nessus installation snapshots - nessus安装截图

---------- Forwarded message ----------
From: XIE WEN-MFK346 <wenxie at motorola.com>
Date: 2008/8/28
Subject: nessus安装截图
To: xiewenxiewen at gmail.com

nessus是世界上最好用的安全扫描工具之一，而且对个人用户是免费的


1.下载nessus
访问网址 http://www.nessus.org/download/
下载nessus安装程序


不用填个人信息，直接点"Click Here to Download Nessus Directly"


服务器是redhat es4 64位的，要下载对应的版本，用es4.i386的就行



2. 申请注册号
http://www.nessus.org/plugins/?view=register-info


选"Register a HomeFeed"


输入邮件地址


等一会，注册号会发到你的邮箱



3. 安装
rpm -Uvh Nessus-3.2.1-es4.i386.rpm



4.注册
访问网址 https://plugins.nessus.org/offline.php


按提示运行 /opt/nessus/bin/nessus-fetch --challenge 获取口令


输入口令和注册号


显示


记住第一个url地址
http://plugins.nessus.org/get.php?f=all-2.0.tar.gz&u=34a15dd5903bb80755a35dc1eedb56ac&p=a37a58daefcd003abccdeefc5dae2166
以后手工下载插件还会用到

然后点击第二个链接，下载 nessus-fetch.rc，url地址是:
http://plugins.nessus.org/mkconfig.php?ac=注册号&c=口令
如
https://plugins.nessus.org/mkconfig.php?ac=F7B4-D650-0C92-3B97-5373&c=4b3302bf5896ffc9555c53768352f5342c9ba479

把nessus-fetch.rc拷到/opt/nessus/etc/nessus/下
cat /opt/nessus/etc/nessus/nessus-fetch.rc



5.下载安装最新插件
修改配置文件/opt/nessus/etc/nessus/nessusd.conf,禁止自动升级
grep auto_update /opt/nessus/etc/nessus/nessusd.conf


a.如果服务器可以连接互联网，那么运行
/opt/nessus/sbin/nessus-update-plugins
自动下载最新插件


b.也可以手工下载，下载地址就是第4步得到的地址

然后解压
tar -C /opt/nessus/lib/nessus/plugins/ -zxf all-2.0.tar.gz

重建插件数据库 /opt/nessus/var/nessus/plugins-code.db,运行
/opt/nessus/sbin/nessusd -Q 或 /opt/nessus/sbin/nessusd -R



6.创建用户
运行 /opt/nessus/sbin/nessus-adduser
创建一个用户并设置用户登录权限
用户名:admin
认证方式:pass
密码:admin
规则:只允许本机访问
accept
127.0.0.1/32
default
deny



7. 启动nessusd服务
运行
/sbin/service nessusd start


nessus服务器安装完成。
然后就可以用bin/nessus扫描服务器漏洞了，这是命令行模式的，最好再装个图形界面的NessusClient


8. 安装NessusClient
下载地址http://www.nessus.org/download/


安装
rpm -Uvh NessusClient-3.2.1-es4.i386.rpm



9.运行NessusClient
/opt/nessus/bin/NessusClient


点"Connect...",选"localhost", 点"Edit..."
改成正确的用户名和密码


点"Save"保存
选"localhost"，点"Connect"


连接nessus服务


如果是第一次连接，会出现确认框，选"Yes"
连上后



10. 增加扫描策略

点右边的"+",
按需编辑各种选项







点"Save"保存
选中"my_policy",点菜单"File"->"Export Policy..."，保存到文件my_policy.nessusrc
(不过好像只能export，不能import, import菜单永远是灰的???)




11. 增加扫描目标
按需增加要扫描的地址


点"Save"



12. 保存配置

选菜单"File"->"Save As...",保存配置好了的目标和策略到文件my.nessus


.nessus文件是xml格式的
比如:
....
nohostname192.168.11.16
nohostname192.168.11.15
nohostname192.168.11.10
nohostname192.168.11.12
norange10.194.132.24010.194.132.255
yesrange192.168.11.0192.168.16.255
yesnetwork192.168.30.0255.255.255.0
yesnetwork192.168.50.0255.255.255.0
yesnetwork10.194.132.0255.255.255.0
....


13. 扫描

可以点"Scan Now"在图形界面扫描，也可以在字符界面用命令扫描
运行
/opt/nessus/bin/nessus -V -x --dot-nessus /root/my.nessus --policy-name "my_policy" 127.0.0.1
1241 admin admin /root/my_report.nessus >/root/my_nessus.log 2>&1


生成html格式的报表
/opt/nessus/bin/nessus -V -x --dot-nessus /root/my_report.nessus \
-i "`/opt/nessus/bin/nessus -V -x --dot-nessus /root/my_report.nessus --list-reports|/usr/bin/tail -1|/bin/cut -c4-|/bin/sed 's/.$//g'`" \
-o /root/my_report.html


观看报表
elinks /root/my_report.html



14.定期运行脚本

[root@MGT scripts]# cat nessus.sh
#!/bin/bash
usage ()
{
cat <
Usage: $0 {help=n|y} target={sendmail=y|n}
Examples:
$0 help=y
$0
target=test
EOF
}
if [ $# -lt 1 ]; then
usage
exit 1
fi
for f; do eval $f; done
if [ x$help = xy ]; then
usage
exit 0
fi

PD=`/usr/bin/dirname $0`
WD=`(cd $PD/..;pwd)`
#NPATH=/data/nessus
NPATH=$WD
LPATH=$NPATH/logs
RPATH=$NPATH/reports
SPATH=$NPATH/scripts
P=`/bin/basename $0|/bin/cut -d. -f1`
N=${target:-test}
D=`/bin/date '+%Y%m%d'`
LOG=$LPATH/${P}_${N}_${D}.log
UMASK=`umask`
umask 0077
exec 3>&1 4>&2
exec >>$LOG 2>&1
echo "Begin at `/bin/date '+%Y%m%d%H%M%S'`"

NESSUS=/opt/nessus/bin/nessus
CFG=$SPATH/${N}.nessus
NRPT=$LPATH/report_${N}_${D}.nessus
RPT=$RPATH/report_${N}_${D}.html
PARAM="-V -x"
NSERVER="localhost 1241 admin admin"
$NESSUS $PARAM --dot-nessus $CFG --policy-name "my_policy" $NSERVER $NRPT
$NESSUS --dot-nessus $NRPT --list-reports
RPTNAME="`$NESSUS --dot-nessus $NRPT --list-reports|/usr/bin/tail -1|/bin/cut -c4-|/bin/sed 's/.$//g'`"
$NESSUS $PARAM --dot-nessus $NRPT -i "$RPTNAME" -o $RPT
if [ x$sendmail != xn ]; then
ADDR="wenxie@motorola.com"
/usr/sbin/sendmail -v $ADDR <
To: $ADDR
Subject:
Nessus Scan Report for $N - $D
Content-Type: text/html; charset="iso-8859-1"
`cat $RPT`
EOF
fi
echo "End at `/bin/date '+%Y%m%d%H%M%S'`"
echo ""
exec 1>&3 2>&4 3>&- 4>&-
umask $UMASK

[root@MGT scripts]#



[root@MGT ~]# crontab -l |grep ness
#0 2 * * * /data/nessus/scripts/nessus.sh target=wjlab sendmail=n
[root@MGT ~]#



Xie wen（谢文）
Network & Operations,
Mobile Software Solutions (MDB)
MOTOROLA Inc.
No. 108 Jian Guo Road, Chao Yang District, Beijing
100022 P. R. China
e-mail wenxie at motorola.com



-fin-

how to determine oracle block size - 如何查看oracle块大小

---------- Forwarded message ----------
From: wen xie
Date: 2008/12/16
- Hide quoted text -
Subject: Fwd: how to determine oracle block size
To: xiewenxiewen at googlemail.com


---------- Forwarded message ----------
From: XIE WEN-MFK346
Date: 2008/12/16
Subject: how to determine oracle block size
To: xiewenxiewen at gmail.com

how to determine oracle block size

数据块特指data block，是数据文件的组成部分
重做日志的叫redo block，不叫data block, 大小一般等于操作系统块的大小，
可以查询select max(lebsz) from x$kccle;知道大小

SQL> select max(lebsz) from x$kccle;
MAX(LEBSZ)
----------
512
SQL>

控制文件的也不叫data block，叫control file block，查询select distinct block_size from v$controlfile;看大小

SQL> select distinct block_size from v$controlfile;
BLOCK_SIZE
----------
16384

或查询跟踪文件
alter session set events 'immediate trace name controlf level 10';
然后查看udump下的跟踪文件

DUMP OF CONTROL FILES, Seq # 6886 = 0x1ae6
V10 STYLE FILE HEADER:
Compatibility Vsn = 169870080=0xa200300
Db ID=1955690436=0x749177c4, Db Name='TEST'
Activation ID=0=0x0
Control Seq=6886=0x1ae6, File size=492=0x1ec
File Number=0, Blksiz=16384, File Type=1 CONTROL
Logical block number 1 (header block)

也可以用dbfilesize命令看大小

oracle@MGT ~/app/oracle/oradata/test]$ dbfsize control01.ctl
Database file: control01.ctl
Database file type: file system
Database file size: 460 16384 byte blocks
[oracle@MGT ~/app/oracle/oradata/test]$ dbfsize redo01.log
Database file: redo01.log
Database file type: file system
Database file size: 204800 512 byte blocks
[oracle@MGT ~/app/oracle/oradata/test]$ dbfsize system01.dbf
Database file: system01.dbf
Database file type: file system
Database file size: 38400 8192 byte blocks

(Database file size显示了两个数字，第二个是块大小，第一个是块数，但没计算文件头占用的那一块，所以再加一才是真正的块数)
控制文件块大小是16k
重做日志的是512
数据文件的是8k


外部链接:
Log Block Size
Controlfile Structure
Description Of V$Controlfile fields- BLOCK_SIZE and FILE_SIZE_BLKS
How to Determine the Exact Size of a Controlfile on a Raw Device

Xie Wen (谢文)
Network & Operations,
Multimedia Applications & Services (MDB) MOTOROLA Inc.
NO.104 mail box,
8th floor, Motorola Tower,
No. 1 Wang Jing East Road, Chao Yang District,
Beijing 100102 P. R. China
e-mail wenxie at motorola.com



-fin-

setup ssh for netapp filer - 配置netapp filer文件存储系统的ssh登录

---------- Forwarded message ----------
From: XIE WEN-MFK346 <wenxie at motorola.com>
Date: 2008/8/20
Subject: ssh自动登录netapp filer
To: xiewenxiewen at gmail.com


1. 启用netapp的ssh登录方式

默认没有启用ssh登录方式


先telnet登录到netapp


检查系统配置，发现没有打开ssh
options ssh


修改ssh配置
options ssh.enable on


按屏幕提示运行secureadmin setup ssh
按四次回车，即可


运行secureadmin enable ssh


ssh已被启用了
options ssh


按ctrl-d退出


现在可以用ssh登录了


但仍需要输入密码
下面配置自动登录，不用密码登录



2. 配置自动登录
回到unix
生成ssh密钥
运行ssh-keygen -t dsa
回车3次，不要输入私钥密码


生成了一个私钥id_dsa, 和公钥id_dsa.pub


root用户挂载netapp根卷vol0


将刚才生成的公钥添加到 etc/sshd/root/.ssh/authorized_keys 文件内


卸载vol0根卷


回到s3op1用户，ssh登录不用输入密码了






Xie wen（谢文）
Network & Operations,
Mobile Software Solutions (MDB)
MOTOROLA Inc.
No. 108 Jian Guo Road, Chao Yang District, Beijing
100022 P. R. China
e-mail wenxie at motorola.com



-fin-