How to update OpenVAS offline with connecting to another server - openvas

I'm working with a server that I don't want to connect it to Internet because of it's importance. How can I update openvas from connecting to another local server?

you need to have a “proxy” server (either full GVM installation, or just a rsync-client) that gets updates from community feed. Then you can distribute updates to your local network by enabling rsync-server in “proxy”
for more details:
https://community.greenbone.net/t/nvt-sync-a-security-risk/693/6

Related

Installing Wazuh Server in Windows Server

We do have one server [Windows Server 2016] and i want to monitor that server, by installing Wazuh Tool.
I saw the documentation, but still i am getting confused. Should i need to install,
Wazuh Server
Wazuh Agent
Kibana
in server.? I don't see any article related to installing Wazuh Server in Windows Machine.
After following up the wazuh documentation, i can able to go up to a certain limit.
Installed Virtual Box in Windows Server.
Downloaded Wazuh OVA file and imported the same into virtual box.
Now i can able to connect to Wazuh Server, using the default credentials.
Now i stuck up at one place. I need to get the IP. I tried with 'Ip addr' command. But still, it is showing 127.0.0.1/8
As far as i checked, it is creating some dynamic IP's. Is there a way to setup Static IP. So that, i can able to access Wazuh Web console
through that IP.
Some of my findings:
It seems that the eth0 network interface for the VM does not have an IPv4 address assigned to it.
In the video in the documentation when running 'ip addr' it shows a dynamic IPv4 address as well as the IPv6 address so I suspect that this is the reason you cannot access the web console. This could be caused by the type of network interface you created for the VM in virtual box.
-------- Edited----------
As per your guidence, i did the following things.
Wazuh Server:
Virtual Box -> Adapter 1 -> Bridged Adapter
Virtual Box -> Adapter 2 -> Host-only Adapter
Started the Virtual Box and checked the 'Ip addr' command. Got the following IP's, eth0 [192.168..] and eth1 [10.0..]
In browser, i tried https://192.168.. and i can able to login to kibana.
Wazuh Agent:
The server which ever i am going to monitor, i installed Wazuh Agent. In the Wazuh Config file, i need to specify
Here i am bit confused. Should i need to give the actual server IP [where the wazuh server is] or i need to specify the IP's which i am getting in 'Ip Addr' command.?
I have tried all the IP's. When i check the Logs, it is showing like,
start_agent.c:100 at connect_server(): ERROR: (1216): Unable to connect to 'xx.xx.xx.xxx': 'Bad file descriptor'.
I recommend you reading the Architecture guide for a better understanding of how Wazuh works. Its architecture is based on agents, which means you need to install Wazuh agent on those endpoints you want to monitor (for example, your Windows server), and then connect these agents to a Wazuh Manager server (which need to be installed in a Linux machine, so you will need another server).
Kibana/Splunk are optional and useful tools to index the data generated by the manager for better visualization. I recommend using Kibana and the Elasticsearch Stack.
For the Linux Wazuh Manager server I recommend trying the all in one deployment, or, if you will have few agents connected and doesn't want to deploy any instance from scratch, you could try the pre-built Virtual Machine appliance (OVA)
I hope this helps you. The best point to start using Wazuh is the Getting started guide. I recommend you read that first of all.
------------------------ edit --------------------
Hello,
I'm sorry if I weren't clear enough. Wazuh has two main components: Manager (server in the documentation) and Agent.
The manager is also called a server because it serves the Wazuh service itself. That means the part of Wazuh that analyzes security events and generates alerts.
But Wazuh agent (despite its name) is also installed on servers that you want to monitorize and it is used to send security events to the Wazuh Manager (server) so they could be analyzed.
That said, if you want to correctly monitorize a Windows server you need to install the Wazuh Windows agent on it because it is designed to monitorize Windows servers. And you need to connect this agent to a Wazuh server. Here, you have different options:
You could install the Wazuh Manager in another (Linux) server.
You could install docker and docker-compose on your Windows server and use the wazuh-docker GitHub repository to deploy a Wazuh manager stack (with Wazuh, Elasticsearch and Kibana) to connect you, agent, to.
You could install the Wazuh OVA (VM appliance) on Virtualbox or similar software (this Virtual machine has installed by default Wazuh Manager, Elasticsearch and Kibana as well).
I see that you're trying with the 4th, deploying the Wazuh OVA on Virtualbox. Nevertheless, remember that you must have to install the Windows agent as well and connect it to the Wazuh Manager.
Regarding the IP question. My advice here is to enter the VirtualBox configuration for the machine and set up two network interfaces (or adapters). One host-only adapter (which will have a static IP that you could use to connect from your local browser) and other with a bridged adapter (to connect to the internet). Then, I recommend using nmtui (a console user interface for network manager) to set up your static IP as in the attached capture. That should be enough.

