Tuesday, April 4, 2017

Manually Update Plugins on a Nessus Scanner (Windows)

I had an issue the other day with one of my Nessus Vulnerability Scanners which is being managed by Security Center. In Security Center the status of one of the Nessus scanners showed "Plugin Out of Sync". I tried to push the plugins to the Nessus scanner from the Security Center, but I was getting a status error of "Connection timed out".  So basically I was getting a latency issue on the connection. The Nessus scanner and the Security Center are in different states, so this may be why there is so much latency. I just built this Nessus scanner, so there were just too many plugins to be pushed over the wire by Security Center. To fix this issue, I just manually copied the plugins to the Nessus scanner. Then I manually loaded the plugins into the Nessus scanner. After I did this, I have not had this issue again.

Manually updating the Plugins can sometimes fix error or scanner status of "Protocol error". These instructions work on Nessus 5x and 6x, when managed by Security Center 4x or 5x.

Follow the instructions below to manually install plugins for the Nessus scanner on a Windows computer. For Linux computers click here.

1. Login to the Nessus scanner.

2. Open PowerShell or the Windows command line (CMD) as privileged user.

3. Stop the Nessus service
# net stop "Tenable Nessus"

4. Remove the Nessus scanner from Security Center

5. Reset the scanner
# …\Program Files\Tenable\Nessus>nessuscli fetch fix --reset

6. Connect the Nessus scanner
# …\Program Files\Tenable\Nessus>nessuscli fetch –security-center

7. Load the plugins into Nessus
# …\Program Files\Tenable\Nessus>nessuscli update plugins_file.tar.qz

8. Start the Nessus scanner
# net start “Tenable Nessus”

9. Login to the web interface for Nessus and verify that the configuration is complete.
https://localhost:8834

10. Login to the web interface for the Security Center. Add the Nessus scanner back and verify connectivity.

Your done.

Related posts
On this Blog

Monday, March 20, 2017

Turn off BEEP in BASH

Sometimes your on a computer that has speakers and if your on the termial it keeps beeping. This can be annoying if all your doing is using the tab key to use auto complete. Who ever thought that making the terminal beep was a good idea? Anyway below are some ways to get ride of the beeps.


In /etc/inputrc file add the line below.
set bell-style none

Put the line below in a profile. If you want to set it globally but in /etc/profile, otherwise set it in bash_profile, .bashrc, and/or .profile.
setterm -blength 0

This will make the beeping sound go away for good. If you have any questions or comments please post them below.

Wednesday, March 15, 2017

How to clear Nessus Plugin 42873 on Security Center

I use Security Center with Nessus scanners from Tenable to do vulnerability scanning on my servers. Sometimes the scanner finds hits on itself, such as a hit on plugin 42873 "SSL Medium Strength Cipher Suites Supported" on the Security Center. Below I show the steps needed to disable 3DES on Security Center..

To disable 3DES within Security Center do the following:
1. Open the file /opt/sc/support/conf/sslciphers.conf

2. Search for DES-CBC3-SHA

3. After the colon that precedes the above string, add an exclamation mark which is the signal to disable the given cipher.

4. The whole string should look like :!DES-CBC3-SHA:

Once complete, restart the SC service and complete a rescan and this vulnerability should be remediation.

To clear the other part of this hit, make sure the server is using SSL ciphers have encryption key length of over 112 bits. 

Reference Plugin 42873
https://www.openssl.org/blog/blog/2016/08/24/sweet32/

Monday, February 20, 2017

Rename & Combine Audio Book files into one audio book.

I like to listen to audio books and I get them them from places such as Audible, books on CD, the library or LibriVox. The issue is that all these places present the files to you in different ways. You can get one big file or a lot of small files. They all use different naming conventions which can make organizing your books difficult. To play my audio books I use the iBooks app from Apple and the Audible app form Audible, on my iPod Touch. Apples iBooks app works well but is missing some features that the Audible app has such as the bookmarking feature. The Audible app is really bad at playing books that are broken up into several files. The app will play the files out of order or show each file as a separate book.

