VulnWhisperer Ubuntu Server 18.04

Nessus professional is nice for small business vulnerability management, but the reporting is lacking until you upgrade to Security Center. VulnWhisperer uses the elastic stack to provide scan result summaries that are easy to review and report to management or operations teams for remediation. Impress your C-suite with vulnerability reports using VulnWhisperer.

Prerequisites:

  • Ubuntu 18 minimum installation
  • Accessible Nessus instance

Recommended Resources:

  • CPU 2
  • Memory 8GB
  • Storage 40GB

I am using an Ubuntu minimum installation virtual machine within VMware ESXI for vulnwhisperer and a separate virtual machine within VMware ESXI with Nessus installed.

Lets start by kicking off an update.

trenchesofit@vulnwhisperer:~$ sudo apt-get update

Docker Installation

Add a few required packages.

trenchesofit@vulnwhisperer:~$ sudo apt-get install  software-properties-common ca-certificates apt-transport-https

Install Docker signed packages.

trenchesofit@vulnwhisperer:~$ sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

Add Docker repositories.

trenchesofit@vulnwhisperer:~$ sudo add-apt-repository \
>  "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
>  $(lsb_release -cs) \
>  stable"

Docker installation.

trenchesofit@vulnwhisperer:~$ sudo apt-get install docker-ce

Enable docker.

trenchesofit@vulnwhisperer:~$ sudo systemctl start docker
trenchesofit@vulnwhisperer:~$ sudo systemctl enable docker

Synchronizing state of docker.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable docker

Lets check the status of the service to ensure all is well.

trenchesofit@vulnwhisperer:~$ systemctl docker status

Docker-Compose Installation

Now lets install docker-compose to simplify the VulnWhisperer installation.

trenchesofit@vulnwhisperer:~$ sudo curl -L https://github.com/docker/compose/releases/download/1.25.0-rc2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

Set execute permissions to the binary.

trenchesofit@vulnwhisperer:~$ sudo chmod +x /usr/local/bin/docker-compose

To ensure the installation was successful, we will check the version installed.

trenchesofit@vulnwhisperer:~$ docker-compose --version

Get the Git Repository

[trenchesofit@VulnWhisperer ~]$ git clone https://github.com/HASecuritySolutions/VulnWhisperer.git

Configure VulnWhisperer

Lets pull the required libraries for Debian based systems.

trenchesofit@vulnwhisperer:~/VulnWhisperer/bin$ sudo apt-get install  zlib1g-dev libxml2-dev libxslt1-dev

Edit the frameworks_example.ini found in the /VulnWhisperer/configs directory. Make the same change within the vulnwhisperer.ini file located in /VulnWhisperer/resources/elk6/

[trenchesofit@localhost configs]$ sudo vi frameworks_example.ini

Here you can edit either the access_key and secret_key or the username and password. The default configuration also looks at the local machine to pull the vulnerability scans, so if your scanner is on another server, ensure to enter that IP after hostname.

Allow additional permissions to the ./data folder located in the VulnWhisperer directory.

trenchesofit@vulnwhisperer:~/VulnWhisperer/$ sudo chmod -R 666 data

Also we will have to add additional permissions to the logstash.yml file located in /VulnWhisperer/resources/elk6/logstash.yml

trenchesofit@vulnwhisperer:~/VulnWhisperer/$ chmod 666 docker/logstash.yml

Finally lets kick off the docker-compose command.

trenchesofit@vulnwhisperer:~/VulnWhisperer/$ sudo docker-compose -f docker-compose.v6.yml up

Execute crontab job at set schedule.

[trtrenchesofit@vulnwhisperer:~/VulnWhisperer/$ sudo vi /etc/crontab

Add the following line.

0 8 * * * /usr/bin/docker-compose up vulnwhisp-vulnwhisperer

Navigate to http://VULNWHISPERER_IP:5601

In the left pane click Management > Saved Objects > Import > VulnWhisperer/resources/elk6/kibana.json. After importing the file you will see 27 new objects.

Last navigate to the Dashboard and analyze the collected vulnerability data.

That’s all there is to it! VulnWhisperer is a great framework for vulnerability management analysis and reporting. Please reach out in the forums if you have any issues with the install or configuration. Until next time “Stay safe in the Trenches of IT!”

Leave a Reply