Friday, October 2, 2009

Linux Securirty Notes 4: Reconnaissance & Vulnerability Checks

Reconnaissance Tool

  • A port scanning utility to check the services, ports, software version & finger print of OS etc.
  • Always update the nmap to the latest version.
Upgrading NMAP:
    Check the current version of nmap
#rpm -qa |grep nmap
    Now upgrade to the latest version by downloading the package
# wget
# rpm -Uvh nmap-5.00-1.i386.rpm

Usage of nmap:
    Running the nmap as root uses the SYN based scan(Half opened connection) which is less tracable
    (SYN Stealth scan)
    nmap (TCP SYN) -> Target (ACK) -> nmap declines ACK
    Running nmap as non-privileged user opens a standard TCP connections (3 way handshake)
    nmap (TCP SYN) -> Target (ACK) -> nmap (SYN|ACK)

#nmap -v localhost
    Shows the ports opened in localhost, scan runns in (-v) verbose mode.

Nmap to store output to a certain file

    We can store the output into varios formats. below option stores as a normal file
# nmap -v oN nmap.scan.localhost.file localhost||remotehost
# vi || cat || less || more   nmap.scan.localhost.file

    This can be kept for the later reference.

Nmap to scan the UDP Listners

    By default NMAP scanns the TCP ports and enabling the -sU option will endup with UDP scan
# nmap -v -sU localhost||remotehost

Nmap to scan a perticular port
# nmap -v -p 631 localhost||remotehost

Nmap to give the Os finger print of remote system
# nmap -v -O localhost||remotehost
    This will give the output about the remote host OS details.

Nmap Lockdown:
    NMAP scanning is done to tune the server for higher security by closing the unnecessary ports. Read  to explore more in NMAP. Keep in mind this might be the same tool that the hackers use to scan our network to check the services running so that they can use its vulnerability to break through.

Vulnerability Tool

NESSUS & Port scanner are the tools that can check the vulnerability in system.

    Download the tool from and exicute the nessus installer as root.
  • shareutils
  • gtk-2.0 (XWindows develop tools)
    These are needed for nessus to be installed.
# run the installation script to install the nessus.
    It will ask for certain criterias to finish the installation including Activation code.

Post installation procedure
   After completion of the Nessus installation, as per the instruction from the script have to finish the following process

Create the SSL certificate for Nessus to communicate with nessus server and client as mentioned in the installation script.
# /use/the/path/provided in installation output
Add a nessusd user according to the output of installion

Start Nessus daemon
#/usr/local/sbin/nessusd -D
    Nessus starts as deamon and listen on port 1241
# lsof -i@
    This will show the service binded to the port

Start Nessus client and start the scanning..
    Now configure the preferences in the GUI interface including the nessus server, port, username plugins that can be enabled etc..
Accept the certificate, enable the plugins for platforms, credentials of remote system in which the nessus should start scan, connection options etc.

To start the scan go to Target and start the scan . After the successfull scan it will show the result of vulnerability scan. This will tell that which services are less secured and what mesures should be taken to secure the services.
Eg:- SSH is supporting older version of the SSH protocols and need to configure the sshd service to use the protocol2 only. SSH protocol-1 uses ssh_host_key. but ssh protocol-ver2 uses ssh_host_rsa||dsa_keys
    Nessus is a powerfull tool that help us to configure our servers more securly by pointing the vulnerability in the packages and configurations of various services.

No comments:

Post a Comment

tag ur valuable ideas below