OpenVAS Server :

Certificate = /usr/local/openvas/lib/openvas/CA/servercert.pem

Private key = /usr/local/openvas/lib/openvas/private/CA/serverkey.pem


Press [ENTER] to exit enter 򲡤

  • openvas ³桼
    ˡopenvas Ф³Ǥ桼Ԥ(client ξϺפ)
 openvas-adduser

Ȥ. ȡʲΤ褦ʤ򤹤뤳Ȥˤʤ.
Ⱦϥ桼̾ȥѥɤǡȾϤΥ桼Ĵ٤뤳ȤǤ륿åȤΥФ¤Ǥ.

0: not found

Using /var/tmp as a temporary file holder.


Add a new openvasd user

---------------------------------



Login : 桼̾. FreeBSD Υ桼̾ʤɤȴطʤƤ褤

Authentication (pass/cert) [pass] : Τ褦ʻȤǤ pass ΤޤޤǤ褤

Login password : ѥɤ. ̤ˤϽФʤ

Login password (again) : ѥɤ. ̤ˤϽФʤ


User rules

---------------

openvasd has a rules system which allows you to restrict the hosts that paoon has the right to test.

For instance, you may want him to be able to scan his own host only.


Please see the openvas-adduser(8) man page for the rules syntax.


Enter the rules for this user, and hit ctrl-D once you are done:

(the user can have an empty rules set) 顤Υ桼Υå¤ꤹ

accept 192.168.125.0/24 ϤƤ

accept 127.0.0.0/24 ϤƤ

default deny ϤƤ

^D ctrl 򲡤ʤ d 򲡤


ʲǧΤϾ󤬽Ϥ

Login : 桼̾

Password : ***********


Rules :

accept 192.168.125.0/24

accept 127.0.0.0/24

default deny



Is that ok? (y/n) [y] ꤬ʤ y 褦

user added.

openvas ФȤ桼꤬Ѥ.

ʤߤˡΥ桼
/usr/local/openvas/lib/openvas/users/
β˥ե뤬֤.
ѹȤϡΥե񤭴ɤ.

  • ȼåץ饰Ƴ
    ˡʥץ饰(͡ʵǽץ饰ˤʤäƤơƤ)ͥåȥ롥
 openvas-nvt-sync

ȤФ褤. ֤Ϥ.

  • 򤹤ץ饰򳰤Ƥ
    ΥХߴʤΤΥץ饰 openvas client(ver.2 )Τޤޤ client ưʤʤϥ˴٤롥
    ǰʲΤ褦ˤƤȤꤢäݤץ饰򳰤Ƥ(ȼܳŪĴ٤ʤС˽˳ˡ˰򤹤ץ饰ꤷƳ٤Ǥ뤬)
 cd /usr/local/lib/openvas
 mkdir plugins_removed_files
 cd plugins
 mv ./GSHB ../plugins_removed_files/

OpenVAS Фεư

ޤ꤬ʤС

 openvasd -D

ȤƥФǡȤƵư褦. ʥץ饰ɤ߹Τ˽빽֤ΤǤФ餯ԤȤ.
Τ˵ưɤ

 lsof -i4

ȤƳΤ褦. port 9390 openvasd ԤƤʤ OK .

OpenVAS 饤Ȥεư

ơOpenVAS 饤Ȥư褦.
X window Ǥäɤ(ޥɥ饤ΤߤǤǽ)

ʲΥޥɤǤ⤦(ʸʸ϶̤).

 OpenVAS-Client &

ȡ
openvas-client-01.png
Τ褦ʲ̤ǥ饤ȤưϤ.

ȼν

ɤΥޥˤơɤΤ褦ʸԤΤȤƤ꤬ȤɬפǤ.
ΤȡФ³ơФ˸Ԥ碌뤳Ȥˤʤ.

Ūˤϡϥ饤ȤǰʲΤ褦ˤ.

task, scope ꤹ

task, scope ȤϸƤñ̤ȻפФ褤.
ޤϤ.

ŪˤϡʲΤ褦ˤФ褤
ޤ˥塼 Task -> New ǡ.
openvas-client-02.png
ΤȤä̾ĤƤʤΤǡŬ̾ĤƤ.
openvas-client-03.png

ˡ˥塼 Scope -> New ǡä˿פ.
openvas-client-04.png
ΤȤäפˤ̾ĤƤʤΤǡŬ̾ĤƤ.
openvas-client-05.png

Ǿ¤

ȤϤΥפФԤ.
ȤäƤޤϤۤɸǤ褤ΤǡʲΤ褦ˤФ褤.

ޤ˲(åȥФؤαƶ̵)ԤΤ˲(åȥФΥӥǽ.ƵưбƶϾä)ԤΤ.
˲ѤʤϤǤʤ.
˲ϡФΥǡǽ뤬(뤫ɤ򸡺)Ǥ.

