Tuesday, February 19, 2008

InProtect LiveUSB 0.80.3 Beta!

Though the InProtect project has not made a large number of public postings lately (beta releases and the like...) we have been quite busy. We will soon be releasing a tarball of the latest 0.80.3RC1. That is not, however, the purpose of this article but rather I am releasing a liveUSB image that is an entirely self-contained and functioning installation of InProtect on a FreeBSD 6.3-Current system.

I came up with the idea to create the InProtect LiveUSB when someone requested that I build one for another project that I am an active member of (HeX). Unfortunately it has taken me several months to get the time put together to actually build this tool. Having said that, I am quite pleased with the outcome and functionality of the tool. Placing this tool onto a USB thumb drive gives the user extreme versatility from the perspective of security. Obviously the nature of a USB thumb drive is not terribly secure; we can put them in our pocket and have them fall out in a parking lot where anyone could conceivably pick it up and snag the data off of it and multiple other scenarios. I am more talking about the security of the location or client that may have a sensitive environment with sensitive data and the like. In this scenario the USB device could be taken in and left with the organization, post scan, that has such sensitive data. Again though, the primary purpose of this build is to allow for a solid demo of the InProtect system.

As I said earlier, the system was built using FreeBSD 6.3-Current, ontop of this I built fluxbox (and several applications such as firefox), mysql51, apache22, php5 and several perl modules that are InProtect dependencies. I manually configured all of the components to work with InProtect, the installer currently does not work on freebsd though I am in the process of building a port. In-short, and as stated earlier, this is a fully functional InProtect scanner with a few things that need to be completed by the end-user; Nessus 3.0.x install and jpgraph for php5 install.

The Nessus and jpgraph items are not included in this image due to their licensing restrictions (not GPL). It is for this reason they must be manually installed.

First you will need to download the InProtect LiveUSB 0.80.3 image here:

MD5 (inprotect-i386-0.80.3-beta.usb.img.gz) = 605a5b20d754ea7e6305922695f301ba
SHA256 (inprotect-i386-0.80.3-beta.usb.img.gz) = 1d562d17db0ef4e3afefcca18fd40932b7faecdddd673910c3ad11a4aab4434b

After obtaining the image and gunzipping it you will want to use dd to write it to a 2G or larger USB thumb drive. NOTE that you want to write it to the device itself and NOT to a specific partition on the device. Also, if you didn't figure it out... this will overwrite anything that you may currently have on your thumb drive.
dd if=/path/to/foo/inprotect-i386-0.80.3-beta.usb.img of=/dev/da0 bs=1M
Your output file path may be different than /dev/da0 (this is mine on a freebsd boxen). The key is that you are writing directly to the device address and NOT to a partition, that will NOT work. Assuming that you have a thumb drive and computer capable of USB2.0 this process should take around 10 minutes to write all of the data.

At this point you should be able to boot from your new shiny LiveUSB thumbdrive. The initial login details are simple (these ARE case sensitive so pay attention!):
Username: InProtect
Password: inprotect
Once logged in type startx to get into fluxbox. From here, if you are not familiar suggest playing around just a little bit. A few tips, this isn't windoze, you access the main menuwith fluxbox, I by right clicking anywhere on the desktop. The image to the right shows the menu of the InProtect LiveUSB. The highlighted option will take you to the Nessus and jpgraph installation instructions.

Even before you install Nessus or jpgraph you will be able to login to the local instance of InProtect by selecting the InProtect menu option as displayed below. Once you have selected the InProtect menu item, you will be able to use admin / admin for the login and password to access the local instance of InProtect.

Note that until you install Nessus you will not be able to run any scans.

In this image I have already created a default scan zone and default scanner so that once Nessus is installed and the Nessus user created, as noted in the instructions contained on the image, the system is fully functional and scans can be immediately created and executed.

As always please feel free to contact me or leave any comments, criticisms, suggestions or otherwise that you might have.



Nitesh said...

I'm trying to write this image using Windows Vista to a USB flash drive however tried dozens of software to get the .img file to write however doesn't work!

How can I get it to work, without installing Linux in the first instance?

Thanks for any help!

JJ said...

You will need to use dd for windows, while I have never used it, I know of people that have. You will have to write to the drive itself, remember... and not the partition or it will not work. I will also be publishing an updated version of the image soon so keep an eye out.


JJ said...

ah, some info here perhaps:



Crocket said...

I've finally managed to get a working USB stick however selecting any of the boot options apart from safe mode results in this error:


and reboots!!!

I'd use safe mode however the mouse or keyboard does not work within the GUI (It does work within the shell before loading X though)! Weired!

Any help is appreciated. How can I get your email so I can contact you directly rather via this blog?

JJ said...

apologies for the slow followup but I have been traveling of late.

So, the best bet is to catch me in #inprotect on irc.freenode.net (IRC).

I will be releasing a new version based on FreeBSD 7 in the next few days and that will hopefully fix many problems.


Bass said...

Really looking forward to see the 0.80.3RC1 release of inprotect. My old inprotect version is totally messed up and I would love to replace it with your new one asap :)

Siya said...

I have just install inprotect using the instructions provide on INSTALL.

Error message:

Incorrect username / password - please try again.

Thanks a mil :)

JJC said...

I thought that I put that in the notes, apologies....

Try admin/admin admin/password admin/inprotect (one of those combos should do the trick... I don't remember the exact one that was used and am nowhere near where I can look at my notes at the moment.

Please let me know what combo works, and if not we can simply reset it in the database if we need to :-)


Siya said...

Also here is what I getting:

Notice: Use of undefined constant HTTPS - assumed 'HTTPS' in /var/www /html/login.php on line 56

Notice: Undefined variable: authLDAP_fallThrough in /var/www/html/login.php on line 128

Actually on the notes you have Admin/password.

Siya said...

Some body can help me please.

Notice: Use of undefined constant HTTPS - assumed 'HTTPS' in /var/www/html/login.php on line 56

Notice: Undefined variable: authLDAP_fallThrough in /var/www/html/login.php on line 128

Did everything the INSTALL instructions provide.

Thanks a mil :)

Siya said...

The problem is solved, it is due to the fact that inprotect converts the usernames to lower case, if the user name in the database has uppercase values the login fails.

Andy said...

Please god update the sourceforge page with this info; I just spent hours working on this only to discover the 'Admin/password' is in fact 'admin/admin' (with the lowercase a changed in the DB).

JJC said...

lol Andy, I have tried... it's almost a lost cause sometimes getting all of use developers to agree on even publishing something it would seem..


Siya said...

I have trying to download " http://global-security.blogspot.com/2008/02/inprotect-liveusb-0803-beta_19.html?ext-ref=comm-sub-email"

No luck.

JJC said...

I will be posting a new URL later today (once the image has transferred to the new server)

JJC said...

** Added ** you can also grab the torrent if U like: http://www.redsphereglobal.com:88/torrents/f993adf12eb9e6d650f097bde458537ffce79e83.torrent

JJC said...

Ok, I refreshed the link to a new faster, and more importantly, functioning url!

Siya said...

Thank you very much... busy downloading :)