根据OSSIM渠道的缝隙扫描详解51CTO博客 - 威尼斯人

根据OSSIM渠道的缝隙扫描详解51CTO博客

2019-01-03 10:52:42 | 作者: 鸿振 | 标签: 扫描,缝隙,体系 | 浏览: 2215

Ossim 中缝隙扫描详解

 

Openvas是一套开源缝隙扫描体系,假如手动树立需求杂乱的进程,花费不少人力和时刻本钱,由于它是套免费的缝隙扫描体系,功能上不差劲于商业版的缝隙扫描器,遭到不少用户的喜爱,下表对比了NeXpose、RSAS和启明的缝隙扫描器的首要功能。

 

有了以上布景之后,下文首要针对OSSIM平台下如何故图形化方法操作缝隙扫描的进程。

 

预备作业:首要保证没有运转的扫描进程和使命

扫描缝隙一起晋级缝隙库会导致晋级失利。

 

第一步:同步插件

#openvas-nvt-sync

[i] This script synchronizes an NVT collection with the OpenVAS NVT Feed.

[i] The OpenVAS NVT Feed is provided by The OpenVAS Project.

[i] Online information about this feed: http://www.openvas.org/openvas-nvt-feed.html.

[i] NVT dir: /var/lib/openvas/plugins

[i] Will use rsync

[i] Using rsync: /usr/bin/rsync

[i] Configured NVT rsync feed: rsync://feed.openvas.org:/nvt-feed

OpenVAS feed server - http://www.openvas.org/

This service is hosted by Intevation GmbH - http://intevation.de/

All transactions are logged.

Please report synchronization problems to openvas-feed@intevation.de.

If you have any other questions, please use the OpenVAS mailing lists

or the OpenVAS IRC chat. See http://www.openvas.org/ for details.

receiving incremental file list

deleting gb_openssl_38562.nasl.asc

deleting gb_openssl_38562.nasl

./

COPYING

         588 100%  574.22kB/s    0:00:00 (xfer#1, to-check=13347/13355)

COPYING.GPLv2

       18002 100%   17.17MB/s    0:00:00 (xfer#2, to-check=13346/13355)

COPYING.files

     1819904 100%    1.77MB/s    0:00:00 (xfer#3, to-check=13345/13355)

DDI_Directory_Scanner.nasl

       32957 100%   32.74kB/s    0:00:00 (xfer#4, to-check=13342/13355)

DDI_Directory_Scanner.nasl.asc

         198 100%    0.20kB/s    0:00:00 (xfer#5, to-check=13341/13355)

... ...

同步数万个插件时刻比较长,耗费资源不大,能够去喝杯咖啡啦,或许了解一下插件的组成。

 

            表1 Openvas首要脚本分类及散布状况

 

