TangoRangers.com's Blog

I’m a huge fan of OpenVAS. It is a great tool for probing your network and finding possible security holes. Many of you have probably heard of Nessus, another fantastic tool, but it can be pretty pricey. I would recommend it for business, but for home use, go for OpenVAS.

In many cases, I would recommend you setup a Linux distribution called Kali Linux. It has a lot of really good tools built right in, including OpenVAS, but I’ve started running into issues with it lately. I’ll run a scan, and the systems load gets so high it becomes completely unresponsive for days at a time, then fails to finish. I’m not sure what I’m doing wrong there, so I decided to wipe the machine and put my good ‘ol Slackware back on it. After using it for several weeks I have decided to leave it Slackware as those issues have disappeared. So now I’m going to point you in the direction to get OpenVAS installed, plus a few extras that will make things easier.

I’m going to assume you are familiar with slackbuilds.org and hopefully a wonderful tool called sbopkg, as some wonderful people over there have build script for OpenVAS that will make your life so much better. Kent Fritz has written a great guide on how to get going over on slackbuilds.org. Go through his steps then come back here.

FYI, I have build and used OpenVAS on both 32 and 64bit Slackware and even on ARM using a Raspberry Pi. I’ve only had one program (hiredis) fail to build using sbopkg, so I had to do it the old fashioned way and download the build script and source and build outside sbopkg.

Note that while going through the instructions over on slackbuilds.org, before running any type of sync command, stop the running processes like openvasmd and openvassd. This is because the first time you run them, they will require a large amount of memory and will crash on the Raspberry Pi (I’m not sure on the pi2, I haven’t tried yet). By ensuring those processes are not running, it will surely finish properly.

Welcome back… I’m assuming you followed the instructions over on slackbuilds.org and are ready to continue. Here are some tips and script to make like just a little easier.

First, edit some permissions:

chmod 755 /etc/rc.d/rc.redis
chmod 755 /etc/rc.d/rc.openvassd
chmod 755 /etc/rc.d/rc.openvasmd
chmod 755 /etc/rc.d/rc.gsad

Now we are going to create a bunch of scripts that will simplify everything.

/usr/bin/openvas-start

#!/bin/bash
echo "Starting OpenVAS Services"
/etc/rc.d/rc.redis start
/etc/rc.d/rc.gsad start
/etc/rc.d/rc.openvassd start
/etc/rc.d/rc.openvasmd start

/usr/bin/openvas-stop

#!/bin/bash
echo "Stopping OpenVAS Services"
/etc/rc.d/rc.gsad stop
/etc/rc.d/rc.openvassd stop
/etc/rc.d/rc.openvasmd stop
/etc/rc.d/rc.redis stop

/usr/bin/openvas-feed-update

#!/bin/bash
echo "Updating OpenVAS Feeds"
echo "Stopping OpenVAS if running..."
/usr/bin/openvas-stop
openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync
echo "Rebuilding Database"
openvasmd --rebuild
echo "You can start OpenVAS now if needed"

/usr/bin/openvas-setup

#!/bin/bash
test -e /var/lib/openvas/CA/cacert.pem  || openvas-mkcert -q
if (openssl verify -CAfile /var/lib/openvas/CA/cacert.pem \
    /var/lib/openvas/CA/servercert.pem |grep -q ^error); then
    openvas-mkcert -q -f
fi
openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync
if ! test -e /var/lib/openvas/CA/clientcert.pem || \
    ! test -e /var/lib/openvas/private/CA/clientkey.pem; then
    openvas-mkcert-client -n -i
fi
if (openssl verify -CAfile /var/lib/openvas/CA/cacert.pem \
    /var/lib/openvas/CA/clientcert.pem |grep -q ^error); then
    openvas-mkcert-client -n -i
fi
/etc/rc.d/rc.openvasmd stop
/etc/rc.d/rc.openvassd stop
/etc/rc.d/rc.openvassd start
openvasmd --migrate
openvasmd --rebuild
/etc/rc.d/rc.openvassd stop
killall openvassd
sleep 15
/etc/rc.d/rc.openvassd start
/etc/rc.d/rc.openvasmd start
/etc/rc.d/rc.gsad restart
/etc/rc.d/rc.redis restart
if ! openvasmd --get-users | grep -q ^admin$ ; then
    openvasmd --create-user=admin
fi

Here is a great program that can help find any issues while getting setup. This link is mentioned in Kent’s instructions. So hopefully you have it already.

wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup -o /usr/bin/openvas-check-setup

