March 14, 2007

Customized NetReg 1.5.1 with Nessus 3.0.5

Filed under: Fedora/Xen (archived),NetReg (archived) — jason @ 8:16 pm

I have NetReg 1.5.1 (along with my personal customizations to it) running in a Fedora Core 6 Xen VM and using the Nessus 3.0.5-fc6 rpm. Here’s the skinny:

  • Get NetReg from http://www.netreg.org
  • Get the Nessus RPM from http://www.nessus.org
  • yum install httpd for Apache.
  • yum install mod_ssl for https communications.
  • yum install dhcp for the DHCP server.
  • yum install bind for the DNS server.
  • yum install php to support PHP for my modifications.
  • yum install php-pear for an easy way to obtain PHP packages.
  • pear config-set http_proxy http://xxx.xxx.xxx.xxx:3128 for me, since I’m behind a firewall and using a proxy.
  • pear install HTTP_Request to get a PHP class required by my code.
  • rpm -i Nessus-3.0.5-fc6.i386.rpm to install the Nessus rpm.
  • yum install gcc for the GNU C compiler to build Perl modules.
  • yum install openssl-devel for SSL libraries required by some Perl modules.

Now you have everything you need to set up NetReg and Nessus. You can follow the NetReg install guide for the most part, changing only your approach to the Nessus section since you downloaded an rpm instead.

In place of the DNS configuration that allows certain names to be looked up for real, my situation warrants a completely bogus DNS. I have reused DNS configuration from older versions of Netreg, namely:

/var/named/chroot/etc/named.conf looks like this:

server 172.16.1.21 {
bogus yes;
};

options {
directory “/var/named”;
recursion no;
};

zone “.” in {
type master;
file “db.root”;
};

and /var/named/chroot/var/named/db.root looks like this:

. IN SOA netreg.someplace.org. root.netreg.someplace.org. (
1 10800 3600 604800 86400 )
IN NS netreg.someplace.org.
netreg 86400 IN A 172.16.1.21
*. 86400 IN A 172.16.1.21

• • •

2 Comments »

  1. So, I know this post is totally old, but it seems that you know a lot about NetReg.

    I’m trying to set my NetReg server to allow people to get to certain sites (i.e., apple, windows, symantec) in order to get updates, etc.

    I guess right now I’m just seeing if you even look at this anymore. If you do, I could send you my config files and let you know where I’m at!

    Thanks!

    Comment by Max McGrath — August 3, 2010 @ 3:10 pm

  2. Guilty of not actively pursuing NetReg anymore… we have succumbed to one of the network access control appliances, though I have often thought that I could still resurrect NetReg or write my own to give me the controls that I find useful without the headache of said appliance. However, if you look at the 1.5.1 HOWTO document at http://netreg.sourceforge.net/contrib/NetReg-1.5.1-HowTo.pdf starting on page 17, you can see where they have the NetReg DNS forward certain zones to a real DNS server so that they will correctly resolve.

    Comment by jason — August 5, 2010 @ 6:35 pm

Comments RSSTrackBack URI

Leave a comment

*
To prove you're a person (not a spam script), type the security word shown in the picture.
Anti-spam image

Powered by WordPress |•| Wordpress Themes by priss