5 Setting up the Greenbone Enterprise Appliance

This chapter provides specific setup guides for all current appliance models:

  • Greenbone Enterprise 5400/6500 → Chapter 5.1
  • Greenbone Enterprise 400/450/600/650 → Chapter 5.2
  • Greenbone Enterprise 150 → Chapter 5.3
  • Greenbone Enterprise 35 → Chapter 5.4
  • Greenbone Enterprise CENO/DECA/TERA/PETA/EXA → Chapter 5.5
  • Greenbone Enterprise 25V → Chapter 5.6
  • Greenbone Enterprise ONE → Chapter 5.7

5.1 Greenbone Enterprise 5400/6500

This setup guide shows the steps required to put a Greenbone Enterprise 5400/6500 into operation.

5.1.1 Installing the Appliance

The Greenbone Enterprise 5400 and Greenbone Enterprise 6500 are 19-inch mountable and require two rack units (RU). Rack holders for the installation in a 19-inch rack are supplied.

For cabling, the Greenbone Enterprise 5400 and Greenbone Enterprise 6500 have corresponding connectors at the front and back:

  • Front
    • 1 RS-232 serial port, Cisco compatible, suitable cable is enclosed
    • 2 USB 2.0 ports
    • 2 RJ45 Ethernet ports, labeled “MGMT”, for management
    • Up to 4 optional modules with additional Ethernet ports (RJ45, SFP, SFP+ or XFP)
  • Back
    • 1 VGA port
    • 2 USB 3.0 ports
    • 2 USB 2.0 ports
    • 2 power supplies

The installation requires either a monitor and a keyboard or a serial console connection and a terminal application.

5.1.2 Utilizing the Serial Port

The enclosed console cable is used for utilizing the serial port. Alternatively, a blue Cisco console cable (rollover cable) can be used.

To access the serial port, a terminal application is required. The application must be configured to a speed of 9600 bits/s (Baud).

Under Linux, the command screen can be used in the command line to access the serial port. The device providing the serial port must be passed as a parameter:

screen /dev/ttyS0  #(for serial port)
screen /dev/ttyUSB0 #(for USB adapter)

Tip

After starting screen, it may be necessary to press Enter several times to see a command prompt.

To close the serial connection, press Ctrl + a and immediately afterwards \.

In Microsoft Windows, PuTTY can be used. After starting it, the options as shown in Fig. 5.1 and the appropriate serial port must be selected.

_images/putty_serial.png

Fig. 5.1 Setting up the serial port in PuTTY

5.1.3 Starting the Appliance

Once the appliance is fully wired, a connection to the appliance using the console cable is achieved and the terminal application (PuTTY, screen or similar) is set up, the appliance can be started.

The appliance will boot and after a short time – depending on the exact model – the first messages will be displayed in the terminal application.

5.1.4 Performing a General System Setup

All appliances share the same way of basic configuration and readiness check.

When the appliance is delivered by Greenbone Networks or after a factory reset, the GOS administration menu shows the first setup wizard after logging in to assist with the basic GOS configuration (see Fig. 5.2).

_images/first_setup_wizard_1.png

Fig. 5.2 Using the first setup wizard

By selecting Yes and pressing Enter the first setup wizard is opened.

Note

By selecting No and pressing Enter the wizard can be closed. Incomplete steps are displayed when logging in again.

By selecting Cancel and pressing Enter the wizard can be closed as well. However, in this case, incomplete steps are not displayed again.

The first setup wizard is dynamic and shows only those steps necessary to operate the used appliance model. In the following, all possible steps are mentioned but they may not appear in every case.

In case of a factory reset, all steps have to be carried out (see 20.8).

Every step can be skipped by selecting Skip or No and pressing Enter. Skipped steps are displayed when logging in again.

1. Configuring the Network

The network must be set up for the appliance to be fully functional. If there is no IP address configured, it is asked whether the network settings should be adjusted (see Fig. 5.3).

_images/first_setup_wizard_10.png

Fig. 5.3 Configuring the network settings

  1. Select Yes and press Enter.

  2. Select Interfaces and press Enter.

  3. Select the desired interface and press Enter.

    → The interface can be configured.

  4. If DHCP should be used, select DHCP (for IPv4 or IPv6) and press Enter (see Fig. 5.4).

    _images/first_setup_wizard_12.png

    Fig. 5.4 Configuring the network interface

  5. Select Save and press Enter.

  6. Select Back and press Enter.

  7. Select Back and press Enter.

  8. Select Ready and press Enter.

    or

  1. If a static IP address should be used, select Static IP (for IPv4 or IPv6) and press Enter.

  2. Enter the IP address including the prefix length in the input box (see Fig. 5.5).

    _images/first_setup_wizard_13.png

    Fig. 5.5 Entering a static IP address

  3. Press Enter.

    → A message informs that the changes have to be saved.

