Lunetikk's IT Wiki

User Tools

Site Tools

You are here: start » linux » ubuntu » cvechecktool
Trace:
linux:ubuntu:cvechecktool

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
linux:ubuntu:cvechecktool [2019/02/14 13:40] lunetikklinux:ubuntu:cvechecktool [2022/03/03 12:08] lunetikk
Line 6: Line 6:
 ===== Installation ===== ===== Installation =====
  
-<code>apt-get install openvpn easy-rsa</code>+Clone the git repository 
 +<code>git clone https://github.com/clearlinux/cve-check-tool.git 
 +cd cve-check-tool-master</code>
  
-===== Configuration ===== +Execute autogen.sh 
- +<code>./autogen.sh</code>
-Create your configuration +
-<code>gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf</code>+
  
-Edit the following in "/etc/openvpn/server.conf+You might need some additional packages
 <code> <code>
-#from +configure: error: Package requirements ( 
-dh dh1024.pem +                  glib-2.0 >= 2.36.0, 
-#to +                  gio-2.0 >= 2.36.0, 
-dh dh2048.pem+                  libxml-2.0 >= 2.9.1, 
 +                  libcurl >= 7.29.0, 
 +                  gobject-2.0 >= 2.0, 
 +                  sqlite3, 
 +                  openssl >= 1.0.0
 </code> </code>
  
-Edit and uncomment +If you see the following message "No package 'sqlite3' found" but have sqlite3 installed, also install the following devel package 
-<code> +<code>apt-get install libsqlite3-dev</code>
-user nobody +
-group nogroup +
-</code>+
  
-==== Create the Certificate Authority ====+Install CVE-Check-Tool 
 +<code>./autogen.sh 
 +make 
 +make install</code>
  
-<code> +Update the CVE feed 
-cp -r /usr/share/easy-rsa/ /etc/openvpn +<code>cve-check-update</code>
-mkdir /etc/openvpn/easy-rsa/keys +
-</code>+
  
-Edit the default vars in "/etc/openvpn/easy-rsa/vars" +===== Configuration =====
-<code> +
-export KEY_COUNTRY="YOUR COUNTRY eg. DE" +
-export KEY_PROVINCE="YOUR PROVINCE eg. BW" +
-export KEY_CITY="YOUR CITY eg. Karlsruhe" +
-export KEY_ORG="YOUR ORG eg. Lunetikk" +
-export KEY_EMAIL="YOUR MAILADDRESS" +
-export KEY_OU="YOUR OU eg. lunetikk"+
  