Ϥޤ˲ˤƤ.
Ūˤϡ¦ Options General 򤹤ȡ䲼¦ "Safe checks" Ȥܤꡤ줬åƤ˲åƤʤ˲ȤȤˤʤ.
openvas-client-06.png

ˡåȤ.
ǽϼʬȤ褤.
ǡ¦ Options Target selection 򤹤ȡ"Target(s):" ȤܤΤǡꤹФ褤.
餯ǥեȤ "localhost" (ʬȤΤ)Ƚ񤫤Ƥ顤ξϤΤޤޤǤ褤.
openvas-client-07.png

ǺǾ¤꤬λ.

饤Ȥ򥵡Ф³

ˡ饤Ȥ򥵡Ф³. ʤȥ饤Ȥ饵Ф˻᤬Фʤ̤ʤ.
Ūˤϡ(ꤷפ򤵤Ƥ뤳Ȥǧ), ˥塼 File -> Connect 򤹤.
openvas-client-08.png

ȡ³ǧˡ̤Ф. ³ϥǥեȤ localhost, port 9390 ʤ. ǧڤϡۤɥѥ򤷤Τǡۤꤷ桼̾ȥѥɤϤơ OK 򲡤.
openvas-client-09.png

³Ȥ SSL ΰˤĤƿҤͤ뤬־ǡȤ OK ɤ.
openvas-client-10.png

³뤳Ȥˤʤ. Τߥץ饰ΥɤǾԤΤǤäԤȤ.
Ф餯
openvas-client-12.png
openvas-client-13.png
ȤʤꡤɽλΤФϤʤΤǡ OK 򲡤Ф褤.

ȼԤ

ǤȤϸ»ܤǤ.
Ϥ⤦ñǡ˥塼 Scope -> Execute 򤹤Ф褤.
openvas-client-14.png

ȡФ餯ƸϤޤĽ٤ɽΤǡȤϤäԤƤФ褤.
openvas-client-16.png

̤å

̤ϥ饤Ȥ "report" ܤ֥륯åʤɤФΤޤ޸褦ˤʤäƤ.
٤⤤Ȼפۤɷٹ𿧤Ȥ줿󤬤ĤƤꤹΤǡϰ.
openvas-client-17.png

notes.png ʬΥޥθ̤򸫤ơȻפܤ̤(ä Security hole ɽƤʬ).
notes.png ξǡɤ٤ȽǤ.
notes.png кɬפȽǤϡкܤ.

ʤ̤ϥ˥塼 Report -> Export 򤹤뤳Ȥǥե˽Ϥ뤳ȤǤϤ٤.
openvas-client-18.png
openvas-client-19.png
㤨 html ǽϤե web browser ǸƤߤȼΤ褦ˤʤ롥
openvas-client-20.png

¾ΥФ򥿡åȤȤƸ򤷤Ƥߤ

notes.png ̤кʤɤǤȴ顤Ʊοͤ˶ϤäơߤοͤΥФ򥿡åȤȤƸƤӹԤäƤߤ褦.
notes.png ˲Ƥߤ褦("safe check" ιܤΥå򳰤).
warning.png ȼϡ֥åΰפȸʤΤǡε̵ˤФ˹Ԥʤ!!

ϵå

ơƥˤĤƤŪʴФܤˡޤǤμʤɤѤơФؤΥåϵŪ˹ԤäƤߤ褦.
ˤդˡɸ椹ˤϤɤ褤פ褯ǤϤǤ.

ʤϵŪˡפȤΤϡPC ˲ƥϡɥǥȴФΥեʤɤƥå롤ʤɤΡָ˻پ㤬Ĥꤽʡˡ򤱤ƤȤƤɤΰ̣Ǥ.
ŪˤϡʲΤ褦˹Ԥ.

ѥɤǰꤷƼʬΥޥ˥

notes.png ʬΥѥɤƼǰɤƤɤߤե뤬¸ߤΤǤʤȤȤΤȤǡʬΥޥ˥ʤϥե륢ǽʾ֤ˤޤǤäƤäƤߤ褦.
ˤϤˡϽ񤫤ʤΤǡ褯ͤƹԤ.
֤򤫤ƤɤС(Ūˤ)̤꤫פĤ.

ѥɤǰꤷ¾ͤΥޥ˥

notes.png Ʊͤλߤ¾ͤΥޥФƹԤäƤߤ褦. 󡤻ˤΥޥδԤ˵Ĥ꤫Ԥ.

warning.png Ԥεĥʥˤ԰٤ԤȤФˤʤ褦.


ݡ

ǡĴ٤Ȼؼ줿ˤĤĴԤ𤻤.
Ƽ

  1. °(ز)
  2. ֹ
  3. ǯ
  4. ̾
  5. οΥݡ(θȤˤĤƵŤ)

񤯤Τ˺ʤ褦.

about Icons, ClipArts

Some icons in this page are downloadable at ICONFINDER.

The "note" icon notes.png designed by Marco Martin is distributed with the LGPL licence,
the "warning" icon warning.png designed by Alexandre Moore with the GPL licence
and the "triangle" icon JNorth_arrow-right-sm.png designed by Joseph North is distributed with the Creative Commons (Attribution-Noncommercial-Share Alike 3.0 Unported) licence.

Some clip arts used in this page are downloadable at Open Clip Art Library.
We deeply appreciate their superb works. With licence, they describe that "the actual clipart content on open clipart library is Public domain" in the web.