规矩称号

数量

补白

IIS_frontpage_DOS_2.nasl

1

phpbb

8

RA_ssh_detect

RA_www_css

RA_www_detect

3

RHSA_2009_03**

279

Redhat Security Advisory

3com_switches

1

weblogic*

3

cisco_ids

cisco_***

ciscoworks

16

awstats

4

apache

23

DDI

30

EZ_hotscripts

3

anti_nessus

1

basilix

8

bluecoat

1

bugbear

3

bugzilla

9

ca_unicenter

2

cacti

5

calendar

3

Spoll_7_5_sql_injection

2

avaya_switches

1

citrix

8

clamav

2

CUPS

12

cutenews

12

checkpoint

6

cheopsNG

4

cvstrac

24

DB2

4

deb_*.nasl

2595

Debian Linux

DNS

5

deluxeBB

3

eftp

3

ls exchange*

exchange

2

fcore

684

find_service

5

fortigate

1

freebsd

2009

ftp

30

gb_CESA

1528

gb_RHSA

871

gb_adobe

167

gb_apple

70

gb_baofeng_storm

3

gb_bpsoft

3

gb_clamav

16

gb_ccproxy

2

gb_clamav

16

gb_fedora

4679

gb_google

162

gb_hp_ux

242

HP-UNIX

gb_ibm_db2

27

gb_ibm_websphere

8

gb_ibm_tivoli

5

gb_ibm_was

16

gb_ibm_lotus

10

gb_mandriva

1684

gb_java

2

gb_kaspersky

6

gb_google_chrome

153

gb_foxmail

2

gb_fsecure

7

gb_ms

155

Windows 相关

gb_ubuntu

1261

gb_samba

12

gb_sun_java

35

gb_wireshark

87

glsa

1727

gb_vmware

41

IIS

20

lotus

5

ipswitch

5

mysql

5

gb_nmap

187

nortel

7

nagios

5

openssh

4

oscommerce

5

postgresql

5

phpgroupware

12

phpmyadmin

7

phpbb

8

smb

52

sendmail

15

suse

65

ssh

11

smtp

9

Ubuntu

179

tomcat

6

tftp

11

wu_ftpd

6

 

第二步:更新插件(做这一步操作,主张在轻负载下进行)

#perl /usr/share/ossim/scripts/vulnmeter/updateplugins.pl migrate            /* 比较耗费CPU和磁盘I/O  */

2015-09-07 07:27:33   Framework profile has been found...

2015-09-07 07:27:33   Deleting all tasks in 192.168.11.150 ...

2015-09-07 07:27:33   updateplugins: configured to not updateplugins

2015-09-07 07:27:33   updateplugins: configured to not repair DB

2015-09-07 07:27:33   BEGIN  - DUMP PLUGINS

2015-09-07 07:29:01   FINISH - DUMP PLUGINS [ Process took 88 seconds ]

2015-09-07 07:29:01   BEGIN  - IMPORT PLUGINS

2015-09-07 07:30:00   FINISH - IMPORT PLUGINS [ 40473 plugins - Process took 59 seconds ]

2015-09-07 07:30:00   BEGIN  - UPDATE CATEGORIES

2015-09-07 07:30:00   FINISH - UPDATE CATEGORIES [ Process took 0 seconds ]

2015-09-07 07:30:00   BEGIN  - UPDATE FAMILIES

2015-09-07 07:30:00   FINISH - UPDATE FAMILIES [ Process took 0 seconds ]

2015-09-07 07:30:00   BEGIN  - UPDATE OPENVAS_PLUGINS

2015-09-07 07:30:03   FINISH - UPDATE OPENVAS_PLUGINS [ Process took 3 seconds ]

2015-09-07 07:30:03   BEGIN  - UPDATE NESSUS_PREFERENCES

2015-09-07 07:30:03   show tables like "vuln_nessus_preferences_defaults"

2015-09-07 07:30:03   updateprefs: Getting plugin preferences

2015-09-07 07:30:05   FINISH - UPDATE NESSUS_PREFERENCES [ Process took 2 seconds ]

 

2015-09-07 07:30:06   Creating Deep profile...

2015-09-07 07:30:06   Filling categories...............

2015-09-07 07:30:06   Done

2015-09-07 07:30:06   Filling families.............................................................

2015-09-07 07:30:06   Done

2015-09-07 07:30:06   Filling plugins...

2015-09-07 07:30:13   Filling preferences in Alienvault DB...

2015-09-07 07:30:14   Done

2015-09-07 07:30:14   Deep profile inserted

 

2015-09-07 07:30:15   Creating Default profile...

2015-09-07 07:30:15   Filling categories...............

2015-09-07 07:30:15   Done

2015-09-07 07:30:15   Filling families.............................................................

2015-09-07 07:30:15   Done

2015-09-07 07:30:15   Filling plugins...

2015-09-07 07:30:23   Filling preferences in Alienvault DB...

2015-09-07 07:30:24   Done

2015-09-07 07:30:24   Default profile inserted

 

2015-09-07 07:30:24   Creating Ultimate profile...

2015-09-07 07:30:24   Filling categories...............

2015-09-07 07:30:24   Done

2015-09-07 07:30:24   Filling families.............................................................

2015-09-07 07:30:24   Done

2015-09-07 07:30:24   Filling plugins...

2015-09-07 07:30:32   Filling preferences in Alienvault DB...

