31 å«, 2006
该模型有6个环节和3大要素。6个环节是W、P、D、R、R、C,它们具有动态反馈关系。其中,P、D、R、R与PDRR模型中出现的保护、检测、反应、恢复等4个环节相同;W即预警(warning),就是根据已掌握的系统脆弱性以及当前的计算机犯罪趋势,去预测未来可能受到的攻击与危害;C(counterattack)则是反击——采用一切可能的高新技术手段,侦察、提取计算机犯罪分子的作案线索与犯罪证据,形成强有力的取证能力和依法打击手段。因此近年来出现的“计算机取证(computer forensics)”成为业界的研究热点之一。人、政策和技术是WPDRRC模型中具有层次关系的3大要素,其中“人”是内层,是基座;“政策”包括法律、法规、制度和管理,是中间层;“技术”是外层,它的操作必须受到人和政策这两个层面的制约。WPDRRC模型的核心是实现企业信息安全资源的综合管理(enterprise information security resource management,EISRM)。EISRM的重点是两大主要特征:
其一,信息安全是非常重要的企业基础资源,信息安全得不到保障,企业的信息化管理就是空中楼阁,从而影响到整个企业管理水平的提升,甚至是对生产经营造成危害,对国民经济具有重要意义的企业更是带来极其严重的社会影响。
其二,信息安全是一种综合资源,而非单一的技术系统,包括企业能力、人、技术、政策都是其密不可分的组成部分,只有将这些相关资源整合成一套体系,才是真正意义上的信息安全。以上两点是区分传统信息安全观念的根本特征,也是信息安全体系框架的基石。
27 å«, 2006
男子汉大丈夫,做人做事光明磊落,坦坦荡荡! 至于别人爱怎么想就怎么想.25 å«, 2006
OS:FreeBSD 6.0
Application Software:Mysql4.1 + Perl5.8 + Apache2.2.3+PHP5.1.5 + Nessus 3.0.3 + Nmap 4.11 + Nikto 1.35 + Inprotect 0.22.03 + Jpgraph-2.1.2
Recommend tools: Hydra+Nikto+John etc
Before installing, please ensure the following software is
installed on your host(s).
1) Perl v5.8
Perl libraries :
- DBI
- MIME::Lite
- Parallel::ForkManager
- Date::Calc
2) Apache2.2.3
3) PHP v5.1.5
Note: PHP with compiled with GD support (C) in /usr/ports/lang/php5-extensions/
4) MySQL v4.1
Note: #chown -R mysql:mysql /var/db/mysql
5) Nessus v3.0.3
6) Nmap v4.11
**********************************************************************
Please note, we assume you have already installed the above packages
and where services, they are already started. If you have not done so,
please complete before continuing.
**********************************************************************
Part I - Setup Inprotect "scanner"
----------------------------------
** N.B. There is no longer any need to setup the Inprotect software **
** on the "scanner" hosts any longer - useful for having multiple **
** drone "scanners" just running Nessus / Nmap. **
P.S. This can be installed on a separate host or the same one you will
be using to host the "web console" and "database".
1. Setup a Nessus user so the Inprotect "console" can login to the
Scanner (you'll need to remember the username / password to add
the "scanner" into the Inprotect "console":
$ nessus-adduser
Add a new nessusd user
----------------------
Login : <login for Inprotect to use>
Authentication (pass/cert) [pass] : pass
Login password : <password for Inprotect login to use>
Login password (again) : <password for Inprotect login to use>
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)
<simply press ctrl-D as no rules are required - policy
configuration will be completed through the Inprotect GUI>
Login : <login for Inprotect to use>
Password : *******************
DN :
Rules :
Is that ok ? (y/n) [y] y
user added.
2. Setup a cron job to run the Nessus update plugins script
("nessus-update-plugins") found in the <NESSUS_INSTALL>/sbin
directory.
N.B. This should be set to run by root on a daily basis. Where
you have multiple "scanners", ensure they run at the some time to
keep your "scanners" plugin archives consistent. An example line
for root's crontab is (this will run at 2am every morning):
00 2 * * * root /usr/local/sbin/nessus-update-plugins
3. Repeat if you have multiple "scanners".
modified install.sh so that runing on FreeBSD.
