Skip to content
Snippets Groups Projects
Commit 2e073bf3 authored by Pavel Jirásek's avatar Pavel Jirásek
Browse files

Update

parent 967b5480
No related branches found
No related tags found
4 merge requests!368Update prace.md to document the change from qprace to qprod as the default...,!367Update prace.md to document the change from qprace to qprod as the default...,!366Update prace.md to document the change from qprace to qprod as the default...,!303Předělání onboardovací dokumentace
Hide whitespace changes
Inline Side-by-side
Showing
with 101 additions and 3 deletions
hw/srv1/openvas-ins.md
+ 101
3
View file @ 2e073bf3
...@@ -114,31 +114,129 @@ echo "zkouska mailu" | mail -s "zkouska z vulnscan2" root ...@@ -114,31 +114,129 @@ echo "zkouska mailu" | mail -s "zkouska z vulnscan2" root
* Přístupy * Přístupy
- povolení přístupu na službu rsync do světa ze srv1 (10.1.0.31) Konkrétně na: rsync 873/tcp - povolení přístupu na službu rsync do světa ze srv1 (10.1.0.31) Konkrétně na: rsync 873/tcp
- LDAP ldaphost=10.1.0.1:390
# OpenVAS # OpenVAS
* Instalace Openvasu
``` ```
wget -q -O - http://www.atomicorp.com/installers/atomic |sh wget -q -O - http://www.atomicorp.com/installers/atomic |sh
yum upgrade yum upgrade
yum install openvas yum install openvas
openvas-setup openvas-setup
openvas-check-setup --v7 openvas-check-setup --v7
```
* Nastavení iptables
```
vim /etc/sysconfig/iptables vim /etc/sysconfig/iptables
netstat -vpnl
```
* aliases
/etc/aliases
```
# trap decode to catch security attacks
decode: root
# Person who should get root's mail
root: logs@it4i.cz
```
* smartd
```
cat /etc/inittab
chkconfig --list
chkconfig ntpd on
chkconfig smartd on
```
* vim /etc/ntp.conf
```
server 10.0.255.255
restrict default ignore
restrict 127.0.0.1 nomodify nopeer notrap
restrict 10.0.255.255 nomodify noquery nopeer notrap
disable monitor
```
#LDAP - auth.conf
* smartctl
* megaraid
```
fdisk -l
smartctl -a /dev/sda
smartctl /dev/sda -d megaraid,2 -a
```
* vim /etc/smartd.conf
```bash
/dev/sda -d megaraid,1 -a -o on -S on -s (S/../.././02|L/../../6/03)
/dev/sda -d megaraid,2 -a -o on -S on -s (S/../.././02|L/../../6/03)
/dev/sda -d megaraid,1 -H -C 0 -U 0 -m root
/dev/sda -d megaraid,2 -H -C 0 -U 0 -m root
```
* smartd restar
```
/etc/init.d/smartd restart
ps aux | grep smart
```
* LDAP - auth.conf
```
mkdir /var/lib/openvas/openvasmd/ mkdir /var/lib/openvas/openvasmd/
cat auth.conf cat auth.conf
#This file was automatically generated.
[method:file]
enable=true
order=1
[method:ldap_connect]
enable=true
order=-1
ldaphost=10.1.0.1:390
authdn=uid=%s,ou=People,dc=cluster,dc=net
allow-plaintext=false
/etc/init.d/openvas-manager restart /etc/init.d/openvas-manager restart
/etc/init.d/openvas-manager status /etc/init.d/openvas-manager status
/etc/init.d/openvas-scanner status /etc/init.d/openvas-scanner status
/etc/init.d/gsad status /etc/init.d/gsad status
```
* workaround vložení ssh klíče do db
#workaround vložení ssh klíče do db ```
sqlite3 /var/lib/openvas/mgr/tasks.db sqlite3 /var/lib/openvas/mgr/tasks.db
select * from lsc_credentials ; select * from lsc_credentials ;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment