Category Archives: Linux

OpenVAS 9 woes

So after all is said and done, it’s already been noted in the mailing list that openvas9 uses rsync for at least 2 update commands getting scapdata and certdata and so port 873 needs to be open through your proxy. Good luck getting a large corporate IT to punch a hole in their proxy to let that through.  From what I’ve been seeing, there’s no easy way to manually retrieve the updates either.  C’est La Vie.
Continue reading OpenVAS 9 woes

Systemwide Proxy Settings for LinuxMint/Ubuntu forks

I’ve been building several new boxes based on linux variants and flavors lately at work (Centos6x, RHEL6.5, Ubuntu12.04-14.04Server/Desktop, SLES, etc) and always have to deal with the proxy settings. For the web, it’s a simple matter of changing the proxy settings in firefox. For APT, it’s a different matter. Doing a websearch yields varied results, some of which are temporary or partial fixes. Yes, that includes attempting to set them in network settings via gui.

What has consistently worked for LinuxMint (including v16 and v17rc), Ubuntu and others of that variant is to change the settings system-wide in a few areas, all of which need to be changed as root:

  1. apt-get setting
  2. environment variables
  3. settings for GTK3 based programs (Gnome desktop)

Apt-Get

gedit /etc/apt/apt.conf.d/95proxies

and add the following (edited for your proxy of course)

Acquire::http::proxy “http://yourproxy.server.com:8080/”;
Acquire::https::proxy “https://yourproxy.server.com:8080/”;
Acquire::ftp::proxy “ftp://yourproxy.server.com:8080/”;

If you need to authenticate, change the lines to read similar to:

Acquire::http::proxy “user:pass@yourproxy.server.com:8080/”;

 Environment

gedit /etc/environment

add/change to: (Some apps use case sensitivity, therefore it’s duplicated here to catch it either way)

http_proxy=http://myproxy.server.com:8080/
https_proxy=http://myproxy.server.com:8080/
ftp_proxy=http://myproxy.server.com:8080/
no_proxy=”localhost,127.0.0.1,localaddress,.localdomain.com”
HTTP_PROXY=http://myproxy.server.com:8080/
HTTPS_PROXY=http://myproxy.server.com:8080/
FTP_PROXY=http://myproxy.server.com:8080/
NO_PROXY=”localhost,127.0.0.1,localaddress,.localdomain.com”

 GTK3

open a terminal window, change to root (sudo su) and enter/paste the following:

gsettings set org.gnome.system.proxy mode ‘manual’
gsettings set org.gnome.system.proxy.http host ‘yourproxy.server.com’
gsettings set org.gnome.system.proxy.http port 8080

When done, Reboot.  I’ve noticed that you do not need to reboot if you’re in a terminal running apt-get update but the gui Software Manager and others will not work until you do reboot.

Shorewall Two-Interface

Install Ubuntu (12.04LTS Desktop)
Set proxy if needed
add canonical partners to software repositories
apt-get update
apt-get install nedit
apt-get install joe
apt-get install vim
apt-get install xrdp
apt-get install gnome-session-fallback
in your homedir via terminal: echo “gnome-session –session=gnome-fallback” > .xsession
apt-get install bridge-utils
apt-get install shorewall shorewall-doc

edit /etc/network/interfaces to contain:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# To skip network manager
iface eth0 inet manual
iface eth1 inet manual
auto br0
iface br0 inet dhcp
bridge_ports eth0 eth1

copy the presetup shorewall configs to /etc/shorewall/
sudo shorewall check
sudo shorewall start
If you wish to have remote access, DO NOT edit /etc/default/shorewall and set startup=1

Configs:

  • /etc/shorewall
    • Shorewall configuration directory.
  • /etc/shorewall/interfaces
    • Specifies the network interfaces that Shorewall uses. Once Shorewall is setup and configured, this file should remain static.
  • /etc/shorewall/zones
    • Specifies and names the zones that Shorewall uses. Once Shorewall is setup and configured, this file should remain static.
  • /etc/shorewall/policy
    • High-level policy for connections between the zones defined in the zones file. In our case, the default policy is to drop a packet unless a rule is specified in the rules file to allow it to cross.
  • /etc/shorewall/rules
    • This file specifies what traffic will be allowed to cross the firewall. This will be the most actively edited file during testing.
  • /var/log/syslog
    • This is where Shorewall messages are logged.

For logfile analysys, check out logwatch: http://sourceforge.net/projects/logwatch/

For hardening of an Ubuntu system (specifically 12.04LTS) see: http://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics

[this post to be update/finalized soon]