=================================================================================
cp -rf console/scripts/sched.pl /usr/local/bin
cp -rf console/scripts/inprotect.cfg /usr/local/etc
echo "/usr/local/bin/inprotect_reset.pl" >> /etc/rc.d/rc.local
echo "/usr/local/bin/sched.pl" >> /etc/rc.d/rc.local
crontab -l | grep -F -v -f console/crontab_web | grep -v ^# > /tmp/cron.tmp
cat console/crontab_web >> /tmp/cron.tmp
crontab /tmp/cron.tmp
rm /tmp/cron.tmp
crontab -l | grep -F -v -f scanner/crontab | grep -v ^# > /tmp/cron.tmp
cat scanner/crontab >> /tmp/cron.tmp
crontab /tmp/cron.tmp
rm /tmp/cron.tmp
echo "Web console setup finished."
echo "Please review settings in the files:"
echo " - /usr/local/etc/inprotect.cfg"
echo " - $web/config.php"
}
install_db(){
echo "Setting up Inprotect database"
echo "============================="
FAIL=1
while [ "$FAIL" -eq "1" ];
do
mysql -u root -p -e "show databases;" >>/dev/null 2>&1
if [ "$?" -eq "0" ]; then
mysql -h localhost -u root -p < console/sql/inprotect.sql
FAIL=0
else
echo "Please enter mysql root password:"
stty -echo
read mysql_pass < /dev/tty
stty echo
mysql -u root -p$mysql_pass -e "show databases;" >> /dev/null
if [ "$?" -eq "0" ]; then
mysql -u root -p$mysql_pass < console/sql/inprotect.sql
FAIL=0
else
FAIL=1
fi
fi
done
echo "Database setup finished."
}
=================================================================================
Part II - Setup Inprotect "database"
------------------------------------
N.B. This can be installed on a separate host or the same one you will
be using to host the "web console" and "scanner".
1. If you haven't already, it is recommended you set a password for
the "root" user in your MySQL installation:
Mysqladmin -uroot -p password "Newpassword"
2. Enter the directory where you un-tarred the Inprotect download
(N.B. If you are using CentOS Linux, you will not be able to
install from /tmp).
3. Run the "install.sh" script and select option 2:
$ ./install.sh
Inprotect installation
======================
Please run this installation as root user
1 - Install Web Console interface only
2 - Install Database only
3 - install Web Console & Database components
Q - Quit without installation
N.B. To install a Scanner, all you need is Nessus and required
components installed on a scanner host - see INSTALL file (part I)
for more details.
Make your selection [1-5] (Choose menu item 5.)
2
Database setup finished.
4. Create a MySQL user for the Inprotect Web Console to use:
mysql> GRANT ALL ON inprotect.* TO <inprotect_username>@localhost
IDENTIFIED BY <inprotect_password>;
mysql> exit
Part III - Setup Inprotect "web console"
----------------------------------------
N.B. This can be installed on a separate host or the same one you will
be using to host the "web console" and "scanner".
1. Enter the directory where you un-tarred the Inprotect download
(N.B. If you are using CentOS Linux, you will not be able to
install from /tmp).
2. Run the "install.sh" script and select option 1:
$ ./install.sh
Inprotect installation
======================
Please run this installation as root user
1 - Install Web Console interface only
2 - Install Database only
3 - install Web Console & Database components
Q - Quit without installation
N.B. To install a Scanner, all you need is Nessus and required
components installed on a scanner host - see INSTALL file (part I)
for more details.
Make your selection [1-5] (Choose menu item 5.)
1
Setting up Web Console interface
================================
Inprotect webroot path [/var/www/html]
<enter for the default above or type your own webroot>
/somewebroot does not exist - do you want to create it ? [y]
<enter for yes>
Web console setup finished.
Please review settings in the files:
- /usr/local/etc/inprotect.cfg
- /somewebroot/config.php"
3. Now edit the inprotect.cfg using your favourite editor (it can be
found in /usr/local/etc) and change the following lines to be:
NESSUSPATH=<path where "nessus" is>/nessus
DATABASEHOST=<localhost or hostname of MySQL server from Part II>
DATABASEUSER=<MySQL username setup in Part II, pt 4>
DATABASEPASSWORD=<Password for MySQL user setup in Part II, pt 4>
EMAILSUBJECT=<Subject of results e-mails sent by Inprotect>
4. You now need to edit the config.php installed in the webroot
location in point 2 using your favourite editor (using our
example, it would be /somewebroot/config.php). Change the
following lines to be:
$dbhost="<localhost or hostname of MySQL server from Part II>";
$dbuname="<MySQL username setup in Part II, pt 4>";
$dbpass="<Password for MySQL user setup in Part II, pt 4>";
5. If you wish your Inprotect Web console to only use encrypted HTTP
(i.e. HTTPS), change the following line in
/somewebroot/config.php:
$enablessl=1;
For this to work, you must make sure your webserver is configured
to run a HTTPS server at the virtual host you configure for
Inprotect.
6. Finally configure your web browser to server webpages giving it
permissions to execute PHP scripts within the webroot you
specified in point 2.
7. Login to the Inprotect Web Console using the username "Admin"
(case sensitive) and the password "password".
8. Add the "scanner" server you configured in Part I to the Inprotect
system by selecting:
Settings -> Nessus Servers -> Add new Nessus server
Enter the following information:
Server Name: <Insert a meaningful name for the scanner>
Server Description: <Insert your own description>
Server Hostname/IP address: <Insert the host/IP of the scanner
setup in Part I>
Server Port: <Enter the port of the Nessus daemon>
Server type: <Select Global>
Nessus Username: <Nessus user created in Part I point 1>
Nessus Password: <Nessus user's password setup in Part I point 1>
Max number of hosts to scan: <4 for a decent powered PC or higher
for better speced servers>
Click on Save.
9. Make sure you have internet access and have already configured
the nessus-fetch.rc file as part of the Nessus installation. Run:
$ updateplugins.pl
This will populate the Inprotect Database with Nessus plugin
information.
10. Download the JpGraph software from the link below and install it
into the <webroot directory>/jpgraph. Unfortunately we cannot
include it within this installation bundle:
http://www.aditus.nu/jpgraph/jpdownload.php
N.B. If you are running PHP 5.0x, you will need to modify
jpgraph.php for it to work - see the JpGraph website for details.
P.S. JpGraph will only work if you have compiled in GD support into
your PHP installation or have installed the "php-gd" package.
11. Reboot to get the Inprotect "sched.pl" daemon to initialise and
execute properly from the "rc.local" script.
Let's get scanning!
===================
Now login to the website with username: Admin, password: password
If the login does not work then start by looking at the
/var/www/logs/error_log or your web server error_log file to help double
check your settings.
To Perform a Nessus Scan:
-------------------------
A) You need to create a profile first
Select "Settings" -> "Nessus Scan Profiles" -> "Create New Profile" ->
Fill out details -> Click "Save".
B) Then assign it to a user
Select "Settings" -> "Nessus Scan Profiles" ->
Select a Profile to assign to a user -> "Edit" -> "Edit Users" ->
Select User(s) and "Add Users"
C) Pick a victim
"Security Scan" -> "Nessus Scan" -> "New Schedule" -> Give it a name ->
"Manage Hosts" -> Input IP(s) -> "Manage Schedule" ->
Enter Appropriate Data -> "Submit"
D) Then view your results
Check the "Reports" link
or
"Security Scan" -> "Nessus Scan" -> "View runnings scans details"
To Perform a nmap scan:
-----------------------
A) "Security Scan" -> "Nmap Port Scan"
25 å«, 2006
#/usr/local/sbin/apachectl start
["date"] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter
The solution to approach:
1) kldload /boot/kernel/accf*.ko or add it to rc.local.
2) echo 'accf_http_load="yes" ' >> /boot/loader.conf.