Security Testing
Tomaso Vasella
Security Testing Using Virtual Environment Made Easy
time to read: 13 minutes
Finally! I’ve got the configuration files I’ve asked weeks ago. I rejoice inwardly. But that only lasts a mere few minutes, if that. The engineers are claiming that the settings are in fact reflecting our security requirements and the PMO is pushing me to validate the results and quickly approve for ISEC compliance.
I’m not that amused after the first look at it… Okay, yes, it looks as if it would meet the minimum ISEC requirements but there is something that catches my eye. I recognize the matter at hand. But there’s one catch: it runs on a different flavor of Linux than the one I’m used to. Where I prefer Debian, this is RHE. I must be – and frankly, I also want to be – as precise as possible when I’m signing off on an open ISEC issue.
It is therefore imperative to me that I get to check the configuration on a running system. And that’s when I see it. The manager’s face. He is not amused. In fact, I have seen him a lot happier at pretty much any other occasion.
Don’t get me wrong, now. I understand where he’s coming from. His concerns are not alien to me at all. But he’s on a deadline and I’m on a deadline and this project needs to be over so that we can move on to other projects.
We find ourselves in the following situation: I’m at a customer’s site. I’ve only got my trusty and much loved MacBook with me that offers a virtualization solution. All in all, I could be worse prepared for the tests. But the thing that bothers me still is the manager. He is just waiting for me to say “I will need another day to test this” and then he’ll sigh and ask if I can speed this up and I will tell him that, no, in the spirit of delivering the best possible result, there’s no cutting corners.
Hang on a minute! I can speed this up. Follow my lead here, dear reader. Trust me on this one. I’ll explain later.
The Magic That I Do
1. Linxs-iMac:~ andrea$ mkdir _SANDBOX Linxs-iMac:~ andrea$ cd _SANDBOX/ Linxs-iMac:_SANDBOX andrea$ mkdir tmp-rh-65-instance-01 Linxs-iMac:_SANDBOX andrea$ cd tmp-rh-65-instance-01/2. Linxs-iMac:tmp-rh-65-instance-01 andrea$ vagrant init chef/centos-6.5 A `Vagrantfile` has been placed in this directory. You are now ready to `vagrant up` your first virtual environment! Please read the comments in the Vagrantfile as well as documentation on `vagrantup.com` for more information on using Vagrant. Linxs-iMac:tmp-rh-65-instance-01 andrea$
3. Linxs-iMac:tmp-rh-65-instance-01 andrea$ vagrant up Bringing machine ‘default’ up with ‘virtualbox’ provider… > default: Box 'chef/centos-6.5' could not be found. Attempting to find and install... default: Box Provider: virtualbox default: Box Version: >= 0 > default: Loading metadata for box ‘chef/centos-6.5’ default: URL: https://vagrantcloud.com/chef/centos-6.5 > default: Adding box 'chef/centos-6.5' (v1.0.0) for provider: virtualbox default: Downloading: https://vagrantcloud.com/chef/centos-6.5/version/1/provider/virtualbox.box default: Progress: 7% (Rate: 3932k/s, Estimated time remaining: 0:02:12) … > default: Successfully added box ‘chef/centos-6.5’ (v1.0.0) for ‘virtualbox’! > default: Importing base box 'chef/centos-6.5'... > default: Matching MAC address for NAT networking… > default: Checking if box 'chef/centos-6.5' is up to date... > default: Setting the name of the VM: tmp-rh-65-instance-01_default_1401974732146_96537 > default: Clearing any previously set network interfaces... > default: Preparing network interfaces based on configuration… default: Adapter 1: nat > default: Forwarding ports... default: 22 => 2222 (adapter 1) > default: Booting VM… > default: Waiting for machine to boot. This may take a few minutes... default: SSH address: 127.0.0.1:2222 default: SSH username: vagrant default: SSH auth method: private key default: Warning: Connection timeout. Retrying... > default: Machine booted and ready! > default: Checking for guest additions in VM... > default: Mounting shared folders… default: /vagrant => /Users/andrea/_SANDBOX/tmp-rh-65-instance-01 Linxs-iMac:tmp-rh-65-instance-01 andrea$