  4. Press Enter to close the message.

  5. Select Save and press Enter.

  6. Select Back and press Enter.

  7. Select Back and press Enter.

  8. Select Ready and press Enter.

2. Importing or Generating an HTTPS Certificate

An HTTPS certificate must present on the appliance to use the web interface securely. The certificate can be imported or generated as follows:

  1. Select Import and press Enter (see Fig. 5.6).

    → A message informs that a PKCS#12 file can be imported.

    _images/first_setup_wizard_2.png

    Fig. 5.6 Importing or generating an HTTPS certificate

  2. Select Continue and press Enter.

  3. Open the web browser and enter the displayed URL.

  4. Click Browse…, select the PKCS#12 file and click Upload.

    → When the certificate is retrieved by the appliance, the GOS administration menu displays the fingerprint of the certificate for verification.

  5. Check the fingerprint and confirm the certificate by pressing Enter.

    or

  1. Select Generate and press Enter.

    → A message informs that parameters have to be entered to generate the certificate.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate (see Fig. 5.7).

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

    _images/first_setup_wizard_3.png

    Fig. 5.7 Entering information for the certificate

  4. Select OK and press Enter.

    → A message informs that the certificate is created and can be downloaded (see Fig. 5.8).

    Note

    The download is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.1, steps 1 – 4 and 9 – 13.

    _images/first_setup_wizard_8.png

    Fig. 5.8 Completing the HTTPS certificate

    or

  1. Select CSR and press Enter.

    → A message informs that a key pair and a certificate request are created.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate.

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

  4. Select OK and press Enter.

  5. Open the web browser and enter the displayed URL.

  6. Download the PEM file.

    → The GOS administration menu displays a message to verify that the CSR has not been tampered with.

  7. Verify the information by pressing Enter.

    Note

    When the certificate is signed, it has to be uploaded to the appliance. The upload is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.2, steps 1 – 4 and 11 – 14.

3. Creating a Web Administrator

If there is no web administrator, it is asked whether such an account should be created (see Fig. 5.9).

Note

A web administrator is required to use the web interface of the appliance.

The first web administrator (web user) that is created is automatically the Feed Import Owner (see Chapter 7.2.1.9).

_images/first_setup_wizard_7.png

Fig. 5.9 Creating a web administrator

  1. Select Yes and press Enter.

  2. Enter the user name for the web administrator.

  3. Enter the password for the web administrator twice.

  4. Select OK and press Enter.

    → A message informs that the web administrator has been created.

  5. Press Enter to close the message.

4. Entering or Uploading a Greenbone Enterprise Feed Subscription Key

If no valid subscription key is stored on the appliance, the appliance only uses the public Greenbone Community Feed and not the Greenbone Enterprise Feed. A subscription key can be entered or uploaded as follows:

  1. Select Editor and press Enter (see Fig. 5.10).

    → The editor is opened.

    _images/first_setup_wizard_9.png

    Fig. 5.10 Entering or uploading a subscription key

  2. Enter the subscription key.

  3. Press Ctrl + X.

  4. Press Y to save the changes.

  5. Press Enter.

    or

  1. Select HTTP Upload and press Enter.
  2. Open the web browser and enter the displayed URL.
  3. Click Browse…, select the subscription key and click Upload.

5. Downloading the Feed

If no feed is present on the appliance, the feed can be downloaded as follows:

  1. Select Yes and press Enter (see Fig. 5.11).

    _images/first_setup_wizard_4.png

    Fig. 5.11 Downloading the feed

    → A message informs that the feed update was started in the background (see Fig. 5.12).

    _images/first_setup_wizard_5.png

    Fig. 5.12 Downloading the feed

  2. Press Enter to close the message.

6. Finishing the First Setup Wizard

Note

After the last step, a status check is performed.

  1. When the check is finished, press Enter.

    → The results of the check are displayed (see Fig. 5.13).

    _images/first_setup_wizard_6.png

    Fig. 5.13 Result of the status check

  1. Press Enter.

    → The GOS administration menu can be used as described in Chapter 7.

    If there are any unfinished or skipped steps, the first setup wizard is shown when logging in again.

5.1.5 Logging into the Web Interface

The main interface of the appliance is the web interface, also called Greenbone Security Assistant (GSA). The web interface can be accessed as described in Chapter 8.1.

5.2 Greenbone Enterprise 400/450/600/650

This setup guide shows the steps required to put a Greenbone Enterprise 400/450/600/650 into operation.

