Differences

This shows you the differences between two versions of the page.

--- linux:ubuntu:cvechecktool [2019/02/14 13:40] – created lunetikk
+++ linux:ubuntu:cvechecktool [2022/03/03 12:09] (current) – lunetikk
@@ Line 1: / Line 1: @@
 ====== CVE-Check-Tool ======
->cve-check-tool, as its name suggests, is a tool for checking known (public) CVEs. The tool will identify >potentially vunlnerable software packages within Linux distributions through version matching. Where possible >it will also seek to determine (through a distribution implemention) if a vulnerability has been addressed by >way of a patch.
+>cve-check-tool, as its name suggests, is a tool for checking known (public) CVEs. The tool will identify potentially vunlnerable software packages within Linux distributions through version matching. Where possible it will also seek to determine (through a distribution implemention) if a vulnerability has been addressed by way of a patch.
 [[https://github.com/clearlinux/cve-check-tool|https://github.com/clearlinux/cve-check-tool]]
 ===== Installation =====
-<code>apt-get install openvpn easy-rsa</code>
+Clone the git repository
+<code>git clone https://github.com/clearlinux/cve-check-tool.git
+cd cve-check-tool</code>
-===== Configuration =====
+Execute autogen.sh
+<code>./autogen.sh</code>
-Create your configuration
-<code>gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf</code>
-Edit the following in "/etc/openvpn/server.conf
+You might need some additional packages
 <code>
-#from
+configure: error: Package requirements (
-dh dh1024.pem
+                  glib-2.0 >= 2.36.0,
-#to
+                  gio-2.0 >= 2.36.0,
-dh dh2048.pem
+                  libxml-2.0 >= 2.9.1,
+                  libcurl >= 7.29.0,
+                  gobject-2.0 >= 2.0,
+                  sqlite3,
+                  openssl >= 1.0.0
 </code>
-Edit and uncomment
+If you see the following message "No package 'sqlite3' found" but have sqlite3 installed, also install the following devel package
-<code>
+<code>apt-get install libsqlite3-dev</code>
-user nobody
-group nogroup
-</code>
-==== Create the Certificate Authority ====
+Install CVE-Check-Tool
+<code>./autogen.sh
+make
+make install</code>
-<code>
+Update the CVE feed
-cp -r /usr/share/easy-rsa/ /etc/openvpn
+<code>cve-check-update</code>
-mkdir /etc/openvpn/easy-rsa/keys
-</code>
-Edit the default vars in "/etc/openvpn/easy-rsa/vars"
+===== Configuration =====
-<code>
-export KEY_COUNTRY="YOUR COUNTRY eg. DE"
-export KEY_PROVINCE="YOUR PROVINCE eg. BW"
-export KEY_CITY="YOUR CITY eg. Karlsruhe"
-export KEY_ORG="YOUR ORG eg. Lunetikk"
-export KEY_EMAIL="YOUR MAILADDRESS"
-export KEY_OU="YOUR OU eg. lunetikk"
-export KEY_NAME="ANY IDENTIFIER eg. openvpn"
+There is no need to configure anything, but just in case, the files are at the following locations
-</code>
-Execute the following and if asked say "y" and enter
 <code>
-openssl dhparam -out /etc/openvpn/dh2048.pem 2048
+/usr/lib/cve-check-tool/
+/usr/share/cve-check-tool/
-cd /etc/openvpn/easy-rsa
+/usr/bin/cve-check-tool
-. ./vars
+/usr/bin/cve-check-update
-./clean-all
-./build-ca
-</code>
-Build the cert, if asked say "y" and enter
-<code>./build-key-server openvpn</code>
-Copy your cert and keys
-<code>cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn</code>
-and start the service
-<code>service openvpn start</code>
-==== Create client certificate ====
-execute the following, if asked say "y" and enter
-<code>./build-key qnap</code>
-copy the client sampleconfig
-<code>cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/qnap.ovpn</code>
-edit "/etc/openvpn/easy-rsa/keys/qnap.ovpn" and change the following
-<code>
-remote YOUROPENVPNSERVER 1194
-#use these on qnap, make sure they exist
-user nobody
-group everyone
-#comment the 3 lines
-#ca ca.crt
-#cert client.crt
-#key client.key
-#at the end of the file, add your ca, client-cert and client-key
-<ca>
------BEGIN CERTIFICATE-----
-...
------END CERTIFICATE-----
-</ca>
-<cert>
-Certificate:
-...
------END CERTIFICATE-----
-...
------END CERTIFICATE-----
-</cert>
-<key>
------BEGIN PRIVATE KEY-----
-...
------END PRIVATE KEY-----
-</key>
-</code>
-===== Connecting a QNAP as client =====
-Edit the file "/etc/config/vpn.conf" and add the following
-<code>
-[OPENVPN_CLIENT1]
-Enable = TRUE
-Status = 1
-Index = 1
-Gateway = 0
-Allow Connect = 0
-Reconnect = 1
-Server Address = lunetikk.de