4. Linxs-iMac:tmp-rh-65-instance-01 andrea$ vagrant ssh Last login: Fri Mar 7 16:57:20 2014 from 10.0.2.2 [vagrant@localhost ~]$
5. [vagrant@localhost ~]$ yum search snmp … ============================ N/S Matched: snmp ============================ cluster-snmp.x86_64 : Red Hat Enterprise Linux Cluster Suite – SNMP agent libvirt-snmp.x86_64 : SNMP functionality for libvirt net-snmp.x86_64 : A collection of SNMP protocol tools and libraries net-snmp-devel.i686 : The development environment for the NET-SNMP project net-snmp-devel.x86_64 : The development environment for the NET-SNMP project net-snmp-libs.i686 : The NET-SNMP runtime libraries net-snmp-libs.x86_64 : The NET-SNMP runtime libraries net-snmp-perl.x86_64 : The perl NET-SNMP module and the mib2c tool net-snmp-python.x86_64 : The Python ‘netsnmp’ module for the NET-SNMP net-snmp-utils.x86_64 : Network management utilities using SNMP, from the NET-SNMP project perl-SNMP_Session.noarch : SNMP support for Perl 5 php-snmp.x86_64 : A module for PHP applications that query SNMP-managed devices rsyslog-snmp.x86_64 : SNMP protocol support for rsyslog foghorn.x86_64 : Foghorn DBUS/SNMP service openhpi-subagent.x86_64 : NetSNMP subagent for OpenHPI [vagrant@localhost ~]$ [vagrant@localhost ~]$ yum install net-snmp.x86_64 Loaded plugins: fastestmirror You need to be root to perform this command. [vagrant@localhost ~]$ sudo yum install net-snmp.x86_64 Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp-stud.fht-esslingen.de * extras: ftp.plusline.de * updates: ftp.fau.de Setting up Install Process Resolving Dependencies —> Running transaction check —-> Package net-snmp.x86_64 1:5.5-49.el6_5.1 will be installed —> Processing Dependency: net-snmp-libs = 1:5.5-49.el6_5.1 for package: 1:net-snmp-5.5-49.el6_5.1.x86_64 —> Processing Dependency: perl(Term::ReadLine) for package: 1:net-snmp-5.5-49.el6_5.1.x86_64 …
Dependencies Resolved … Install 9 Package(s)
Total download size: 13 M Installed size: 42 M Is this ok [y/N]: y Downloading Packages: (1/9): lm_sensors-libs-3.1.1-17.el6.x86_64.rpm | 38 kB 00:00 (2/9): net-snmp-5.5-49.el6_5.1.x86_64.rpm | 306 kB 00:00 (3/9): net-snmp-libs-5.5-49.el6_5.1.x86_64.rpm | 1.5 MB 00:00 (4/9): perl-5.10.1-136.el6.x86_64.rpm | 10 MB 00:02 (5/9): perl-Module-Pluggable-3.90-136.el6.x86_64.rpm | 40 kB 00:00 (6/9): perl-Pod-Escapes-1.04-136.el6.x86_64.rpm | 32 kB 00:00 (7/9): perl-Pod-Simple-3.13-136.el6.x86_64.rpm | 212 kB 00:00 (8/9): perl-libs-5.10.1-136.el6.x86_64.rpm | 578 kB 00:00 (9/9): perl-version-0.77-136.el6.x86_64.rpm | 51 kB 00:00 ——————————————————————————————————————————————— Total 3.5 MB/s | 13 MB 00:03 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : lm_sensors-libs-3.1.1-17.el6.x86_64 1/9 Installing : 1:perl-Pod-Escapes-1.04-136.el6.x86_64 2/9 Installing : 4:perl-libs-5.10.1-136.el6.x86_64 3/9 Installing : 1:perl-Pod-Simple-3.13-136.el6.x86_64 4/9 Installing : 3:perl-version-0.77-136.el6.x86_64 5/9 Installing : 1:perl-Module-Pluggable-3.90-136.el6.x86_64 6/9 Installing : 4:perl-5.10.1-136.el6.x86_64 7/9 Installing : 1:net-snmp-libs-5.5-49.el6_5.1.x86_64 8/9 … Installed: net-snmp.x86_64 1:5.5-49.el6_5.1
Dependency Installed: lm_sensors-libs.x86_64 0:3.1.1-17.el6 net-snmp-libs.x86_64 1:5.5-49.el6_5.1 perl.x86_64 4:5.10.1-136.el6 perl-Module-Pluggable.x86_64 1:3.90-136.el6 perl-Pod-Escapes.x86_64 1:1.04-136.el6 perl-Pod-Simple.x86_64 1:3.13-136.el6 perl-libs.x86_64 4:5.10.1-136.el6 perl-version.x86_64 3:0.77-136.el6
Complete!
