nstinprotect — NST Script To Setup Inprotect For Nessus Management.
nstinprotect [
-m
TEXT
| --mode TEXT
] [ --dbimport FILENAME
] [ --dbimport-rm [true]|false
] [ --passwd TEXT
] [ --nessus-update-plugins FILENAME
] [ --update-now [true]|false
] [ --pidfile FILENAME
] [ --pkg-dir DIRECTORY
] [
-h
[true]|false
| --help [true]|false
] [
-H
[true]|false
| --help-long [true]|false
] [
-v
[true]|false
| --verbose [true]|false
] [ --version [true]|false
]
The nstinprotect script is used to manage the Inprocect package (which in turn provides a web based front end to both the Nessus and nmap packages).
There are several things to consider when using nstinprotect:
This script is used by the NST Web User Interface (NSTWUI). The NSTWUI can "walk" one through the process of setting up MySQL, Nessus, and Inprotect. Look for the "Inprotect" link on the main index page (it should be found in the "Security" table).
You better have a lot of RAM available if you plan on running Nessus and Inprotect on a Live CD boot. You should seriously consider a hard disk installation (via nsthdinstall), or a VMware Virtual Machine installation (via: nstvmware).
You must have the MySQL server up and running first (the setup_mysql script can help with this).
You should have the Nessus server up and running first (the start_nessusd script can help with this).
You should have the sendmail service up and running first (the setup_sendmail script can help with this).
Using this script will not directly affect Nessus or nmap. It will, however, add some entries to the cron table and start up the crond service (if it isn't already running).
Removing the Inprocect setup does NOT affect Nessus or nmap.
Once Inprocect has been setup, you access it
by pointing a web browser at https://127.0.0.1/inprotect/
(you may subsitute the external IP address of the system for
"127.0.0.1" if you are accessing it
remotely).
Here is a example of using nstinprotect (include the
"--verbose" option to get additional
output):
[root@probe ~]#nstinprotect --mode setupNew password for 'inprotect' database: Retype new password:[root@probe ~]#if nstinprotect --mode status; then echo "OK"; fiOK[root@probe ~]#nstinprotect --mode remove[root@probe ~]#
Here is a example of using nstinprotect to export the
configuration to "/tmp/inprotect.sql". The
exported file can serve as a back up and can be restored via:
"-m setup --dbimport
/tmp/inprotect.sql". Alternatively, it could be copied
to a different NST probe and used to initialize the Inprocect
database on that system.
[root@probe ~]#nstinprotect --mode dbexport >| /tmp/inprotect.sql[root@probe ~]#
This mode of operation is used to initialize Inprocect
and make it accessible via a web browser. The following command
line options may be used in "setup" mode (all
are optional):
Provides verbose diagnostic output about what the script is doing.
By default, we only create the Inprocect
database - providing a "clean slate" to
work with. If you have a copy of Inprocect tables
you'd like initialize the database with, you may specify the
fully qualified file name (like: "--dbimport
/tmp/myinprotect.sql"). The file must contain
valid SQL statements and may optionally be compressed via
bzip2 or gzip.
Include this option if you would like the script to remove the imported database file.
If you don't want to be prompted to provide the
Inprocect database password, you may specify the
password on the command line. This password will be required
when logging into "Inprotect" as the
"root" user.
Include this option if you intend to background the script and would like to have the process ID associated with the script written to a specific file.
This option allows one to specify the fully qualified path to the "nessus-update-plugins" script. This option is rarely required as "nstinprotect" looks for the "nessus-update-plugins" script in the locations where the "start_nessusd" script is likely to place it.
Include this option if you would like to run the script to run the "updateplugins.pl" command immediately after setup. If omitted, it will still be run, but not until determined by its cron entry.
This option is intended for NST developers (it allows us to download and try out newer versions of Inprocect).
This mode of operation is used to tell whether Inprocect
has been setup yet or not. It is written such that there is no
output unless an error occurs or the
"--verbose" option is also specified. However,
it does exit with 0 if Inprocect is setup and 1 if not (making
it useful to other scripts). The following command line option(s)
may be used in "status" mode (all are
optional):
Provides verbose diagnostic output about what the script is doing.