ORA-12541: TNS: no listener in SSIS

We have oracle oledb connections in SSIS packages that are working well on windows server 2008.
We moved them to windows server 2012 and installed the needed softwares. We installed oracle client (oraoledb driver), moved tnsnames.ora, ldap.ora and sqlnet.ora to %Oracle_Home%\Network\admin path, add %Oracle_Home% and %Oracle_Home%\bin to path variable.
But on server 2012 oracle connections are giving this error ORA-12541: TNS: no listener. Where as on server 2008 same oracle connections are working fine.
Looked so much across internet but found these solutions:
Check tnsnames.ora
Check listener is running
Check path variable contain oracle home, oracle_home\bin
I don't see a problem with tnsnames.ora because same file is present on both window servers. Correct path variables are also set. Listener is also running (since SSIS on server 2008 is connecting). And I am able to ping oracle db server from both machines.
Can anyone suggest anything that we may try.
To put a formal answer in here.
Basic troubleshooting steps with SSIS:
Use the database native tools to check connectivity
In this case for Oracle that is SQLPLUS.EXE
If you have an issue with native tools then it isn't an SSIS issue
Check that you can resolve the host by using PING <hostname>.
If that doesn't work try PING <ip address>
If ping works, check the port with TELNET <host> <port>
If that doesn't work, either the service is not listening or you need to get your network guys to open the port
This goes for any network service
i.e.
SQL Server (default port 1433)
a web server (default port 80 for unencrypted comms)

Set up a NTP server which can be queried globally

I want to set up a server (hosted on aws/or a running system in some part of the world) as an NTP server that can be queried globally.
Currently, I have modified the ntp.conf file on the node to be made the server as server . But the problem is, on using an NTP client if I try to query time from this server, or rather on using sudo ntpdate it says no suitable server found.
However, if I replicate the same on my local network (the server, as well as the querying node, are all on the local network) then this works perfectly fine.
I think the problem might lie in the ntp.conf file. Do I need to put some specific restrict lines for this to work publicly as well? And no I cannot list the server on public ntp pages. Is it at all possible?
Solved. This was a port issue. I was testing it on aws and had to manually open the related udp ports.

How can I connect to a SQL Server using SSMS 2016?

I'm a rookie so I'm not really acquainted with how this really works. I've downloaded SQL Server 2016 and once I log onto the Management Studio, it asks me to connect to a particular server.
I've no idea what server I should connect to. I've tried everything. Turned the firewall off, used cmd commands, (tells me that my access has been denied), registered a new server from within the studio (but nothing shows up in the Server Name drop-down) I'm really confused.
What server should I connect to?
Make sure that the server has TCP connections enabled (either following this guide https://msdn.microsoft.com/en-us/library/ms191294.aspx or by specifying /tcpenabled=1 flag to the installer).
Make sure you have remote access enabled (sp_configure N'remote access',N'1')
Make sure the firewall is configured to let you through or just disable it (only do so if the SQL Server is installed in a disposable VM): netsh advfirewall set allprofiles state off
I wrote a blog post on how to install SQL Server properly.

azure connect between azure myWebRole and nonazure server not working

My webapplication hosted on windows azure, needs to communicate with TFS Server. When any one login to my web app using live id, I want the logged in user to use my Team foundation server(TFS) credentials -username,password and domain to programatically authenticate and connect to our TFS server and create some work items.
I configured my azure connect for the communication to happen between azure WebRole and TFS server (our TFS is non-azure ).I added both the WebRole and the TFS Server into single Connection Group
In my azureportal ,I can see mywebrole and my TFSServer as connected the machine endpoint is active, and that it refreshes since the last connected updates
.But when I try to run my web application from azure and when it tries to communicate with our TFS server ,its throwing error message saying Error message : Team Foundation services are not available from server eg.,http://xyz-abcxyx-01:8080/tfs/eas/. Technical information (for administrator): The remote name could not be resolved: 'xyz-abcxyx-01'
Any suggestions to resolve this issue ?
You should enable remote desktop on your WebRole and connect to one of your instances. Then, try to ping the IP of your TFS server (not the hostname xyz-abcxyx-01). Maybe this is simply a DNS issue (even though using hostnames works with Windows Azure Connect).
If pinging the IP works, but pinging the hostname doesn't work you have a few options left:
Use the IP instead of the hostname. This won't work if you configured your TFS to use host headers.
Create an elevated startup task to modify the hosts file and map the IP to the hostname. In your code you can keep working with the hostname.
Try to modify the DNS server configured in your WebRole to use the default DNS server + your internal DNS server. But to me this doesn't look like a clean solution.
Anyways, in each solution you'll want to store the IP/hostname in the ServiceConfiguration and make sure your code supports changes to the ServiceConfiguration. This will allow you to change the IP/hostname without having to redeploy.
You should check if TFS server is listening on all network interfaces, include the one created by Azure Connect (start with 2a01). Next try to connect to TFS from a machine on the local LAN, just to make sure it is configured correctly. You don't need to use IP for referring to TFS, DNS name is definitely supported out of box.

Resources