6. Linxs-iMac:tmp-rh-65-instance-01 andrea$ ll total 56 0 drwxr-xr-x 5 andrea staff 170 5 Jun 15:56 . 0 drwxr-xr-x 3 andrea staff 102 5 Jun 15:16 .. 0 drwxr-xr-x 3 andrea staff 102 5 Jun 15:23 .vagrant 16 -rw-r—r— 1 andrea staff 4822 5 Jun 15:21 Vagrantfile 40 -rw———- 1 andrea staff 18861 5 Jun 15:55 snmpd.conf
7. [vagrant@localhost ~]$ ll /vagrant/ insgesamt 28 -rw———-. 1 vagrant vagrant 18861 5. Jun 13:55 snmpd.conf -rw-r—r—. 1 vagrant vagrant 4822 5. Jun 13:21 Vagrantfile [vagrant@localhost ~]$
8. [vagrant@localhost vagrant]$ sudo cp snmpd.conf /etc/snmp/snmpd.conf [vagrant@localhost vagrant]$ service snmpd restart Stopping snmpd: [ OK ] Starting snmpd: [FAILED]
9. [vagrant@localhost vagrant]$ sudo tail /var/log/messages Jun 5 14:07:33 localhost snmpd11160: Created directory: /var/lib/net-snmp/mib_indexes Jun 5 14:07:33 localhost snmpd11162: NET-SNMP version 5.5 Jun 5 14:08:12 localhost snmpd11162: Received TERM or STOP signal… shutting down… Jun 5 14:08:12 localhost snmpd11181: /etc/snmp/snmpd.conf: line 464 Jun 5 14:08:12 localhost snmpd11181: /etc/snmp/snmpd.conf: line 465 Jun 5 14:08:12 localhost snmpd11181: net-snmp: 2 error(s) in config file(s)
10. [vagrant@localhost vagrant]$ sudo halt
Broadcast message from vagrant@localhost.localdomain (/dev/pts/0) at 14:19 …
The system is going down for halt NOW! [vagrant@localhost vagrant]$ Connection to 127.0.0.1 closed by remote host. Connection to 127.0.0.1 closed. Linxs-iMac:tmp-rh-65-instance-01 andrea$
11. Linxs-iMac:tmp-rh-65-instance-01 andrea$ vagrant destroy default: Are you sure you want to destroy the ‘default’ VM? [y/N] y ==> default: Destroying VM and associated drives… Linxs-iMac:tmp-rh-65-instance-01 andrea$
12. /Users/andrea/_SANDBOX/tmp-rh-65-instance-01/.vagrant/machines/default/virtualbox Linxs-iMac:virtualbox andrea$ ll total 0 0 drwxr-xr-x 2 andrea staff 68 5 Jun 16:20 . 0 drwxr-xr-x 3 andrea staff 102 5 Jun 15:23 .. Linxs-iMac:virtualbox andrea$
My Tricks Revealed
The Tools I used here are the following:
I suppose I don’t have to explain anything about VirtualBox. So let’s have a closer look at Vagrant.