So to fix the issues described above I recommend that you rename and/or combine all the files from one book into one file. Below I show the BASH script I wrote to fix this issue. I wrote and tested this script on a Mac. This script will also work on Linux and UNIX operating systems. After the files are combined the finder didn't show the right length for the audio book but when I imported the file into iTunes everything displayed right and the file worked fine.

The script below shows how to combine several MP3 files into one file. I put a comment after each command explaining what it is doing. If you have any questions about the script below ask it in the the comment section below.

script-book
Put contents of files here
#!/bin/bash
# This script was created on 20170216
# This script was created to combine MP3 files form audio books into one file.
# usage ./script-book bookname
#
if [ -z "$1" ]
  then
    echo -e "Please rerun the script with desired file name at the end \n 
              Example: ./script-book bookname"
    exit 1
fi
# The if statement checks for $1 variable. 
# If no variable is present then the gives error message and exits 

for s in $(ls |grep .mp3|egrep -v '(png|jpg)'|awk '{print $NF}')
# egrep removes pictures
# $NF gives the last column in the file name. This removes the spaces in the name.
do mv *$s $1$s
# This renames the files
cat *$s >> $1.mp3
# Cat combines the files
rm *$s
# Removes old files
done
ls -lh

In order to make the script work, copy it into the same directory the audio books files are located in. In the example below the script is called script-book and the ls command shows the script in the same directory as the audio book files.

man@earth> ls
The Hot Gate 001.mp3    The Hot Gate 021.mp3    The Hot Gate 041.mp3
The Hot Gate 002.mp3    The Hot Gate 022.mp3    The Hot Gate 042.mp3
The Hot Gate 003.mp3    The Hot Gate 023.mp3    The Hot Gate 043.mp3
The Hot Gate 004.mp3    The Hot Gate 024.mp3    The Hot Gate 044.mp3
The Hot Gate 005.mp3    The Hot Gate 025.mp3    The Hot Gate 045.mp3
The Hot Gate 006.mp3    The Hot Gate 026.mp3    The Hot Gate 046.mp3
The Hot Gate 007.mp3    The Hot Gate 027.mp3    The Hot Gate 047.mp3
The Hot Gate 008.mp3    The Hot Gate 028.mp3    The Hot Gate 048.mp3
The Hot Gate 009.mp3    The Hot Gate 029.mp3    The Hot Gate 049.mp3
The Hot Gate 010.mp3    The Hot Gate 030.mp3    The Hot Gate 050.mp3
The Hot Gate 011.mp3    The Hot Gate 031.mp3    The Hot Gate 051.mp3
The Hot Gate 012.mp3    The Hot Gate 032.mp3    The Hot Gate 052.mp3
The Hot Gate 013.mp3    The Hot Gate 033.mp3    The Hot Gate 053.mp3
The Hot Gate 014.mp3    The Hot Gate 034.mp3    The Hot Gate 054.mp3
The Hot Gate 015.mp3    The Hot Gate 035.mp3    The Hot Gate 055.mp3
The Hot Gate 016.mp3    The Hot Gate 036.mp3    The Hot Gate 056.mp3
The Hot Gate 017.mp3    The Hot Gate 037.mp3    The Hot Gate 057.mp3
The Hot Gate 018.mp3    The Hot Gate 038.mp3    The Hot Gate 058.mp3
The Hot Gate 019.mp3    The Hot Gate 039.mp3    The Hot Gate 059.mp3
The Hot Gate 020.mp3    The Hot Gate 040.mp3    script-book

Note- Make sure the script is executable before you run the command as shown below. Alternately you can also run the script by bash before the command if you don't know how to make the script executable. Example: bash ./script-book bookname

In the example below the I show how to execute the script and show example output. This shows that the script combined the files listed above and named the file TheHotGate and removed all the old unneeded files.

man@earth> ./script-book TheHotGate
total 447744
-rw-r--r--  1  arich   staff    219M  Feb 20 11:34    TheHotGate.mp3
-rw-r--r--  1  arich   staff    624B   Feb 20 11:33    script-book


I hope this helps anyone who is having a similar issue.


