Friday, 19 September 2014

Working with IPTABLES and OpenVAS

 iptables
iptables is a command-line firewall utility that uses policy chains to allow or block traffic. When a connection tries to establish itself on your system, iptables looks for a rule in its list to match it to. If it doesn’t find one, it resorts to the default action.
iptables almost always comes pre-installed on any Linux distribution. To update/install it, just retrieve the iptables package:
sudo apt-get install iptables
There are GUI alternatives to iptables like Firestarter, but iptables isn’t really that hard once you have a few commands down. You want to be extremely careful when configuring iptables rules, particularly if you’re SSH’d into a server, because one wrong command can permanently lock you out until it’s manually fixed at the physical machine.
Connections from a single IP address
This example shows how to block all connections from the IP address 10.10.10.10.
iptables -A INPUT -s 10.10.10.10 -j DROP
Connections from a range of IP addresses
This example shows how to block all of the IP addresses in the 10.10.10.0/24 network range. You can use a netmask or standard slash notation to specify the range of IP addresses.
iptables -A INPUT -s 10.10.10.0/24 -j DROP
or
iptables -A INPUT -s 10.10.10.0/255.255.255.0 -j DROP
Connections to a specific port
This example shows how to block SSH connections from 10.10.10.10.
iptables -A INPUT -p tcp --dport ssh -s 10.10.10.10 -j DROP
You can replace “ssh” with any protocol or port number. The -p tcp part of the code tells iptables what kind of connection the protocol uses.  If you were blocking a protocol that uses UDP rather than TCP, then -p udp would be necessary instead.
This example shows how to block SSH connections from any IP address.
iptables -A INPUT -p tcp --dport ssh -j DROP




 ------------------------OpenVAS-------------------------------------------


The OpenVAS developers provide a handy tool called openvas-check-setup to check the state of your OpenVAS installation. To use this tool simply follow these three steps:
  1. Download the latest version of openvas-check-setup.
  2. Ensure that the script is executable:
chmod +x openvas-check-setup
  1. Execute the script:
./openvas-check-setup
for current stable release or
./openvas-check-setup [ --v4 | --v5 | --v6 | ... ]
for other respective OpenVAS releases.
openvas-check-setup will now analyze the state of your OpenVAS installation and propose fixes should it detect any errors or misconfigurations. It will also check if all required OpenVAS services are running and listening on the correct ports.
In case the hints did not help you to get a working OpenVAS installation, please report the problem to us and we will update/fix openvas-check-setup:OpenVAS Users Mailing List.
If you want to install the OpenVAS services on a server and you do not need clients like OpenVAS CLI or GSD in your installation you can skip the checks for these modules by starting openvas-check-setup with the --server parameter instead:
./openvas-check-setup --server



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)