The remote host implements TCP timestamps and therefore allows to compute the uptime.

Add the mentioned line in /etc/sysctl.conf

net.ipv4.tcp_timestamps = 0

then run the command to restart the service

sysctl -p

Now check again the issue will not show again.

The remote SSH server is configured to allow weak encryption algorithms.

Add the following lines in /etc/ssh/sshd_config

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160

Now check with below command

THAT'S ALL

Following command is for your ssh configuration to find the correction.

ssh -vvv -F /etc/ssh/sshd_config root@192.168.1.1


If it's shows everything ok then no issue otherwise


it will show like this


/etc/ssh/sshd_config: line 28: Bad configuration option: hostkey
/etc/ssh/sshd_config: line 30: Bad configuration option: hostkey
/etc/ssh/sshd_config: line 31: Bad configuration option: hostkey
/etc/ssh/sshd_config: line 43: Bad configuration option: syslogfacility
/etc/ssh/sshd_config: line 49: Bad configuration option: permitrootlogin
/etc/ssh/sshd_config: line 59: Bad configuration option: authorizedkeysfile
/etc/ssh/sshd_config: line 94: Bad configuration option: gssapicleanupcredentials
/etc/ssh/sshd_config: line 110: Bad configuration option: usepam
/etc/ssh/sshd_config: line 115: Bad configuration option: x11forwarding
/etc/ssh/sshd_config: line 123: Bad configuration option: useprivilegeseparation
/etc/ssh/sshd_config: line 140: Bad configuration option: acceptenv
/etc/ssh/sshd_config: line 141: Bad configuration option: acceptenv
/etc/ssh/sshd_config: line 142: Bad configuration option: acceptenv
/etc/ssh/sshd_config: line 143: Bad configuration option: acceptenv
/etc/ssh/sshd_config: line 146: Bad configuration option: subsystem


Now add # the following lines that above mentioned.

OpenVAS installation and configuration in RHEL/CentOS 6

Step 1

Install atomic release from below link.

rpm -ivh http://www6.atomicorp.com/channels/atomic/centos/6/x86_64/RPMS/atomic-release-1.0-14.el6.art.noarch.rpm


Step 2 

setup atomic repository for OpenVAS.

wget -q -O - http://www.atomicorp.com/installers/atomic |sh

and now if we got some errors that means so many dependency is not available in it. In case if it happens the add the repo for Openvas

vi /etc/yum.repos.d/centos.repo

for 32 bit

[CentOS]
name=centos
baseurl=http://mirror.centos.org/centos/6/os/i386/
enabled=1
gpgcheck=0

for 64 bit

[CentOS]
name=centos
baseurl=http://mirror.centos.org/centos/6/os/x86_64/
enabled=1
gpgcheck=0

Step 3

Now install openvas

yum install openvas

after installation complete install atomic-sqlite-sqlite and atomic-sqlite-sqlite-devel

yum install atomic-sqlite-sqlite atomic-sqlite-sqlite-devel

now run the openvas setup

openvas-setup

it will take some time, finally it will ask useranme password

and then start the services of openvas

service openvas-manager start 

service gsad start

chkconfig gsad on

chkconfig openvas-manager on

Step 4

We can check the openvas installation with following command

openvas-check-setup

it will show the redis is not installed in it. Now installed redis

yum install redis -y

then remove # from below listed text

unixsocket /tmp/redis.sock
unixsocketperm 700

now start the redis service

service redis start 

chkconfig redis on

Step 5

Now create cert for client with following command

openvas-mkcert-client -n -i

now create user and password for the web interface

openvasmd --create-user=username --role=Admin && openvasmd --user=username --new-password=password

now rebuild the openvas setup it will take 1 to 3 min only

openvasmd --rebuild

now restart the openvas-manager and gsad services

service gsad restart 

service openvas-manager restart

now open the url with port number 9392

https://192.168.1.1:9392

That's all we can now check the server vulnerability with this tool.

Graylog2 installation on RHEL 6

What is graylog 

Graylog is an opensource log management tool which helps you to collect, index and analyze any machine logs centrally.