5.2.1 Installing the Appliance

The Greenbone Enterprise 400, Greenbone Enterprise 450, Greenbone Enterprise 600 and Greenbone Enterprise 650 are 19-inch mountable and require one rack unit (RU). Rack holders for the installation in a 19-inch rack are supplied.

For cabling, the Greenbone Enterprise 400, Greenbone Enterprise 450, Greenbone Enterprise 600 and Greenbone Enterprise 650 have corresponding connectors at the front and back:

  • Front
    • 1 RS-232 serial port, Cisco compatible, suitable cable is enclosed
    • 2 USB 3.0 ports
    • 6 RJ45 Ethernet ports
    • 2 SFP Ethernet ports
  • Back
    • 1 VGA port
    • 1 power supply

The installation requires either a monitor and a keyboard or a serial console connection and a terminal application.

5.2.2 Utilizing the Serial Port

The enclosed console cable is used for utilizing the serial port. Alternatively, a blue Cisco console cable (rollover cable) can be used.

To access the serial port, a terminal application is required. The application must be configured to a speed of 9600 bits/s (Baud).

Under Linux, the command screen can be used in the command line to access the serial port. The device providing the serial port must be passed as a parameter:

screen /dev/ttyS0  #(for serial port)
screen /dev/ttyUSB0 #(for USB adapter)

Tip

After starting screen, it may be necessary to press Enter several times to see a command prompt.

To close the serial connection, press Ctrl + a and immediately afterwards \.

In Microsoft Windows, PuTTY can be used. After starting it, the options as shown in Fig. 5.1 and the appropriate serial port must be selected.

_images/putty_serial.png

Fig. 5.14 Setting up the serial port in PuTTY

5.2.3 Starting the Appliance

Once the appliance is fully wired, a connection to the appliance using the console cable is achieved and the terminal application (PuTTY, screen or similar) is set up, the appliance can be started.

The appliance will boot and after a short time – depending on the exact model – the first messages will be displayed in the terminal application.

5.2.4 Performing a General System Setup

All appliances share the same way of basic configuration and readiness check.

When the appliance is delivered by Greenbone Networks or after a factory reset, the GOS administration menu shows the first setup wizard after logging in to assist with the basic GOS configuration (see Fig. 5.15).

_images/first_setup_wizard_1.png

Fig. 5.15 Using the first setup wizard

By selecting Yes and pressing Enter the first setup wizard is opened.

Note

By selecting No and pressing Enter the wizard can be closed. Incomplete steps are displayed when logging in again.

By selecting Cancel and pressing Enter the wizard can be closed as well. However, in this case, incomplete steps are not displayed again.

The first setup wizard is dynamic and shows only those steps necessary to operate the used appliance model. In the following, all possible steps are mentioned but they may not appear in every case.

In case of a factory reset, all steps have to be carried out (see 20.8).

Every step can be skipped by selecting Skip or No and pressing Enter. Skipped steps are displayed when logging in again.

1. Configuring the Network

The network must be set up for the appliance to be fully functional. If there is no IP address configured, it is asked whether the network settings should be adjusted (see Fig. 5.16).

_images/first_setup_wizard_10.png

Fig. 5.16 Configuring the network settings

  1. Select Yes and press Enter.

  2. Select Interfaces and press Enter.

  3. Select the desired interface and press Enter.

    → The interface can be configured.

  4. If DHCP should be used, select DHCP (for IPv4 or IPv6) and press Enter (see Fig. 5.17).

    _images/first_setup_wizard_12.png

    Fig. 5.17 Configuring the network interface

  5. Select Save and press Enter.

  6. Select Back and press Enter.

  7. Select Back and press Enter.

  8. Select Ready and press Enter.

    or

  1. If a static IP address should be used, select Static IP (for IPv4 or IPv6) and press Enter.

  2. Enter the IP address including the prefix length in the input box (see Fig. 5.18).

    _images/first_setup_wizard_13.png

    Fig. 5.18 Entering a static IP address

  3. Press Enter.

    → A message informs that the changes have to be saved.

  4. Press Enter to close the message.

  5. Select Save and press Enter.

  6. Select Back and press Enter.

  7. Select Back and press Enter.

  8. Select Ready and press Enter.

2. Importing or Generating an HTTPS Certificate

An HTTPS certificate must present on the appliance to use the web interface securely. The certificate can be imported or generated as follows:

  1. Select Import and press Enter (see Fig. 5.19).

    → A message informs that a PKCS#12 file can be imported.

    _images/first_setup_wizard_2.png

    Fig. 5.19 Importing or generating an HTTPS certificate

  2. Select Continue and press Enter.

  3. Open the web browser and enter the displayed URL.

  4. Click Browse…, select the PKCS#12 file and click Upload.

    → When the certificate is retrieved by the appliance, the GOS administration menu displays the fingerprint of the certificate for verification.

  5. Check the fingerprint and confirm the certificate by pressing Enter.

    or

  1. Select Generate and press Enter.

    → A message informs that parameters have to be entered to generate the certificate.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate (see Fig. 5.20).

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

    _images/first_setup_wizard_3.png

    Fig. 5.20 Entering information for the certificate

  4. Select OK and press Enter.

    → A message informs that the certificate is created and can be downloaded (see Fig. 5.21).

    Note

    The download is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.1, steps 1 – 4 and 9 – 13.

    _images/first_setup_wizard_8.png

    Fig. 5.21 Completing the HTTPS certificate

    or

  1. Select CSR and press Enter.

    → A message informs that a key pair and a certificate request are created.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate.

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

  4. Select OK and press Enter.

  5. Open the web browser and enter the displayed URL.

  6. Download the PEM file.

    → The GOS administration menu displays a message to verify that the CSR has not been tampered with.

  7. Verify the information by pressing Enter.

    Note

    When the certificate is signed, it has to be uploaded to the appliance. The upload is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.2, steps 1 – 4 and 11 – 14.

3. Creating a Web Administrator

If there is no web administrator, it is asked whether such an account should be created (see Fig. 5.22).

Note

A web administrator is required to use the web interface of the appliance.

The first web administrator (web user) that is created is automatically the Feed Import Owner (see Chapter 7.2.1.9).

_images/first_setup_wizard_7.png

Fig. 5.22 Creating a web administrator

  1. Select Yes and press Enter.

  2. Enter the user name for the web administrator.

  3. Enter the password for the web administrator twice.

  4. Select OK and press Enter.

    → A message informs that the web administrator has been created.

  5. Press Enter to close the message.

4. Entering or Uploading a Greenbone Enterprise Feed Subscription Key

If no valid subscription key is stored on the appliance, the appliance only uses the public Greenbone Community Feed and not the Greenbone Enterprise Feed. A subscription key can be entered or uploaded as follows:

  1. Select Editor and press Enter (see Fig. 5.23).

    → The editor is opened.

    _images/first_setup_wizard_9.png

    Fig. 5.23 Entering or uploading a subscription key

  2. Enter the subscription key.

  3. Press Ctrl + X.

  4. Press Y to save the changes.

  5. Press Enter.

    or

  1. Select HTTP Upload and press Enter.
  2. Open the web browser and enter the displayed URL.
  3. Click Browse…, select the subscription key and click Upload.

5. Downloading the Feed

If no feed is present on the appliance, the feed can be downloaded as follows:

  1. Select Yes and press Enter (see Fig. 5.24).

    _images/first_setup_wizard_4.png

    Fig. 5.24 Downloading the feed

    → A message informs that the feed update was started in the background (see Fig. 5.25).

    _images/first_setup_wizard_5.png

    Fig. 5.25 Downloading the feed

  2. Press Enter to close the message.

6. Finishing the First Setup Wizard

Note

After the last step, a status check is performed.

  1. When the check is finished, press Enter.

    → The results of the check are displayed (see Fig. 5.26).

    _images/first_setup_wizard_6.png

    Fig. 5.26 Result of the status check

  1. Press Enter.

    → The GOS administration menu can be used as described in Chapter 7.

    If there are any unfinished or skipped steps, the first setup wizard is shown when logging in again.

5.2.5 Logging into the Web Interface

The main interface of the appliance is the web interface, also called Greenbone Security Assistant (GSA). The web interface can be accessed as described in Chapter 8.1.

5.3 Greenbone Enterprise 150

This setup guide shows the steps required to put a Greenbone Enterprise 150 into operation.

5.3.1 Installing the Appliance

The Greenbone Enterprise 150 is 19-inch mountable and requires one rack unit (RU). The optional RACKMOUNT150 kit provides the rack holders for installing the appliance in a 19-inch rack.

For stand-alone appliances, four self-sticking rubber pads have to be mounted on the corresponding bottom side embossments.

For cabling, the Greenbone Enterprise 150 has corresponding connectors at the front and back:

  • Front
    • 1 RS-232 serial port, Cisco compatible, suitable cable is enclosed
    • 2 USB 3.0 ports
    • 1 HDMI port
    • 4 RJ45 Ethernet ports
  • Back
    • 1 power supply

The installation requires either a monitor and a keyboard or a serial console connection and a terminal application.