Links to places to get audio books.


LibriVox

             Audible



Thursday, December 1, 2016

How to Reset a Nessus Scanner

The other day I installed a new Nessus Vulnerability Scanner which is a security scanner that is often controlled Security Center, both of which are Tenable products. After I finished the install and configured the Nessus scanner to be managed by Security Center.  I tried to log back into the scanner and discovered I was locked out. So I figured I could just reinstall the Nessus scanner, after all it only take a few minutes to do. I reinstalled Nessus and I was still locked out, what gives. Below are the steps used to get back into the scanner. I later found an even easier way to get back into the Nessus scanner, which I also posted below.

Follow the steps below to uninstall the Nessus scanner and remove the configuration files.

1. Optional - Stop the nessusd service
root@earth> service nessusd stop

2. To uninstall Nessus remove the Nessus package
root@earth> rpm -e nessus-package

For some reason /opt/nessus still exists after the Nessus package is removed

3. Remove the Nessus directory.
root@earth> rm -r /opt/nessus

Note- Don't worry the Nessus the files will be recreated after the reinstall.

Note- If the /opt/nessus directory is not removed, then your account will still be locked. This is because the configuration files will still exist.

4. Now install Nessus
root@earth> rpm -ivh nessus.rpm

5. Go to the Web interface to finish the configuration of the scanner
https://nessus:8834

Installing Nessus and setting it up to be managed by Security Center takes very little time, but you

Create a new user and/or set the user password.

Add user to scanner
root@earth> /opt/nessus/sbin/nessuscli  adduser  newuser

Change password on the nessus scanner
root@earth> /opt/nessus/sbin/nessuscli  chpasswd username

I showed you in a previous post "Reset Admin account on Security Center" how to do this for Security Center.

Related posts on this site:
Reset Admin account on Security Center
Manually Update Plugins for your PVS
Manually Update Plugins on a Nessus Scanner

Thursday, September 22, 2016

Create user account and set password with one command

I often see forum posts where a System Administrators, wants to create local user accounts on several servers and doesn't want to have to have to set the user's password over and over again. Below I share two ways to do this. The first way creates the user account and sets the password in one command. The second method sets the password in a additional command. Ether way can be used in a script, which can speed things up if you need to create one or more accout on servel systems.

Below is an example of creating a user account.
root@earth> useradd -u 25 -g staff -G ftp,users -m -d /export/home/newuser -c "newuser" -s /bin/bash newuser
root@earth> passwd newuser
passwd: Changing password for username
New Password:
Re-enter new Password:
passwd: password successfully changed for newuser

This method can be very time consuming process and would be hard to use in script. Below is an example of how using the -p option in the useradd command, to set the user's password by setting the uses hash.

root@earth> useradd -u 25 -g staff -G ftp,users -m -d /export/home/newuser -c "newuser" -s /bin/bash -p '6$jbvkjjg$qFmFH.bQmmtXzyBY0s9v7Oicd2z4XSIecDzlB5KiA2/jctKu9YterLp8wwnSq.qc.eoxqOmSuNp2xS0ktL3nh/' newuser

This method works on Linux computers, such as SLES and RHEL. It however doesn't work on systems such as Solaris.

Alternately you can also set the users by echoing the password to standard in, as shown below. The major issue with doing it this way is that the password is recorded in the system logs and if your running the command remotely then your sending the password in the clear. So I don't recomend doing it this way.
root@earth> echo password | passwd newuser --stdin

This method works only Linux systems.