Vagrant is a tool that can be installed on MacOSX, Windows and Linux and works with several virtualization solutions like VirtualBox, VMware Fusion, VMware Workstation, Hyper-V and AWS.
Taken directly from their website, here’s a short explanation of the vagrant design:
Vagrant provides easy to configure, reproducible, and portable work environments built on top of industry-standard technology and controlled by a single consistent workflow to help maximize the productivity and flexibility of you and your team.
To achieve its magic, Vagrant stands on the shoulders of giants. Machines are provisioned on top of VirtualBox, VMware, AWS, or any other provider. Then, industry-standard provisioning tools such as shell scripts, Chef, or Puppet, can be used to automatically install and configure software on the machine.”
Going back to my test that doesn’t take a full day: Vagrant 1.6.3 and VirtualBox 4.3.12 are already installed on my MacBook. You also need Internet access to be able to download the published VM or Boxes in Vagrant terms. I had that.
The whole procedure took me less than 15 minutes. Everyone who already had such experiences, knows very well that the same procedure done all by hand could have taken easily half a day.
Let’s take a close look on the few executed steps:
- Let’s create our playground in a subdirectory
- The command
vagrant initInitializes the VM container and defines how to download the box namedchef/centos-6.5. There are publicly available containers in the Vagrant Cloud, you can discover many others on this website.
You may also create a free account to publish your own box in it.
vagrant upwill execute following tasks:- download the virtual disk locally
- configure the VirtualBox VM instance
- start the virtual machine
- start the VM
- create a user named vagrant and
- configure it for SSH key authentication with the local machine
- configure a local port forwarding on TCP/2222 to connect to the VMs SSH ** daemon (because the machine is hidden behind a NAT configuration)
- create a shared folder between the local machine and the created VM
vagrant sshallows us to login inside the VM as unprivileged uservagrant, for any privileged access to the system you’ll need to usesudo- At this point we need to set the system so that we can use it to test our configuration, in this case we’ll need to install the SNMP daemon (
net-snmp.x86_64) - Now we need to transfer the configuration file to the Virtual Machine. Therefore we’ll copy the received
snmpd.confto the folder where the vagrant box was installed (tmp-rh-65-instance-01) - This folder is synchronized inside the VM under following folder:
/vagrant - Now we’ll overwrite the imported file as the active SNMPd configuration and restart the service needing privileged mode using
sudo
Success! I was right, the configuration proved to have two errors on lines 464 and 465. Now I can state that I would rather accept a configuration that is working before signing off for ISEC requirements.
With my work done and everyone involved impressed, I am beginning clean up. First order of business: Getting my SSD space back. Because, seriously, 256GB SSD just aren’t enough, right? After a quick sudo halt, the system stops.
Back in my MacOSX console, I can simply remove the data by typing vagrant destroy and it’s gone. The only thing remaining is the snmpd.conf file and that can, of course, be removed.
Conclusion
This example just scratches the surface of the Vagrant framework; you can use it to create complex environments with multiple hosts and even provision application frameworks with puppet, CFEngine or even shell scripts.
Imagine a vagrant framework to test the security of web applications that starts in minutes and can be customized precisely for your needs with little effort.
Last but not least you can also share environment that you create or host it privately on your web server or even use only the Vagrant client to connect to a server that will host and run all your machines remotely. Many Vagrant box are shared out there, take a look and ease your workload… because time is still more precious than gold.
About the Author
Links
You need support in such a project?
Our experts will get in contact with you!
×
Active Directory certificate services
Eric Maurer
Foreign Entra Workload Identities
Marius Elmiger
Active Directory certificate services
Eric Maurer
You need support in such a project?
Our experts will get in contact with you!