Here we are going to chmod those files:

chmod 755 /usr/bin/openvas-start
chmod 755 /usr/bin/openvas-stop
chmod 755 /usr/bin/openvas-feed-update
chmod 755 /usr/bin/openvas-setup
chmod 755 /usr/bin/openvas-check-setup

WOW! That is a lot! Alright, so several files have been created. Here is what each one does.
/usr/bin/openvas-start:
This will start all the services needed.
/usr/bin/openvas-stop:
This will stop all the services.
/usr/bin/openvas-feed-update:
This will update all your feeds.
/usr/bin/openvas-setup:
This script will help if you have any issues. Sometimes OpenVAS feeds cause an issue, and by running this command you will find it fixes the problem 99% of the time.
/usr/bin/openvas-check-setup:
This one will help you diagnose issues.

Give it time:
When starting OpenVAS, each part is thrown into the background to finish loading. Depending on your computers speed, it can take a while before you can do anything. Best to watch with top, htop, or iotop to see when everything has finished loading. Then proceed to use GreenBone.

Possible Issues:
When trying to log in to the GreenBone Security Assistant, You might get an error that says the OMP service could not be found. Try running the openvas-setup-check. If you get an error saying there are no users, run openvas-setup. This will fix it. This is a problem I have seen several times in the past on both Slackware and Kali, so I believe it to be a bug somewhere in OpenVAS.

I think that’s just about it. You should now be up and running with OpenVAS!

I recently had the opportunity to get a friend a new Raspberry Pi Model B. I really like these, I have several all running Slackware ARM. While I have tried other distros, I find myself always going back to Slackware after a while for one reason or another, but that is a talk for another day. My friend decided he wanted to run Slackware on one of his Raspberry Pis, so I helped him out and get everything installed. Then I was presented with another issue. He wanted to use his Adafruit touchscreen. Now, Adafruit’s documentation and setup guides are really good, but only if you are running Raspbian (or a Debian based system). So that did present an issue, but one I wanted to solve.

Before I continue, please note that I did get this working (video and images at the bottom of the post), but I had to deliver the Pi back before I got a change to try again from scratch. This guide is based heavily off my best recollection of the steps I took, and may not be complete. If I’m missing something, or you can’t get it to work, let me know and I will try to help… or send me a screen so I can do this again.

Start with checking out this guide: https://learn.adafruit.com/adafruit-pitft-28-inch-resistive-touchscreen-display-raspberry-pi/software-installation it was helpful in getting everything going.

Now, download all the needed files:

wget http://adafruit-download.s3.amazonaws.com/libraspberrypi-bin-adafruit.deb
wget http://adafruit-download.s3.amazonaws.com/libraspberrypi-dev-adafruit.deb
wget http://adafruit-download.s3.amazonaws.com/libraspberrypi-doc-adafruit.deb
wget http://adafruit-download.s3.amazonaws.com/libraspberrypi0-adafruit.deb
wget http://adafruit-download.s3.amazonaws.com/raspberrypi-bootloader-adafruit-20140917-1.deb

Download and install deb2tgz (https://code.google.com/p/deb2tgz/). This will help you convert those deb files to tgz for Slackware.

Now convert those deb files to tgz (deb2tgz *.deb)

Then install (installpkg *.tgz)

Now, you need to make a copy of raspberrypi-bootloader-adafruit-20140917-1.deb and place it in another directory. Once there, run:

ar x raspberrypi-bootloader-adafruit-20140917-1.deb

This will explode out the archive. Find the file called data.tar.gz, and run:

tar -zxf data.tar.gz

Now there will be some new directories. One is called boot. Make a backup of you /boot directory, then copy everything in that new boot to /boot.

cp -r /boot /boot.bak
cd boot
cp * /boot

This will install the correct kernel that you need to use.

Next, open /boot/config.txt. The only line you need is gpu_mem=32.

Now, there are a few more packages you need to install. First is called evtest. I found an awesome slackbuild repository located over at https://github.com/PhantomX/slackbuilds.git, and we are going to install his evtest package.

git clone https://github.com/PhantomX/slackbuilds.git
cd slackbuilds/
cd evtest/
./evtest.SlackBuild 
installpkg evtest-1.32-x86_64-1root.txz

Notice how the arch listed in the Slackware package as x86_64, don’t worry, it works, just install it.

Next is tslib. Here is how I built and installed it (also, I cheated and did not build a Slackware package).

wget http://ftp.de.debian.org/debian/pool/main/t/tslib/tslib_1.0.orig.tar.gz
tar -zxf tslib_1.0.orig.tar.gz 
cd tslib-1.0/
./autogen.sh 
./configure
make
make install

Last, we need to build a package called xf86-video-fbturbo. (Forgive me, you may not need to run make in that first directory, but definitely in the src directory)

git clone https://github.com/ssvb/xf86-video-fbturbo
cd xf86-video-fbturbo/
./autogen.sh 
make
cd src
autoreconf -vi
./configure --prefix=/usr
nano xorg.conf 
make
make install

There, that was fun! Alright, lets edit a few more files.