2015-09-07 07:30:33   Done

2015-09-07 07:30:33   Ultimate profile inserted

 

2015-09-07 07:30:33   BEGIN  - UPDATE PORT SCANNER

2015-09-07 07:30:35   FINISH - UPDATE PORT SCANNER [ Process took 2 seconds ]

 

Updating plugin_sid vulnerabilities scanner ids

plugins fetched

Updating...

Script id:94151, Name:IT-Grundschutz M4.288: Sichere Administration von VoIP-Endger?ten, Priority:0

Script id:703073, Name:Debian Security Advisory DSA 3073-1 (libgcrypt11 - security update), Priority:1

Script id:804624, Name:Adobe Reader Plugin Signature Bypass Vulnerability (Windows), Priority:2

Script id:868149, Name:Fedora Update for kernel FEDORA-2014-9959, Priority:5

Script id:95048, Name:IT-Grundschutz M5.145: Sicherer Einsatz von CUPS, Priority:0

Script id:842216, Name:Ubuntu Update for linux USN-2616-1, Priority:4

Script id:105036, Name:Open*** Detection, Priority:0

Script id:868005, Name:Fedora Update for audacious-plugins FEDORA-2014-8183, Priority:1

Script id:869350, Name:Fedora Update for springframework FEDORA-2015-6862, Priority:5

 

… …

 

Script id:105084, Name:Multiple ManageEngine Products  Arbitrary File Upload Vulnerability, Priority:3

Script id:867751, Name:Fedora Update for python-keystoneclient FEDORA-2014-5555, Priority:3

Script id:882209, Name:CentOS Update for nss CESA-2015:1185 centos6, Priority:2

Script id:842209, Name:Ubuntu Update for libmodule-signature-perl USN-2607-1, Priority:5

 

通过一刻钟等候总算更新完结。留意,该进程需求趁热打铁,半途不能强制退出。

 

下面用时刻轴表明每个进程的演进次序和所花费的时刻,如下图所示。从某日的00:34:34开端到00:38:50完毕的进程。


假如有些用户不习惯在CLI下操作晋级指令,这一作业相同能够在WebUI中完结。




第三步:验证更新

咱们看到最终一行显现总数为40473,这个数值和下载的插件数量一向,代表晋级完结。


留意:缝隙晋级视频我们可拜访:http://www.tudou.com/programs/view/kyTmc42Ky14/


第四步:开端缝隙扫描-定制战略

首要扫描财物,树立资源池,这儿就不具体介绍。在OSSIM体系里默许界说了三种战略,默许为Default,该战略最为常用。

假如需求更改战略,请点击CREATE NEW PROFILE按钮。

接着开端扫描,填写使命称号,挑选Sensor,挑选战略,挑选资源池内的主机,最终点击新建使命按钮。

 

扫描预备

 

缝隙扫描时那些进程最繁忙?

Htop是Linux体系中的一个互动的进程检查东西,该指令能够协助管理员了解扫描发作的改变。#htop  -d 50

一次扫描多少机器适宜?

假如所监控网段服务器数量超越25台,这儿假设是100台,那么至少分4次扫描,例如直接输入“192.168.11.0/24”,这样表明一个网段,那么OSSIM体系负载将会显着增大,扫描等候时刻显着延伸,或许会长达数天,直到超越一个计划使命的周期,这样或许形成一个恶性循环,直到拖垮整个体系。

进过300多分钟都没有完毕的使命最终逃脱不了失利的命运。


扫描成果剖析

 不过在剖析时,谈到“过期”的缝隙问题,在一些陈旧些操作体系Windows NT/2000、Solaris7/8、Linux(2.2 、2.4内核)从前存在的那些体系缝隙、网络服务器缝隙,在现代体系中现已绝迹,受影响体系现已被修正,这种缝隙变得没有任何价值。对这些体系进行缝隙扫描变得没有意义。

版权声明
本文来源于网络,版权归原作者所有,其内容与观点不代表威尼斯人立场。转载文章仅为传播更有价值的信息,如采编人员采编有误或者版权原因,请与我们联系,我们核实后立即修改或删除。

猜您喜欢的文章