Sunday, March 30, 2014

Increase Scanner timeout from SecurityCenter CLI

Increasing your Time Out for the scanners (OS command line):
# /opt/sc4/support/bin/sqlite3 /opt/sc4/application.db "select * from Configuration where name='ScannerStatusTimeout'"
This will show the value (it should be 120 seconds by default) 

To increase it, run following command:
# /opt/sc4/support/bin/sqlite3 /opt/sc4/application.db "Update Configuration set value='300' where name='ScannerStatusTimeout'"

Now refresh scanner status and let it run for at least 20 minutes.

Thursday, March 27, 2014

Monday, March 17, 2014

Tenable SecurityCenter::Updating plugins via CLI

Most of us do this for Nessus on a regular basis but not many try doing this for SecurityCenter. But then, not many (nowhere near as many as Nessus users) of us have SC!

curl -k -G -L --data "f=sc-plugins-diff.tar.gz&u=[username]&p=[password]" -o sc-plugins-diff.tar.gz


Thursday, March 13, 2014

RedHat::Root access without password

Its quite interesting and somewhat funny at the same time.
I see people who have been using Linux for quite some time in some capacity or other and seem to come across as Linux-experts. When I ask them a very simple question like 'How do you login to a RedHat server when you do not have the credentials but have physical access?. Most people do not know the answer. To me, it seems quite strange. This should be one of the first things that you learn on Linux, the OS of the curious, adventurous and the hacking-types. They start talking about stuff that has nothing to do with changing runlevels. Zero-day BS is mentioned. All you Kon-booters, it is not needed and doesnt work on UEFI-enabled systems (which is available on all systems now a days).
Thought I'd explain the process (most serious Linux guys would know this, I'm sure, and agree with most of the above) for those who dont know.

1. Start the system
2. Hit 'e' to edit
3. Select the kernel (line with vmlinuz) and hit 'e' to edit.
4. Type 'init 1' at the end
5. Hit 'b' to boot.

You'll be logged into the console with root access.

Obviously, if you are serious about security, you will have disabled this feature on your system or have the system in a locked, authorized engineers only server-room.