-export KEY_NAME="ANY IDENTIFIER eg. openvpn" +There is no need to configure anything, but just in case, the files are at the following locations
-</code> +
- +
-Execute the following and if asked say "y" and enter+
 <code> <code>
-openssl dhparam -out /etc/openvpn/dh2048.pem 2048 +/usr/lib/cve-check-tool
- +/usr/share/cve-check-tool
-cd /etc/openvpn/easy-rsa +/usr/bin/cve-check-tool 
-. ./vars +/usr/bin/cve-check-update
-./clean-all +
-./build-ca +
-</code> +
- +
-Build the cert, if asked say "y" and enter +
-<code>./build-key-server openvpn</code> +
- +
-Copy your cert and keys +
-<code>cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn</code> +
- +
-and start the service +
-<code>service openvpn start</code> +
- +
-==== Create client certificate ==== +
- +
-execute the following, if asked say "y" and enter +
-<code>./build-key qnap</code> +
- +
-copy the client sampleconfig +
-<code>cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/qnap.ovpn</code> +
- +
-edit "/etc/openvpn/easy-rsa/keys/qnap.ovpn" and change the following +
-<code> +
-remote YOUROPENVPNSERVER 1194 +
- +
-#use these on qnap, make sure they exist +
-user nobody +
-group everyone +
- +
-#comment the 3 lines +
-#ca ca.crt +
-#cert client.crt +
-#key client.key +
- +
-#at the end of the file, add your ca, client-cert and client-key +
-<ca> +
------BEGIN CERTIFICATE----- +
-... +
------END CERTIFICATE----- +
-</ca> +
- +
-<cert> +
-Certificate: +
-... +
------END CERTIFICATE----- +
-... +
------END CERTIFICATE----- +
-</cert> +
- +
-<key> +
------BEGIN PRIVATE KEY----- +
-... +
------END PRIVATE KEY----- +
-</key> +
-</code> +
- +
-===== Connecting a QNAP as client ===== +
- +
-Edit the file "/etc/config/vpn.conf" and add the following +
-<code> +
-[OPENVPN_CLIENT1] +
-Enable = TRUE +
-Status = 1 +
-Index = 1 +
-Gateway = 0 +
-Allow Connect = 0 +
-Reconnect = 1 +
-Server Address = lunetikk.de +
-Profile File = OpenVPN4 +
-VPN Proto Type = udp +
-VPN Port = 1194 +
-Compress = 1 +
-Re-direct gateway = 1 +
-Encryption = 1 +
-AccessCode = AAA +
-Time Stamp = 0 +
-</code> +
- +
-Start your client (parameter 1 is the index in your config) +
-<code>/etc/init.d/vpn_openvpn_client.sh start 1 &</code> +
- +
-Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) +
-<code> +
-# ifconfig +
-tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 +
-          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255 +
- +
-# ping 10.8.0.1 +
-PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. +
-64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms +
-64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms +
-</code> +
- +
-===== Connecting an Ubuntu 16 as client ===== +
- +
-Install the client +
-<code> +
-apt-get update +
-apt-get install openvpn +
-</code> +
- +
-Copy the .ovpn file from your server to your client into /etc/openvpn/ \\ +
-Rename it to .conf, for example client.conf +
-<code> +
-mv client.ovpn client.conf +
-</code> +
- +
-If you run OpenVPN with systemd you need to configure your configfiles in "/etc/default/openvpn" +
-Add your filename (client) if you only want the single file to be recognized, add "all" if you want any .conf files to be loaded +
-<code> +
-AUTOSTART="client" +
-#or +
-AUTOSTART="all"</code> +
- +
-Reload the "/etc/default/" configs +
-systemctl daemon-reload  +
- +
-Restart the OpenVPN  +
-<code>systemctl restart openvpn</code> +
- +
-Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) +
-<code> +
-# ifconfig +
-tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 +
-          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255 +
- +
-# ping 10.8.0.1 +
-PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. +
-64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms +
-64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms +
-</code> +
- +
-===== Raspbian 9 as client ===== +
- +
-Install the client +
-<code> +
-apt-get update +
-apt-get install openvpn +
-</code> +
- +
-Copy the .ovpn file from your server to your client into /etc/openvpn/ \\ +
-Rename it to .conf, for example client.conf +
-<code> +
-mv client.ovpn client.conf +
-</code> +
- +
-If you run OpenVPN with systemd you need to configure your configfiles in "/etc/default/openvpn" +
-Add your filename (client) if you only want the single file to be recognized, add "all" if you want any .conf files to be loaded +
-<code> +
-AUTOSTART="client" +
-#or +
-AUTOSTART="all"</code> +
- +
-Reload the "/etc/default/" configs +
-systemctl daemon-reload  +
- +
-Restart the OpenVPN  +
-<code>systemctl restart openvpn</code> +
- +
-Check if your connection is up with ifconfig and ping your gateway (OpenVPN server) +
-<code> +
-# ifconfig +
-tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 +
-          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255 +
- +
-# ping 10.8.0.1 +
-PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. +
-64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms +
-64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms +
-</code> +
- +
-and with systemctl +
-<code> +
-# systemctl status [email protected] +
-[email protected] - OpenVPN connection to client +
-   Loaded: loaded (/lib/systemd/system/[email protected]; disabled; vendor preset: enabled) +
-   Active: active (running) since Mon 2019-01-21 12:56:38 CET; 3min 6s ago +
-     Docs: man:openvpn(8) +
-           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage +
-           https://community.openvpn.net/openvpn/wiki/HOWTO +
-  Process: 1684 ExecStart=/usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid (code=exited, status=0/SUCCESS) +
- Main PID: 1686 (openvpn) +
-   CGroup: /system.slice/system-openvpn.slice/[email protected] +
-           └─1686 /usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid +
- +
-Jan 21 12:56:40 raspbian ovpn-client[1686]: ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=wlan0 HWADDR=xx:xx:xx:xx:xx:xx +
-Jan 21 12:56:40 raspbian ovpn-client[1686]: TUN/TAP device tun0 opened +
-Jan 21 12:56:40 raspbian ovpn-client[1686]: TUN/TAP TX queue length set to 100 +
-Jan 21 12:56:40 raspbian ovpn-client[1686]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0 +
-Jan 21 12:56:40 raspbian ovpn-client[1686]: /sbin/ip link set dev tun0 up mtu 1500 +
-Jan 21 12:56:40 raspbian ovpn-client[1686]: /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.1 +
-Jan 21 12:56:40 raspbian ovpn-client[1686]: /sbin/ip route add 10.8.0.1/32 via 10.8.0.1 +
-Jan 21 12:56:40 raspbian ovpn-client[1686]: GID set to nogroup +
-Jan 21 12:56:40 raspbian ovpn-client[1686]: UID set to nobody +
-Jan 21 12:56:40 raspbian ovpn-client[1686]: Initialization Sequence Completed+
 </code> </code>
linux/ubuntu/cvechecktool.txt · Last modified: 2022/03/03 12:09 by lunetikk

Page Tools

Impressum Datenschutz
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki