Showing posts with label docker. Show all posts
Showing posts with label docker. Show all posts

Sunday, October 16, 2022

Building Vulnerability Scanners with Portainer

  Currently, I am in school for my Master, and we had an assignment to conduct vulnerability scanning on our home network.  It has been a while since I installed Nessus or OpenVAS, and technology has certainly changed. 

I have been using Portainer recently for most of my Docker containers and wanted to see if it was that easy for Nessus or OpenVAS.   

For Nessus, I did a search for 'Nessus docker-compose' 

version: '3.1'

services:

  nessus:
    image: tenableofficial/nessus
    restart: always
    container_name: nessus
    environment:
      USERNAME: <user>
      PASSWORD: <password>
      ACTIVATION_CODE: <code>
    ports:
      - 8834:8834

I changed the username/password and activation code.  Then I went into Portainer, created a new stack, and placed the above in the web editor.  

From there, I clicked deploy stack.  About 20 minutes later (plugin updates on Nessus), I was up and operational on Nessus Essentials.  One side note to this is that Essentials will only scan 16 IPs, but it's free.

For OpenVAS I searched on Google for 'OpenVAS docker-compose' and found https://github.com/immauss/openvas.  From there, I used the below:

version: "3"
services:
openvas:
ports:
- "8080:9392"
environment:
- "PASSWORD=admin"
- "USERNAME=admin"
- "RELAYHOST=172.17.0.1"
- "SMTPPORT=25"
- "REDISDBS=512" # number of Redis DBs to use
- "QUIET=false" # dump feed sync noise to /dev/null
- "NEWDB=false" # only use this for creating a blank DB
- "SKIPSYNC=true" # Skips the feed sync on startup.
- "RESTORE=false" # This probably not be used from compose... see docs.
- "DEBUG=false" # This will cause the container to stop and not actually start gvmd
- "HTTPS=false" # wether to use HTTPS or not
volumes:
- "openvas:/data"
container_name: openvas
image: immauss/openvas:$TAG
volumes:
openvas:

Same procedures as Nessus.  Opened Portainer, and added new stack.  The web editor copied the above information and deployed stack.   On this one, I forgot to update the username/password for my instance.  So that shows as a vulnerability as you conduct a scan. 

Overall, both of these installs were very easy, and I was up and running in about 30 minutes and running scans against my home network. 


Posted by Xfaith at 9:34 AM 0 comments
Labels: , , , ,

Saturday, October 8, 2022

Installing MISP with Portainer on Unbuntu 22.04 VM

 I am installing MISP on the same VM that I have running OpenCTI.   As Portainer is already installed on there.   

I chose Coolacid's docker buildout

First things first you have to build out a directory structure on the host VM.  

sudo mkdir /data/compose/#/   

Additional folder under the number (mine was 2) are:

  • files
  • ssl
  • server-configs
  • logs
Back at Portainers web ui.  Select Stack from the Left menu, and click +Add Stack

Next name the stack (lower case) and use the web editor upload the docker-compose
 

Click Deploy Stack at the bottom of the page and you are ready to access the MISP login screen. 


  • Default email: admin@admin.test
  • password: admin 

Password will be required to be changed on first login



Posted by Xfaith at 11:13 PM 0 comments
Labels: , ,

Sunday, October 2, 2022

Installing OpenCTI with Portainer on Ubuntu 22.04

 Having played around with SecurityOnion I was starting to look into Threat/Intel feeds, which lead me to a few applications:   OpenCTI, and MISP to name a few.  Today I am going to look at setting up a Docker instance of OpenCTI on Ubuntu 22.04 VM. 

While researching  OpenCTI I found documentation of setting up OpenCTI with Portainer.  Having never heard of Portainer, I first wanted to see what that was all about.

From the website for Portainer:  Container Management made easy.   Sold!  I have used Docker a few times, but mostly basic stuff like setting up a container, inspecting the container, ect.  So I don't really have much experience, but from the looks of Portainer, it has a GUI front end and works with Docker and Kubernetes.  I figured I could use it as I was going to use this system later to install a Docker instance of MISP on the same machine.  

The basis of the install procedures came from here.  

I had selected "Docker" option while installing Ubuntu 20.24 server.  So I skipped the first part, and started with creating a swarm (On one computer mind)

docker swarm init --advertise-addr 192.168.1.100

This will setup a Docker swarm and my machine is the Manager node.  

Installing Portainer

Below are the commands I ran on my Ubuntu VM for initial setup of Portainer.

mkdir -p /opt/portainer
cd /opt/portainer
curl -L https://downloads.portainer.io/portainer-agent-stack.yml -o portainer-agent-stack.yml

I updated the Ports associated in the portainer-agent-stack.yml (due to a conflict with OpenCTI)
       
         ports:
            -19000:9000
            -18000:8000

Last step is deploy the Docker container

docker stack deploy --compose-file=portainer-agent-stack.yml portainer

Access Portainer from <UbuntuVM_IP>:1900 




Installing OpenCTI

OpenCTI will be installed from within Portainer.  A docker-compose file is required for the installation.


This version had connectors setup for OTX, greynoise, abuseip, shodan, inetzer, and a few others.  A few configuration are required with the above file, for instance, you will need to update all the UUIDs and add in your API from the above sites.  Lastly, make sure you add your email address/password into the file in the below section:

    - APP__ADMIN__EMAIL=
    - APP__ADMIN__PASSWORD=


When logged into Portainer you create a new stack as shown below:


Next you provide a name and copy the docker file into the web editor as show below: 


Lastly deploy the stack and wait about 30 minutes for it to fully build.  Once complete you will be able to access the site at https://ip:8080.








  




Posted by Xfaith at 10:46 AM 0 comments
Labels: , , , ,

Friday, August 28, 2020

Apt-Cacher-NG SecurityOnion

I built out a SecuriyOnion Master server 16.04.2 (wanted an older copy), and wanted to use Master Server since this is what I work on mostly. I am pretty sure they renamed it from Master server, but off the top of my head I cannot remember what is the new term. From there I ran the full setup and made sure that SecurityOnion was able to process data, next I installed Apt-cacher-NG on this machine. The setup was pretty strait forward. sudo apt get apt-cacher-ng edit the apng.conf file sudo ufw allow 3142 (the port for other machines to talk to the caching server) Next I ran sudo-soup and watched the updates come in. Verified it was updated to SecurityOnion 16.04.07. After this I built a second machine running SecurityOnion 16.04.2 and edited the sources.list, adding the IP address of the primary client to the front end of each of the repo locations. From there I ran sudo soup, and watched it connect to the primary SecurityOnion server and process all the updates. After reboot I verified that this was brought up to SecurityOnion 16.04.7 also. One issue/question that I have right now is that I believe docker is not part of the repo checking, and that it looks somewhere else to do those updates. I will need to figure out how to do the docker updates on the "repo" so that I can do the docker in an offline update. I think next I am going to download a vanillia version of ubuntu and verify that I can pull updates from the SecurityOnion "Repo" server to update that to the newest version of Ubuntu (16.04). I know that I am running older versions of software, but I am locked into a certain version of software, so I have to work with what I am allowed.
Posted by Xfaith at 8:57 PM 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)