Monday, March 23, 2009

InProtect 1.00.0 Beta_2 VMWare Image

Given recent developments that the team has made on the InProtect project and the many emails that I see floating about on the lists, I decided to create a VMware image of an "almost" fully functioning InProtect installation. I say "almost" because, of course, like the LiveUSB that I released some time ago, I can't put the latest version of Nessus on the VM due to licensing restrictions imposed by Tenable. Note that I did not include greatly detailed instructions on the use of InProtect, I may do this later but haven't the time right now.

Please try to remember that this is a BETA, and as such may not be fully functional... if you find bugs or the like, please feel free to file them at the sf site or hit us up !

So, the quick and dirty of it is that all you will need to do is go to the Nessus website and download the latest Nessus tarball from them, upload it to the VM (scp), install it (pkg_add), start it, register it and run the /opt/Inprotect/sbin/updateplugins_1.00.pl script! Whew, that was one long runon sentence!. For everything to match up, create a user "inprotect" with password "inprotect" in your Nessus daemon. Once you have completed the aforementioned steps, you are all set and should be able to scan, note that if you want to scan outside of the VM, you will need to modify the configuration of the interface to be bridged etc... The interface is set for DHCP and everything will startup just fine with any address that you assign it or that it receives.


You will also need to throw the jpgraph stuff in /opt/Inprotect/html if you want the nifty graphs to work... but I'll probably speak more to this in an upcoming post.

I essentially used the install script to install in /opt/Inprotect on, you guessed it, FreeBSD 7.1R but of course had to make a few minor adjustments (it's not always 100% out of the gate) to get everything working together. That being said, you can probably do the same on your own distro.

some important info that you will (or may) need, i.e. username/password/medium

inprotect/inprotect/shell
root/root/console
root/root/mysql
admin/password/inprotect web interface

phpMyAdmin is installed: http://ipofyourvm/phpmyadmin/ for your mysqling pleasure.

To access InProtect simply browse to the ip of your VM: http://ipofyourvm

If you want nmap, build it from ports: /usr/ports/security/nmap

Get the VMWare Image Here
MD5
SHA256

Cheers,
JJC

8 comments:

Idan Agmon said...

Hi

I wonder if you can help.
I installed inprotect and Nessus.
(not your vmware image)
I have the login screen
whe I login I ge these errors.
Can you help ?

Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in /opt/Inprotect/html/login.php on line 97

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /opt/Inprotect/html/login.php:97) in /opt/Inprotect/html/login.php on line 311

Warning: Cannot modify header information - headers already sent by (output started at /opt/Inprotect/html/login.php:97) in /opt/Inprotect/html/login.php on line 380

JJC said...

You should be able to comment out the ldap auth type.. unless you are using that?

Copy Ong Chee Yik said...

Hi, I was finish installing my Inprotect 1.0, when I go that page, it forwards to https, and return message like "can't connect to server". Is there something I missed ? Or any possibility that did something wrong ?

J.L. said...

@JJC or anyone who knows :

Can you explain HOW to comment out ldap authentication ? The set-up script does not mention any ldap authentication.

Login.php does not appear to support anything else then ldap auth.

Thank you for your consideration.

J.L. said...

@JJC or anyone who knows ...

Inprotect 1.0 does not mention ldap authentication configuration but does fail with the same error " Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in /opt/Inprotect/html/login.php on line 97"

The script login.php only seems to support ldap auth., how can i disable it in favour of direct authentication with mysql ?

Thank you for your consideration

JJC said...

J.L. I honestly would have to look at the code... but if you look at line 96 in the login.php... that's a good starting point. I'll post a followup once I have the chance to look

J.L. said...

@JJC

Thanks for the follow-up.

from line 150 on there is code to actually authenticate if ldap-auth fails, but imho we never get there, the error message is displayed at line 233.

Even invalid usernames get this message while others are in place.

J.L. said...

apologies

the error is caused by not logging in as admin:password before anything

RTFM they say ...

Though it did display an error message after i get the web-interface after refreshing to the vhost path without any file specified