Other posts with similar info
Linux User Account Creation & Customization
Adding a new user to a UNIX based system

References pages.
Online man page - useradd
Online man page - passwd

Thursday, September 15, 2016

Setting up NFS & automount on RHEL


I believe that any Linux or UNIX server should start a very minimal build. Meaning that a server should only have the programs or packages installed that are needed for the operation of the server. To make some of my servers a little more functional I decided to install NFS and automount. This is so users can automount home directories and  mount external shares.

Follow the steps below to install NFS and autofs, so you can mount the NFS shares and mount home directories. The example below is on a RHEL 6 server.


To be able to mount NFS share you will need the following packages.
autofs
nfs-utils
nfs-utils-lib

Dependencies:
Hesiod
keyutils
libgssglue
libtirpc
python-argparse
rpcbind

Install the packages
root@server> yum install autofs  nfs-utils  nfs-utils-lib

To enable NFS shares you must add them to the /etc/fstab file. Example below.
10.12.12.8:/share /export/share  nfs noauto,nosuid,nodev,noguid,noxattr,timeout,sloppy 0 0
10.12.12.6:/cifs  /export/cifs  nfs noauto,nosuid,nodev,noguid,noxattr,timeout,sloppy 0 0
repos:/linux_repos /export/repos   nfs auto,ro,nosuid,nodev,noguid,noxattr,timeout,sloppy 0 0

To setup the automount funtion you need to edit the auto.home and auto.master files.
 Add the hostname or IP address line to /etc/auto.home
*             10.10.10.2:/home/&

Add this line to /etc/auto.master
/export/home /etc/auto.home -nolock,nosuid,noguid,nodev,nobrowse,noxattr --timeout 10

Restart services
root@server> service autofs restart
root@server> service rpcbind start
root@server> service nfs start

Ensure that autofs starts at boot
root@server> chkconfig –list autofs

Make mount points
Make the mount pint for all the mount points listed in the /etc/fstab file..
root@server> mkdir /export/share
root@server> mkdir /export/cifs
root@server> mkdir /export/repos


Note- make sure any host names used are added to the /etc/hosts file.

After following the steps above evey should be working. test the configuration by loggingin or becoming a user with a non local home directory. Also try to mount the shares.
root@server> mount /export/share

Check to see if the mount was successful.
root@server> df -h | grep share
Filesystem            Size  Used Avail Use% Mounted on
10.12.12.8:/share  9.8G  1.9G  7.5G  20%   /export/share

Please let me know if you have any questions.


Friday, May 20, 2016

Getting Cut & Paste to work in VNC

Sometimes the ability to use cut and paste stops working between your VNC session and the your computer. To get cut and paste to work again just run the following command on the terminal. 

root@earth> vncconfig &

The vncconfig command lunches the vncconfig utility which controls the clipboard function needed for cut & paste to work. Just make sure all the check boxes are checked when the vncconfig utility comes up and cut & paste should start working again.

Tuesday, May 17, 2016

Reset Admin account on Security Center


The other day I got locked out of my admin account for the Security Center 5 from Tenable. In order to get back into the system I needed to reset the admin password. Below I show how to reset the admin password on Security Center 5. For this to work you must have elevated privileges, such as root.

Reset the admin account password
root@earth> sqlite3 /opt/sc/application.db "update userauth set password = 'bbd29bd33eb161d738536b59e37db31e' where username='admin';"
This command sets the admin password to password

Clear login failures.
root@earth> sqlite3 /opt/sc/application.db "update userauth set failedLogins='0' where username='admin';"

Unlock the admin account
root@earth> sqlite3 /opt/sc/application.db "update userauth set locked='0' where username='admin';"

After following these steps you will be able to login to the admin account with the password set to password. If you have any questions or comments please post them below.

Thursday, April 28, 2016

Make Money While You Sleep

There are a lot of apps for making money with your smartphone or tablet. It doesn't matter whether you use iOS or Android. Money Making Apps are almost everywhere. Today I want to tell you about an app called Swagbucks TV from Swagbucks. The Swagbucks TV app which pays you for watching videos and is available on both iOS or Android.

