4. Setup¶

4.2.1. Keyboard layout¶

First check the keyboard layout of the appliance and if necessary, set it appropriately to your required needs and locale. To configure the keyboard layout start the administrative menu from the command line after you logged into the appliance as admin (see section Log in as admin). Entering the command gos-admin-menu will bring up the administrative menu (see figure Greenbone OS Admin Menu).

Greenbone OS Admin Menu

In this menu select the first option Keyboard using the arrow keys and confirm with Enter [1]. Select the desired layout in the new dialog. After confirming the selection the option Commit must be selected and confirmed with Enter. The change will be confirmed with the message The keyboard changes are submitted and become active within the next 5 minutes. Alternative by selecting the Rollback option you can return to the original state.

Footnotes

4.2.2. Network¶

The configuration of the network adapter eth0 is required to perform the base configuration and to attach the appliance to the network. To configure the adapter start the admin menu from the command line after logging in as admin (see section Log in as admin). Enter the command gos-admin-menu at the command line. A text based menu will be displayed which can be navigated by using the arrow keys and the Enter-key (see figure Greenbone OS Admin Menu).

Under the menu option Network the network settings can be set. A new menu (see figure Greenbone OS Admin: Network configuration) with the following options will be displayed:

• DNS: Configuration of the DNS servers. These are not set automatically even when DHCP is used. The DHCP settings only have an effect on the IP-address and the default gateway!
• NTP: Configuration on the NTP servers. These are also not set automatically when DHCP is used. The DHCP settings only have an effect on the IP-address and the default gateway!
• ETH: Configuration of the Ethernet adapters.
• SNMP: Configuration of the SNMP-Trap-Settings. The community string for an external SNMP-Trap-Receiver for error messages can be configured.
• Email: Configuration of an external mail server for sending GSM emails (such as scan reports).

Greenbone OS Admin: Network configuration

To configure the IP address of the management port use option ETH. eth0 is of special importance. This adapter is being used as the management port. The other possible adapters can be disregarded during the base configuration. The eth0 adapter relates to the physical appliance adapter LAN1.

Greenbone OS Admin: Ethernet configuration

By selecting option eth0 the network adapter can be configured. There are three options:

dhcp:

The IP address of the network adapter is configured via DHCP. This relates only to the IP address and the default gateway and not the DNS servers in use.

IP address:

Entering an IP address with CIDR-netmask sets the IP address. The netmask must be entered as CIDR notation (/24, /25, and so on) and not as bitmask (255.255.255.0).

Blank:

The network adapter is deactivated.

When setting a static IP address you must also set the default gateway in order to receive the GSM feeds and updates through the network. It can be set in the Network-ETH-Default Route. Entering the IP address of the default gateway is enough. All changes must be confirmed by Commit.

4.2.3. Management Adapter¶

If more than one network adapters are available you can chose through which network adapter the administrative interface of the GSM will be available. This is set by the GSM variable ifadm.

4.2.4. DNS configuration¶

In order to receive GSM feeds and updates you require a reachable DNS server for name resolution. In the factory default settings two Google name servers are configured:

• google-public-dns-a.google.com: 8.8.8.8
• google-public-dns-b.google.com: 8.8.4.4

The default DNS servers should be replace by your own DNS servers. This is especially necessary when the GSM cannot reach the Google DNS servers due to firewall rules. You can add up to three DNS servers. All changes must be confirmed by Commit.

If the DNS-servers can be reached is shown in the Readiness-Check (see section Readiness)

4.2.5. Password change¶

Also during the base configuration the password for the GSM administrator should be changed. The factory setting admin/admin is not suitable for a production environment.

The respective function is available in the Greenbone OS administration tool (GOS-Admin-menu) under User. The following user roles can be configured:

1. GSM-Admin: This is the administrator which can log into via command line (ie. via serial port).
2. Web-Admin: This is the administrator which can log into the web interface.

To change the administrator password select the option GSM Admin. You will be asked to enter the current (UNIX) password of the administrator. Afterwards you must enter the new password twice.

This change is effective immediately. A commit of the change is not required. A rollback is not possible either.

Changing of the GSM administrator password

4.2.6. Setting up the web interface¶

Access to the Greenbone Security Manager primarily occurs through the web interface. To use it properly the following two steps are required:

1. Creation of a web administrator

   This user is used to log into the web interface with administrative rights. This user can use all of the features within the web interface.

2. Creation of a SSL certificate

   The SSL certificate is required to for the encrypted communication via HTTPS and OMP with the GSM. A self-signed certificate can be created or issue a certificate from a certificate authority (see section Certificate by an external certificate authority)

4.2.6.3. Self-signed certificate¶

To create a new self-signed certificate chose option SSL in the GOS-Admin-Menu and then select Self-Signed. You will be prompted with a couple of questions. The certificate is build based on the respective answers. The declaration of commonName is not critical as it is not part of the certificate.

The creation of a self-signed occurs via dialog.