Clay

I am Clay who is the main writer for this website. I own a small web hosting company in Malaysia and i'm available to be hired as individual contractor on elance or odesk. You can find me on twitter.

Complete Install OpenVAS 8 in Ubuntu 14.04 using PPA

Pretty irritating to install OpenVAS 8 in Ubuntu 14.04. Just take a lot of time and effort. Here i am disclosing the full methods needed needed to get OpenVAS 8 fully working with all the deep scanning and optional plugins as well.

Required OpenVAS libraries

Before we began, make sure the following commands are available.

sudo apt-get install -y build-essential devscripts dpatch libassuan-dev \
 libglib2.0-dev libgpgme11-dev libpcre3-dev libpth-dev libwrap0-dev libgmp-dev libgmp3-dev \
 libgpgme11-dev libopenvas2 libpcre3-dev libpth-dev quilt cmake pkg-config \
 libssh-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev \
 doxygen sqlfairy xmltoman sqlite3 libsqlite3-dev wamerican redis-server libhiredis-dev libsnmp-dev \
 libmicrohttpd-dev libxml2-dev libxslt1-dev xsltproc libssh2-1-dev libldap2-dev autoconf nmap libgnutls-dev \
libpopt-dev heimdal-dev heimdal-multidev libpopt-dev mingw32 

sudo apt-get install make git screen rsync sudo software-properties-common sqlite3 alien nsis rpm nmap libcurl4-gnutls-dev w3af-console python-setuptools pnscan netdiag slapd ldap-utils snmp ike-scan zip aptitude xsltproc texlive-latex-base texlive-latex-extra texlive-latex-recommended htmldoc w3af-console

Then install Ruby 2.2.3

cd
git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL

git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
exec $SHELL

git clone https://github.com/sstephenson/rbenv-gem-rehash.git ~/.rbenv/plugins/rbenv-gem-rehash

rbenv install 2.2.3
rbenv global 2.2.3
ruby -v

Adding OpenVAS 8 PPA

once the above are done try to add the PPA as below,

sudo add-apt-repository ppa:mrazavi/openvas
sudo apt-get update
sudo apt-get install openvas

Install OpenVAS 8 database

once you've installed openvas, do the following

sudo openvas-nvt-sync
sudo openvas-scapdata-sync
sudo openvas-certdata-sync

sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo openvasmd --rebuild --progress

Install OpenVAS 8 PDF Support

Once you do that remember to install the following to enable pdf report

apt-get install texlive-full
(this is not optimal thou, this installs a bunch of packets..)

Check OpenVAS 8 Setup

And make sure that everything is ok

wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup --no-check-certificate
 chmod 0755 openvas-check-setup
 ./openvas-check-setup --v8 --server

Plugins Executable

Now, let's try to make all OpenVAS 8 plugins executable

chmod +x /usr/lib/openvas/plugins/*

This is optional though.

Adding OpenVAS 8 Deep scan Support

And for deep scan, you might want to manually install these as well,

Adding DIRB:

http://prithak.blogspot.se/2011/08/brute-force-directory-and-files-on-web.html
apt-get install libcurl4-gnutls-dev
wget -c 'http://sourceforge.net/projects/dirb/files/dirb/2.22/dirb222.tar.gz/download' -O dirb222.tar.gz
tar -zxvf dirb222.tar.gz
cd dirb
./configure
make
make install
Test installation:
/usr/local/bin/dirb
ln -s /usr/local/bin/dirb /usr/bin/

Adding nikto:

wget https://github.com/sullo/nikto/archive/master.zip
unzip master.zip
cd nikto-master/programs
cp * /usr/local/bin/
ln -s /usr/local/bin/nikto.pl /usr/bin/

Add wapiti:

sudo apt-get install python-setuptools
wget -O wapiti-2.3.0.tar.gz "http://downloads.sourceforge.net/project/wapiti/wapiti/wapiti-2.3.0/wapiti-2.3.0.tar.gz?r=http://sourceforge.net/projects/wapiti/files/wapiti/wapiti-2.3.0/&ts=1391931386&use_mirror=heanet"
tar zxvf wapiti-2.3.0.tar.gz
cd wapiti-2.3.0
python setup.py install
ln -s /usr/local/bin/wapiti /usr/bin/

Add arachni:

gem install arachni
ln -s /var/lib/gems/1.9.1/bin/arachni* /usr/bin
export PATH="${PATH}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/var/lib/gems/1.9.1/bin"

Others Options plugins are install via apt-get on the requirement page.

Please take note the above process is pretty long. Hence, do use screen for all your installation session. Once you've done that, you can login into https://ip:443 with "admin" as username and password.

Useful Links

Here are some links that assist with the above OpenVAS 8 installation.

OpenVAS 8 503 – Service temporarily down

Ok, this is a nightmare, when you found out you did something unknown and break your OpenVAS and every time you tries to start a task, you get a 503 - Service temporarily down message. And whatever you do, its not recovering. Most likely you would go reinstall the whole OpenVAS 8. The real issue is that it takes too long to get everything setup, especially if you want EVERYTHING to be ready and good to go. I know, i have been there.

503 - Service temporarily down

The issue started when i trying to figure out why scan result isn't working for me. I accidentally updated the cert and everything just go down hill from there. Hence, the only way is to figure out what happen. And the following solution seems to work for me.

openvas-mkcert-client -n om -i
openvas-nvt-sync --wget
/etc/init.d/openvas-scanner stop; /etc/init.d/openvas-manager stop;
openvassd
rm /var/lib/openvas/mgr/tasks.db
openvasmd --progress --rebuild -v

What this does is to remove ALL your task. And rebuild it again. It seems that somehow when we refresh the cert, all the task that bind with the old cert can't seems to perform a handshake with the new cert that i have generated. Hence, removing everything and redo it again seems to solve this problem.