Well how does it work?
In order to start earning money you need to signup for an account with Swagbucks. You can use the app to to create an account, but I would sign up for an account on the Swagbucks website, because it is easier. The app plays an ad and then plays a video. This continues until you stop the player. The app sometimes puts a cap on how much you can earn a day or in one sitting. After you're signed in your account you select a category and start a video. The categories are Featured Videos, Recipes (cooking), Entertainment, Fashion, Health, Home and Garden, Music, News, Travel, and Celebrity. If you like any the watching videos for the above mentioned, great enjoy making little money with this app.

How do you make money while sleeping?
Before you go to sleep start playing videos with the app. Turn off the sound and turn down the screen brightness. When you wake up you earned some coin. You can also play some videos on your computer from the Swagbucks website as well, if you really want to milk this thing.

Links to apps

Swagbuck TV for iOS
Swagbuck for iOS


Swagbuck TV at Google Play
Swagbuck app at Google Play



Wednesday, April 27, 2016

How to install or upgrade Java in Linux (Updated)

In this blog post I show how to install or update Java from Oracle on a Linux server. Many Linux distros use the OpenJDK version of Java in their operating systems and in their repository. Although the instructions below will still work to install OpenJDK, the focus is on Oracle's version of Java.

When using the Java provided by Oracle, you can download it from Oracle's website or from java.com. From there they give you a choice of downloading rpm or tar files. I prefer to use Red Hat Package Manager (RPM) files instead of the tar files when installing any program.

You can download Java here: www.java.com

Find Java on the system.
root@earth> find / -name java -type f
/usr/java/jre1.7.0_101/bin/java

Note - If you use which or java -version commands to find Java on your system. This will only show your the system's main java. You may have additional versions installed.

Now take each line of output and paste it at the end of the rpm -qf command. This gives you the name of the rpm package that installed that instance of Java.

root@earth> rpm -qf   /usr/java/jre1.7.0_101/bin/java
jre-1.7.0_101s

If the Java found on the system was not installed via a package, then Java was installed via a tar file. At this point you must decide whether to install the new version of Java with an rpm or a tar file. I recommend the use of the rpm packages to install any programs. If you are installing with a rpm then go to the section titled Installing Java using RPM. If you are use the tar file then skip to the section titled Install Java using a tar file.

Installing Java using RPM
The rpm command can either update an existing package or install a new one.

The documentation on the Java website says to remove/uninstall the old version of Java and then install the new one. I prefer to install or upgrade though. This is because if there are any symlinks or application settings that use the systems' Java, will be updated to use the newer Java. Then you can remove the old version if needed after the fact. Otherwise you would have to recreate these items after the install.

Updating Java using RPM 
If you update Java as shown below then you will not need to remove the old version. Unless you are installing a different version of Java. For exampe If you have Java 7 installed and then you install Java 8
root@earth> rpm  -Uvh   jre-7u111-linux-x64.rpm

You can alternately install Java instead.
root@earth> rpm  -ivh   jre-7u111-linux-x64.rpm

Uninstall the old package.
Take the output from the last command and use the rpm command with the -e option to remove the package.
root@earth> rpm -e  jre-1.7.0_65cs

Note- Do not run the above command for java that is part of an application. If the file was in /usr/bin/ you should be fine.

Install Java using a tar file
Change directory to where Java is going to be installed. Usually it will be /user/java.
root@earth> cd  /usr/java

Note - If your upgrading Java with a tar file, it is advised to backup the old installation and to remove the previous version. If the old version was installed via a tar then remove the directory. If it was installed with a rpm file use the rpm or yum command to remove the package. 

Move the tar file to /usr/java and unpack the tarball to install Java
root@earth> tar  zxvf   jre-7u111-linux-i586.tar.gz

Delete the tar file after you test Java and your done.

Reference:
Java.com

Related posts on this Blog
How to install or upgrade Java in Linux
How to install Java 7 & 8 on Solaris
Access the Java Control Panel
Updating Java on Solaris

If you have any questions or comments please post them below.