-Profile File = OpenVPN4
-VPN Proto Type = udp
-VPN Port = 1194
-Compress = 1
-Re-direct gateway = 1
-Encryption = 1
-AccessCode = AAA
-Time Stamp = 0
-</code>
-Start your client (parameter 1 is the index in your config)
-<code>/etc/init.d/vpn_openvpn_client.sh start 1 &</code>
-Check if your connection is up with ifconfig and ping your gateway (OpenVPN server)
-<code>
-# ifconfig
-tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255
-# ping 10.8.0.1
-PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
-bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms
-bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms
-</code>
-===== Connecting an Ubuntu 16 as client =====
-Install the client
-<code>
-apt-get update
-apt-get install openvpn
-</code>
-Copy the .ovpn file from your server to your client into /etc/openvpn/ \\
-Rename it to .conf, for example client.conf
-<code>
-mv client.ovpn client.conf
-</code>
-If you run OpenVPN with systemd you need to configure your configfiles in "/etc/default/openvpn"
-Add your filename (client) if you only want the single file to be recognized, add "all" if you want any .conf files to be loaded
-<code>
-AUTOSTART="client"
-#or
-AUTOSTART="all"</code>
-Reload the "/etc/default/" configs
-systemctl daemon-reload
-Restart the OpenVPN
-<code>systemctl restart openvpn</code>
-Check if your connection is up with ifconfig and ping your gateway (OpenVPN server)
-<code>
-# ifconfig
-tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255
-# ping 10.8.0.1
-PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
-bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms
-bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms
-</code>
-===== Raspbian 9 as client =====
-Install the client
-<code>
-apt-get update
-apt-get install openvpn
-</code>
-Copy the .ovpn file from your server to your client into /etc/openvpn/ \\
-Rename it to .conf, for example client.conf
-<code>
-mv client.ovpn client.conf
-</code>
-If you run OpenVPN with systemd you need to configure your configfiles in "/etc/default/openvpn"
-Add your filename (client) if you only want the single file to be recognized, add "all" if you want any .conf files to be loaded
-<code>
-AUTOSTART="client"
-#or
-AUTOSTART="all"</code>
-Reload the "/etc/default/" configs
-systemctl daemon-reload
-Restart the OpenVPN
-<code>systemctl restart openvpn</code>
-Check if your connection is up with ifconfig and ping your gateway (OpenVPN server)
-<code>
-# ifconfig
-tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255
-# ping 10.8.0.1
-PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
-bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms
-bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms
-</code>
-and with systemctl
-<code>
-# systemctl status [email protected]
-● [email protected] - OpenVPN connection to client
-   Loaded: loaded (/lib/systemd/system/[email protected]; disabled; vendor preset: enabled)
-   Active: active (running) since Mon 2019-01-21 12:56:38 CET; 3min 6s ago
-     Docs: man:openvpn(8)
-           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
-           https://community.openvpn.net/openvpn/wiki/HOWTO
-  Process: 1684 ExecStart=/usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid (code=exited, status=0/SUCCESS)
- Main PID: 1686 (openvpn)
-   CGroup: /system.slice/system-openvpn.slice/[email protected]
-           └─1686 /usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid
-Jan 21 12:56:40 raspbian ovpn-client[1686]: ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=wlan0 HWADDR=xx:xx:xx:xx:xx:xx
-Jan 21 12:56:40 raspbian ovpn-client[1686]: TUN/TAP device tun0 opened
-Jan 21 12:56:40 raspbian ovpn-client[1686]: TUN/TAP TX queue length set to 100
-Jan 21 12:56:40 raspbian ovpn-client[1686]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
-Jan 21 12:56:40 raspbian ovpn-client[1686]: /sbin/ip link set dev tun0 up mtu 1500
-Jan 21 12:56:40 raspbian ovpn-client[1686]: /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.1
-Jan 21 12:56:40 raspbian ovpn-client[1686]: /sbin/ip route add 10.8.0.1/32 via 10.8.0.1
-Jan 21 12:56:40 raspbian ovpn-client[1686]: GID set to nogroup
-Jan 21 12:56:40 raspbian ovpn-client[1686]: UID set to nobody
-Jan 21 12:56:40 raspbian ovpn-client[1686]: Initialization Sequence Completed
 </code>

Lunetikk's IT Wiki

User Tools

Site Tools

Differences

Page Tools