Open /boot/cmdline.txt, and place this one line in there (it is the only line for me, you maybe different)

dwc_otg.lpm_enable=0 console=tty1 nofont root=/dev/mmcblk0p3 fbcon=map:10 fbcon=font:VGA8x8 rootfstype=ext4 rootwait ro

Then open /etc/X11/xorg.conf.d/99-calibration.conf (if the directory or file does not exist, create it!) and place this in the file.
Note the commented out items, I meant to experiment with them, I don’t remember if those options break anything, but I doubt it.

Section "InputClass"
    Identifier "calibration"
    MatchProduct "stmpe-ts"
    Option "Calibration" "3800 200 200 3800"
    Option "SwapAxes" "1"
EndSection
 
Section "Device"
        Identifier      "Allwinner A10/A13 FBDEV"
        Driver          "fbturbo"
        Option          "fbdev" "/dev/fb1"
#        Option          "SwapbuffersWait" "true"
        # `man fbturbo` to know more options
#        Option          "AccelMethod" "G2D"
EndSection
 
Section "Monitor"
    Identifier "Monitor0"
    Option "DPMS"
EndSection
 
Section "Screen"
    Identifier "Screen0"
    Device     "main"
    Monitor    "Monitor0"
    DefaultDepth 16
    SubSection "Display"
            Depth 16
            Modes "320x240"
    EndSubSection
EndSection

Lastly, open /etc/rc.d/rc.local and add these lines:

modprobe spi-bcm2708
modprobe fbtft_device name=adafruitrt28 rotate=90 frequency=32000000
export FRAMEBUFFER=/dev/fb1

I also recommend adding the export framebuffer to your user’s ~/.bashrc file. You need that before X will start.

I really hope I got this all right. Feel free to complain. Maybe I’ll get another chance to play with this again in the near future, and this time, I’ll get it right! I wish you all the best of luck! Cheers,

If the video above isn’t loading, you can view it here: https://www.youtube.com/watch?v=KpzBYshxY9c

UPDATE! This doesn’t seem to be required anymore. Netflix should work fine as long as your Mozilla-NSS is up to date and you are running Chrome 39 or higher!

Getting Netflix to run in Linux has been in the news again. Before you had to use pipelight and wine to get everything running. Even then, I’ve heard it doesn’t even work all that well. I never did try it myself because I run Slackware64 without multilib, so I can’t even execute 32bit applications like wine.

Fortunately, some very smart people have figured out how to get real native Netflix working in Linux. Many of the sites out there show you how to do it with Ubuntu, but that didn’t work for me, which I’ll explain later.

Lets get going. First you need Chrome 37 or newer. Snag the build scripts from the Slackware extras section: http://mirrors.slackware.com/slackware/slackware64-14.1/extra/google-chrome/. Change if you are not running 64bit. This also works (from what I’m told) if you are running Slackware 14.0

Next snag the latest deb from Google, https://www.google.com/chrome/browser/ and select either the 32bit or 64bit download depending on what you’re running.

After running the build script, you will have a package ready to install in your /tmp directory. The best part of the chrome build script is it will figure out the version number of Chrome before building the package. Install the package using installpkg.

Before moving on, I want to explain the difference between the Ubuntu and Slackware setup. As I started writing this, I had a package that was just a tiny little bit out of date. One of the requirements is libnss. At the time I was running version 3.16 and you need 3.16.4. I found this great post over on linuxquestions.org which gives instructions on building the newer version of libnss. Just before posting this I found that the wonderful Slackware maintainers updated it for me! Just make sure to fully patch your system and you will get mozilla-nss-3.16.4.xxxxx.txz. If you actually read this entire paragraph, I’m impressed. Thanks for making it worth my time writing it.

Start up Chrome and go to https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg and install. Once installed, right click on the new icon and select options. Here we are going to setup a new custom User Agent that will allow Netflix to play. Put the following options in the fields.

New User-agent name: Netflix Linux
New User-Agent String: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2114.2 Safari/537.36
Group: Chrome
Append?: (defaults are fine)
Indicator Flag: IE

Be sure to select your new User Agent and then login to your Netflix account. Once in go to your account settings and select the option to use HTML5 over Silverlight. Enjoy watching Netflix in Linux!