Results 1 to 20 of 20

Thread: Security Test

  1. #1
    Join Date
    Dec 2003
    Posts
    55

    * Security Test

    Hello,

    I do not run a 'hosting company' or anything related, because (let's face it) I am not ready for it yet. I have installed ftp/smtp/dns/http/pop3/ servers on my FreeBSD 4.9 and I would like to know if there is anyone kind that could scan/check/test my server for free and help me out fix the security holes? I tried my best to patch everything, but I feel like I am newbie.

    Thanks for replay, I hope there will be any...

  2. #2
    Join Date
    Feb 2004
    Posts
    772
    Hi,

    Please try "chkrootkit" from http://www.chkrootkit.org

    Regards,

    Bright

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    look into nessus
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,560
    agree with thelinuxguy - nessus

    chkrootkit is for checking you havent already been compromised, nessus will do a proper scan externally and tell you what you need to know

  5. #5
    Join Date
    Dec 2003
    Posts
    55
    Hello,

    I am not using graphic interface in my server http://www.nessus.org/demo/second.html , can I just install client on windows machine, and connect it to my server?


    Thanks for reading my post

  6. #6
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,295
    Won't Nessus just check from _inside_ the server? IMHO you need something to be looking in from outside. Haven't tried it for a while but http://www.hackerwhacker.com/ do a free scan

  7. #7
    Join Date
    Dec 2003
    Posts
    55
    OK, I just installed nessus on my box...but I can't connect to it form my windows machine in same network.
    Why is that?
    I started nessusd...

  8. #8
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,295
    I think you have to set up a username / password for nessusd

  9. #9
    Join Date
    Aug 2003
    Posts
    2,734
    Try nessus

  10. #10
    Join Date
    Dec 2003
    Posts
    55
    OK, everything works fine....but I do not have any plugin in my windows client. Any at all, are there any avaliable packs? Because it will take time to download one by one from nessus.com. Also when I am trying to upload one plug in it says: "Plugin upload failed: server doesn't accept the plugin"

  11. #11
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,295
    Uninstall everything & re-install from ports (you said you're using FreeBSD?), you should find nessus & nessus-plugins under /usr/ports/security

  12. #12
    Join Date
    Dec 2003
    Posts
    55
    Thi is how I installed it. I used ports. But I don't have any plugins here, in windows client.

  13. #13
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,295
    Not sure I understand what you're saying, you did install nessus-plugins from ports?

  14. #14
    Join Date
    Dec 2003
    Posts
    55
    Yes, I did install it on freebsd box.
    But I want to perform scan using windows client, is it possible?
    In windows client, it doesnt how me any plugins.

  15. #15
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,295
    Which client are you using, can you give me an address to download it?

  16. #16
    Join Date
    Dec 2003
    Posts
    55

  17. #17
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,295
    Well, I've just installed NessusWX on my Windows XP box & this is the dialogue when I connect to the nessus server on my FreeBSD box -

    Nessus Console [Version 1.4.4] Ready
    SSL library initialized
    New encryption key was generated
    Database directory "C:\NessusDB" created successfully.
    New session named "Session1" created.
    Connecting to server 192.168.1.1 (port 1241) using TLSv1 encrypted connection...
    SSL connection using DES-CBC3-SHA
    Using < NTP/1.2 >
    Connection with the server [192.168.1.1] established.
    1149 plugins loaded <<<< You might have more plugins
    131 preferences received
    0 rules received

    Are you seeing similar?

  18. #18
    Join Date
    Dec 2003
    Posts
    55
    I am getting only this:

    <<< Cannot open debug log >>>
    Nessus Console [Version 1.4.4] Ready
    SSL library initialized
    Connecting to server 192.168.1.101 (port 1241) using TLSv1 encrypted connection...
    SSL connection using AES256-SHA
    Using < NTP/1.2 >
    Connection with the server [192.168.1.101] established.
    0 plugins loaded
    33 preferences received
    0 rules received

  19. #19
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,295
    Looks to me as if you haven't installed nessus-plugins. Do you have shell access to your server? If so, try pkg_info & look for nessus* (these are what I have installed)

    nessus-1.2.7 A security scanner: looks for vulnerabilities in a given network
    nessus-libnasl-1.2.7 Nessus Attack Scripting Language
    nessus-libraries-1.2.7 Libraries for Nessus, the security scanner
    nessus-plugins-1.2.7 Plugins for Nessus, the security scanner


    Did you install the plugins after starting nessusd?

    Clutching at straws here, I'm running out of ideas.

  20. #20
    Join Date
    Dec 2003
    Posts
    55
    Now everything seems to be allright...

    BUT, BUT, BUT there is some problem with my dns server, the program returned me this:


    The remote name server allows recursive queries to be performed
    by the host running nessusd.

    If this is your internal nameserver, then forget this warning.

    If you are probing a remote nameserver, then it allows anyone
    to use it to resolve third parties names (such as www.nessus.org).
    This allows hackers to do cache poisoning attacks against this
    nameserver.

    If the host allows these recursive queries via UDP,
    then the host can be used to 'bounce' Denial of Service attacks
    against another network or system.


    See also : http://www.cert.org/advisories/CA-1997-22.html

    Solution : Restrict recursive queries to the hosts that should
    use this nameserver (such as those of the LAN connected to it).

    If you are using bind 8, you can do this by using the instruction
    'allow-recursion' in the 'options' section of your named.conf

    If you are using bind 9, you can define a grouping of internal addresses
    using the 'acl' command

    Then, within the options block, you can explicitly state:
    'allow-recursion { hosts_defined_in_acl }'

    For more info on Bind 9 administration (to include recursion), see:
    http://www.nominum.com/content/documents/bind9arm.pdf

    If you are using another name server, consult its documentation.

    Risk factor : Serious
    CVE : CVE-1999-0024
    BID : 678

    I was looking over the google to find out soluton, but all I can find are same logs as other people are getting from nessus and no more explanation.

    I am using bind 9, however I just dont get how do I do this:
    If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command
    and
    [
    Then, within the options block, you can explicitly state: 'allow-recursion { hosts_defined_in_acl }'
    thanks for you support !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •