NMAP
- A port scanning utility to check the services, ports, software version & finger print of OS etc.
- Always update the nmap to the latest version.
Check the current version of nmap
#rpm -qa |grep nmap
Now upgrade to the latest version by downloading the package
# wget http://nmap.org/dist/nmap-5.00-1.i386.rpm
# rpm -Uvh nmap-5.00-1.i386.rpm
Usage of nmap:
Running the nmap as root uses the SYN based scan(Half opened connection) which is less tracable
(SYN Stealth scan)
nmap (TCP SYN) -> Target (ACK) -> nmap declines ACK
Running nmap as non-privileged user opens a standard TCP connections (3 way handshake)
nmap (TCP SYN) -> Target (ACK) -> nmap (SYN|ACK)
#nmap -v localhost
Shows the ports opened in localhost, scan runns in (-v) verbose mode.
Nmap to store output to a certain file
We can store the output into varios formats. below option stores as a normal file
# nmap -v oN nmap.scan.localhost.file localhost||remotehost
# vi || cat || less || more nmap.scan.localhost.file
This can be kept for the later reference.
Nmap to scan the UDP Listners
By default NMAP scanns the TCP ports and enabling the -sU option will endup with UDP scan
# nmap -v -sU localhost||remotehost
Nmap to scan a perticular port
# nmap -v -p 631 localhost||remotehost
Nmap to give the Os finger print of remote system
# nmap -v -O localhost||remotehost
This will give the output about the remote host OS details.
Nmap Lockdown:
NMAP scanning is done to tune the server for higher security by closing the unnecessary ports. Read http://www.insecure.org to explore more in NMAP. Keep in mind this might be the same tool that the hackers use to scan our network to check the services running so that they can use its vulnerability to break through.
Vulnerability Tool
NESSUS & Port scanner are the tools that can check the vulnerability in system.
NESSUS
Download the tool from http://www.nessus.org and exicute the nessus installer as root.
- shareutils
- gtk-2.0 (XWindows develop tools)
# run the installation script to install the nessus.
It will ask for certain criterias to finish the installation including Activation code.
Post installation procedure
After completion of the Nessus installation, as per the instruction from the script have to finish the following process
Create the SSL certificate for Nessus to communicate with nessus server and client as mentioned in the installation script.
# /use/the/path/provided in installation output
Add a nessusd user according to the output of installion
Start Nessus daemon
#/usr/local/sbin/nessusd -D
Nessus starts as deamon and listen on port 1241
# lsof -i@0.0.0.0:1241
This will show the service binded to the port
Start Nessus client and start the scanning..
#/usr/local/bin/nessus
Now configure the preferences in the GUI interface including the nessus server, port, username plugins that can be enabled etc..
Accept the certificate, enable the plugins for platforms, credentials of remote system in which the nessus should start scan, connection options etc.
To start the scan go to Target and start the scan . After the successfull scan it will show the result of vulnerability scan. This will tell that which services are less secured and what mesures should be taken to secure the services.
Eg:- SSH is supporting older version of the SSH protocols and need to configure the sshd service to use the protocol2 only. SSH protocol-1 uses ssh_host_key. but ssh protocol-ver2 uses ssh_host_rsa||dsa_keys
Nessus is a powerfull tool that help us to configure our servers more securly by pointing the vulnerability in the packages and configurations of various services.
No comments:
Post a Comment
tag ur valuable ideas below