This mode of operation is used to remove the Inprocect
setup from the system. This will remove the entire Inprocect
database from the SQL server. It is written such that there is no
output unless an error occurs or the
"--verbose" option is also specified. However,
it does exit with 0 if successful and 1 if not (making it useful
to other scripts). The following command line option(s) may be
used in "remove" mode (all are
optional):
Provides verbose diagnostic output about what the script is doing.
This mode of operation is used to dump a copy of the SQL
database used by Inprocect. No other options are required in
this mode of operation. Since the SQL database is written directly
to the standard output, you can not use the
"--verbose" option in this mode.
The following demonstrates how to save a copy of the current database (in a compressed form), remove the entire Inprocect setup, and then set up Inprocect and initialize it with the previously exported database:
[root@probe ~]#nstinprotect --mode dbexport | bzip2 -c >| /tmp/inprotect.sql.bz2[root@probe ~]#nstinprotect --mode remove[root@probe ~]#nstinprotect --mode setup --dbimport /tmp/inprotect.sql.bz2New password for 'inprotect' database: Retype new password:[root@probe ~]#
The following command line options are available:
-m TEXT] | [--mode TEXT]
This option controls what
nstinprotect will do. If you specify
"status" (the default), it will indicate
whether Inprotect has been setup yet or not. If
you specify "setup" it will remove any previous
setup information and set up Inprotect on your NST
system. If you specify "remove" it will remove
the Inprotect setup. If you specify
"dbexport", the SQL database will be dumped in
a form usable for the "--dbimport FILE"
option.
--dbimport FILENAME]
By default, the Inprotect management system starts
with a clean slate (nothing configured). One would then need to
import the current Nagios configuration (which is often
desirable) or spend a lot of time with the initial setup of the
Inprotect management system. This is the default behavior
maintained by this script. Alternatively, one may use the
"--dbimport FILE" command line option and specify
the name of a initial SQL database (see
"/usr/share/nstinprotect/inprotect.sql.bz2"
for an example). You may specify the fully qualified path of the
initial SQL database. If the file name specified ends with
".gz" we will use the
"gzip" command to uncompress it. If the file
name specified ends with ".bz2" we will use
the "bzip2" command to uncompress
it. Alternatively, you may specify "--dbimport
minimal" and we will load the minimal configuration
found in the "/usr/share/nstinprotect"
directory.
--dbimport-rm [true]|false]
This option will remove the database file after importing it (regardless of whether it was successfully loaded or not).
--passwd TEXT]
This option allows one to set the password used for
access to the "inprotect" database that will be
created during setup. By default you will be prompted at the
command line. If you specify a password of
"RANDOM", we will generate a random password
using the pwgen command.
--nessus-update-plugins FILENAME]
By default, we will look for the nessus-update-plugins script in likely locations (assuming that nessus was setup using the start_nessusd script). However, if you have a specialized installation of nessus, you can use this option to indicate the location of the nessus-update-plugins script.
--update-now [true]|false]
The Nessus plugins are automatically updated by entries added to the crontab. When this option is specified, an initial update will be performed immediately after setup.
--pidfile FILENAME]
If you include "--pidfile
FILENAME" on the command line, the process ID of the
script will be written to the specified filename (that's all the
file will contain). This option is only used when
"--mode setup".
--pkg-dir DIRECTORY]
Typically you will never need to change this
parameter from its default value of
"/usr/share/inprotect". However, if you've
downloaded and installed a newer version of
Inprotect, you can use this option to instruct
the script to use your new installation (we can't guarantee it
will work as this option allows the NST developers to experiment
with newer versions of Inprotect).
-h [true]|false] | [--help [true]|false]
When this option is specified, nstinprotect will display a short one line description of nstinprotect, followed by a short description of each of the supported command line options. After displaying this information nstinprotect will terminate.
-H [true]|false] | [--help-long [true]|false]
This option will attempt to pull up additional
nstinprotect documentation within a text based
web browser. You can force which browser we use setting the
environment variable TEXTBROWSER, otherwise,
we will search for some common ones.
-v [true]|false] | [--verbose [true]|false]
When you set this option to true, nstinprotect will produce additional output. This is typically used for diagnostic purposes to help track down when things go wrong.
--version [true]|false]
If this option is specified, the version number of the script is displayed.