Required Components:

i) MongoDB - Database to store the configurations and meta information's.

ii) Elasticsearch - It stores the log messages received from graylog and provide the facility to search them whenever we required.

iii) Graylog server - This does the parsing of logs that are coming from various inputs and provides build-in web interface to handle those logs.

Step 1

Elasticsearch requires java so we need to install java 1st best version is java .

Download the RPM package from online and install it and make sure to export the JAVA_HOME.

Step 2

Install Elasticsearch

First import the GPG key before installation.

rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

now create the repo file for the elasticsearch

vi /etc/yum.repos.d/elasticsearch.repo

[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=https://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

Now install the package

yum install elasticsearch -y

Elasticsearch Configuration:

need some changes to work with graylog, edit the elasticsearch.yml file

vi /etc/elasticsearch/elasticsearch.yml

change cluster.name

cluster.name: graylog

then add below lines in configuration 

script.inline: false
script.indexes: false
script.file: false

change network.host to your ip

network.host: 192.168.1.1

then save & exit

Now start the service of elasticsearch

service elasticsearch start

chkconfig elasticsearch on

service elasticsearch status

Now check the elasticsearch is working or not with following command it should give the cluster name as graylog

curl -X GET http://192.168.1.1:9200

now perform health check if it's get green then your elasticsearch working good.

curl -XGET 'http://192.168.1.1:9200/_cluster/health?pretty=true'

Now elasticsearch heap size default to 256M min 1G max. It's recommended to set ES_HEAP_SIZE to 50% of available RAM size and no more than 31G. 

Now open /etc/sysconfig/elasticsearch

change the below lines.

ES_HEAP_SIZE=4G
MAX_OPEN_FILES=640000

Elasticsearch has to keep a lot of files open simultaneously and requires a higher open file limit that the usual operating system defaults allow.

do the following step to increase the limit

echo "elasticsearch soft nofile 64000" >> /etc/security/limits.conf ;/
echo "elasticsearch hard nofile 64000" >> /etc/security/limits.conf

now restart the elasticsearch

service elasticsearch restart

Step 3

Install mongoDB

Setup mongodb repo 

vi /etc/yum.repos.d/mongodb.repo

add the below lines in it.

[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

Now install the mongodb

yum install mongodb-org -y

now start the service 

service mongod start

chkconfig mongod on

Step 4

Install Graylog:

Download and install graylog repository

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.0-repository_latest.rpm

and change the baseurl from the repo

vi /etc/yum.repos.d/graylog.repo

and replace the baseurl with below mentioned url

[graylog]
name=graylog
baseurl=https://packages.graylog2.org/repo/el/stable/2.2/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-graylog

now install graylog-server

yum install graylog-server -y

now use the following command to create password secret

but before make sure it pwgen was installed or else install epel update and run the below command

yum install pwgen -y

now run the command to generate secret key

pwgen -N 1 -s 96

it will give output like below

OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP

and also run the below command to generate root_password_sha2

echo -n yourpassword | sha256sum

it will give output as  

e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951

now open the /etc/graylog/server/server.conf

vi /etc/graylog/server/server.conf

add the password secret 

password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP

and add root_password_sha2

root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951

and remove # from add required details are followed

root_username = admin

root_email = "your mail address"

root_timezone = UTC ===> by default UTC you can change

elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.1.1:9300

is_master = true

elasticsearch_max_docs_per_index = 20000000

elasticsearch_max_number_of_indices = 20

elasticsearch_shards = 1

elasticsearch_replicas = 0

below for garylog-web interface

rest_listen_uri = http://192.168.1.1:12900

web_listen_uri = http://192.168.1.1:9000/

then save & exit

now change GRAYLOG_SERVER_JAVA_OPTS in /etc/sysconfig/graylog-server min and max size on that

-Xms2G -Xmx4G 

save and exit.

now start the graylog-server

service graylog-server start

chkconfig graylog-server on


make sure your selinux and firewall is stopped or else allow the port 9000, 12900 and receiving port like 514 or something.

now open the url in browser http://192.168.1.1:9000

username: admin
password: yourpassword

that's all now you can add hosts and receive messages.