Wednesday, 25 July 2012

Nessus OOM FFS

A year or two ago I setup a number of Nessus servers monitoring a few /16 network blocks.

Now I find that generating reports doesn't work, it seems to be getting out-of-memory errors while attempting to perform XSL translations on the reports.

A while back I wrote a script that aggregates reports together from various Nessus servers and creates a single report. This is useful because you can have some sections of your 'production' network scanned with one profile and others with a second profile - the script can put it all together as a single report for the 'Production' network - mail stakeholders with summary information etc.

So luckily I can get around the OOM errors by slicing up my networks into smaller chunks and scanning separately and gluing back together afterwards automagically!

I suspect others are in a far crappier situation. I can't share the script here but will help people out who are trying to do the same thing, lots of people appear to be struggling with this:;jsessionid=E9CDE4763C791FC9778A6AAE2283FBAC;jsessionid=5A10E85F73FB36AAF8172B6558FD10E4?tstart=0

Wouldn't it be nice if Tenable fix this before we all find better alternatives?

Monday, 23 July 2012

Encrypting files using SSH Keypairs and OpenSSL

There are a number of reasons why you don't want to do this, go and use GPG or something similar to perform your encryption. 

That said, if you're in a situation where you have a secret that needs securing before transmission to a specific party and the only credential for the recipient you have is their SSH Public Key then read on...

To start with you're going to need OpenSSL and SSH installed, we need SSH to convert the keys and we'll perform the actual encryption using OpenSSL.

Use SSH to convert the normal public key into something more usable by OpenSSL:

ssh-keygen -f -e -m pkcs8 > id_rsa.pub8

Use OpenSSL to encrypt 'secrets.txt' using the public key:
openssl rsautl -encrypt -inkey id_rsa.pub8 -pubin -in secrets.txt -out secrets.ssl

The recipient of the file can decrypt it using their corresponding private key:
openssl rsautl -decrypt -inkey id_rsa -in secrets.ssl -out secrets.txt

Voila! Simple public key encryption using SSH keys.

Be aware that we are doing direct RSA encryption here, which means you can only encrypt very small amounts of data. Anything bigger will typically use a symmetric algorithm like AES for encryption and use RSA to protect the AES key.