**** UPDATES 20/12/2015 ****
Apparently, Michael Meyer saw this article and somehow added and correctly provided alternative as show below,

"Updating Scanner Certificates

If you have changed the CA certificate used to sign the server and client
certificates or the client certificate itself you will need to update the
certificates in Manager database as well.

The database can be updated using the following command:

$ openvasmd --modify-scanner <uuid> \
--scanner-ca-pub <cacert> \
--scanner-key-pub <clientcert> \
--scanner-key-priv <clientkey>

Where:
<uuid> refers to the UUID used by OpenVAS Manager to identify the scanner; the UUID can be retrieved with "openvasmd --get-scanners"
<cacert> refers to the certificate of the CA used to sign the scanner certificate
<clientcert> refers to the certificate Manager uses to authenticate when connecting to the scanner
<clientkey> refers to the private key Manager uses to authenticate when connecting to the scanner"

For more information and other options do go to https://wald.intevation.org/svn/openvas/trunk/openvas-manager/INSTALL where you would find more options and may be helps to resolve your issue.

All credits goes to Michael Meyer and thanks for the update!

Gitlab 500/502 Error After Upgrade

Here is what happen, i got either a 500 or 502 error after an upgrade using Omnibus method. And got the error message "Gitlab is not responding"

40TPT

The first thing i did was to look for what could have happen. And the first place to see that is on the log file located at

/var/log/gitlab/gitlab-rails/production.log

And the log basically just give me an error as shown below,

Started GET "/users/sign_in" for 175.144.6.68 at 2015-12-12 23:48:54 +0800
Processing by SessionsController#new as HTML
Completed 500 Internal Server Error in 98ms (ActiveRecord: 10.8ms)

NoMethodError (undefined method `push_events=' for #<GitlabCiService:0x0000000463dba8>):
  app/models/project.rb:809:in `builds_enabled='
  app/controllers/application_controller.rb:194:in `add_gon_variables'

But when i do a status check, it gives me this

[root@git gitlab-rails]# gitlab-ctl status
run: gitlab-workhorse: (pid 4934) 1009s; run: log: (pid 4147) 1227s
run: logrotate: (pid 4942) 1008s; run: log: (pid 296) 3434s
run: nginx: (pid 4948) 1008s; run: log: (pid 299) 3434s
run: postgresql: (pid 4957) 1007s; run: log: (pid 301) 3434s
run: redis: (pid 4965) 1007s; run: log: (pid 294) 3434s
run: sidekiq: (pid 4972) 1005s; run: log: (pid 302) 3434s
run: unicorn: (pid 4990) 1004s; run: log: (pid 305) 3434s

I have pretty much no idea what is going on. But after trying out different ways, it seems to boil down to the following,

1. Check what is going on

Firing the following command should give you an idea what is going on with your configure.

sudo gitlab-rake gitlab:check

After that you could try see what is causing it.

2. Forget to turn on postgres before upgrade

Well, because gitlab said to shutdown gitlab before upgrading, hence i did this,

gitlab-ctl stop

which stops everything including postgres. Hence, database migration wasn't possible. Therefore, i fire the following command and see whether that helps

gitlab-rake db:migrate

Now, after this i still got a 502 error but at least i'm not stuck with 500 error!

3. Forget to reconfigure after an upgrade

Well, if its not database migration, then every time you did a migration, remember to do a reconfigure!

gitlab-ctl reconfigure

Once i did this. Wait a while, and puff! The screen is back up!

Screen Shot 2015-12-13 at 12.00.47 AM

I'm just grateful everything is ok! Just remember to back up your VM image before doing all these upgrades!

Few Tweat to MailScanner Config

If you are looking for some configuration on Mailscanner, try to look at the following criteria, on /usr/mailscanner/etc/MailScanner.conf

> MailScanner Config
> Run As User = postfix
> Run As Group = postfix
> Incoming Queue Dir = /var/spool/postfix/hold
> Outgoing Queue Dir = /var/spool/postfix/incoming
> Incoming Work Dir = /var/spool/MailScanner/incoming
> MTA = postfix
> Sendmail = /usr/sbin/sendmail.postfix
> Incoming Work Group = clamav
> Incoming Work Permissions = 0644
> Quarantine User = postfix
> Quarantine Group = apache
> Quarantine Permissions = 0660
> Virus Scanners = clamd
> Quarantine Infections = no
> Quarantine Whole Message = yes
> Quarantine Whole Messages As Queue Files = no
> Keep Spam And MCP Archive Clean = yes
> Spam Checks = yes
> Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
> Is Definitely Spam = %rules-dir%/spam.blacklist.rules
> Definite Spam Is High Scoring = yes
> Use SpamAssassin = yes
> Required SpamAssassin Score = 4.75
> High SpamAssassin Score = 6
> Spam Score = yes
> Spam Actions = deliver
> High Scoring Spam Actions = store notify

But do remember to alter the config to what you need rather than using everything above. If you guys have more things to share, feel free to comment below!

Woocommerce get admin order note

In order to get admin order note, there is no office function to do that but you might want to do that to capture payment date in woocommerce. You can easily find the order note by doing the following,

get_comments('post_id=6434&type=order_note');

looks pretty simple right? If you can't get it this way, all you need to do is to sql the database direct instead especially if you re on a multi language WordPress site.

$paymentdate = $wpdb->get_var( 'SELECT comment_date FROM  `wp_comments` WHERE  `comment_content` LIKE  \'%payment success%\' AND `comment_post_ID` ='. $post_id);

and these should gives you the information you need to do get your payment date if you ever need it.