5.3.2 Utilizing the Serial Port

The enclosed console cable is used for utilizing the serial port. Alternatively, a blue Cisco console cable (rollover cable) can be used.

To access the serial port, a terminal application is required. The application must be configured to a speed of 9600 bits/s (Baud).

Under Linux, the command screen can be used in the command line to access the serial port. The device providing the serial port must be passed as a parameter:

screen /dev/ttyS0  #(for serial port)
screen /dev/ttyUSB0 #(for USB adapter)

Tip

After starting screen, it may be necessary to press Enter several times to see a command prompt.

To close the serial connection, press Ctrl + a and immediately afterwards \.

In Microsoft Windows, PuTTY can be used. After starting it, the options as shown in Fig. 5.1 and the appropriate serial port must be selected.

_images/putty_serial.png

Fig. 5.27 Setting up the serial port in PuTTY

5.3.3 Starting the Appliance

Once the appliance is fully wired, a connection to the appliance using the console cable is achieved and the terminal application (PuTTY, screen or similar) is set up, the appliance can be started.

The appliance will boot and after a short time – depending on the exact model – the first messages will be displayed in the terminal application.

5.3.4 Performing a General System Setup

All appliances share the same way of basic configuration and readiness check.

When the appliance is delivered by Greenbone Networks or after a factory reset, the GOS administration menu shows the first setup wizard after logging in to assist with the basic GOS configuration (see Fig. 5.28).

_images/first_setup_wizard_1.png

Fig. 5.28 Using the first setup wizard

By selecting Yes and pressing Enter the first setup wizard is opened.

Note

By selecting No and pressing Enter the wizard can be closed. Incomplete steps are displayed when logging in again.

By selecting Cancel and pressing Enter the wizard can be closed as well. However, in this case, incomplete steps are not displayed again.

The first setup wizard is dynamic and shows only those steps necessary to operate the used appliance model. In the following, all possible steps are mentioned but they may not appear in every case.

In case of a factory reset, all steps have to be carried out (see 20.8).

Every step can be skipped by selecting Skip or No and pressing Enter. Skipped steps are displayed when logging in again.

1. Configuring the Network

The network must be set up for the appliance to be fully functional. If there is no IP address configured, it is asked whether the network settings should be adjusted (see Fig. 5.29).

_images/first_setup_wizard_10.png

Fig. 5.29 Configuring the network settings

  1. Select Yes and press Enter.

  2. Select Interfaces and press Enter.

  3. Select the desired interface and press Enter.

    → The interface can be configured (see Fig. 5.30).

    _images/first_setup_wizard_12.png

    Fig. 5.30 Configuring the network interface

  4. If DHCP should be used, select DHCP (for IPv4 or IPv6) and press Enter.

  5. Select Save and press Enter.

  6. Select Back and press Enter.

  7. Select Back and press Enter.

  8. Select Ready and press Enter.

    or

  1. If a static IP address should be used, select Static IP (for IPv4 or IPv6) and press Enter.

  2. Enter the IP address including the prefix length in the input box (see Fig. 5.31).

    _images/first_setup_wizard_13.png

    Fig. 5.31 Entering a static IP address

  3. Press Enter.

    → A message informs that the changes have to be saved.

  4. Press Enter to close the message.

  5. Select Save and press Enter.

  6. Select Back and press Enter.

  7. Select Back and press Enter.

  8. Select Ready and press Enter.

2. Importing or Generating an HTTPS Certificate

An HTTPS certificate must present on the appliance to use the web interface securely. The certificate can be imported or generated as follows:

  1. Select Import and press Enter (see Fig. 5.32).

    → A message informs that a PKCS#12 file can be imported.

    _images/first_setup_wizard_2.png

    Fig. 5.32 Importing or generating an HTTPS certificate

  2. Select Continue and press Enter.

  3. Open the web browser and enter the displayed URL.

  4. Click Browse…, select the PKCS#12 file and click Upload.

    → When the certificate is retrieved by the appliance, the GOS administration menu displays the fingerprint of the certificate for verification.

  5. Check the fingerprint and confirm the certificate by pressing Enter.

    or

  1. Select Generate and press Enter.

    → A message informs that parameters have to be entered to generate the certificate.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate (see Fig. 5.33).

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

    _images/first_setup_wizard_3.png

    Fig. 5.33 Entering information for the certificate

  4. Select OK and press Enter.

    → A message informs that the certificate is created and can be downloaded (see Fig. 5.34).

    Note

    The download is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.1, steps 1 – 4 and 9 – 13.

    _images/first_setup_wizard_8.png

    Fig. 5.34 Completing the HTTPS certificate

    or

  1. Select CSR and press Enter.

    → A message informs that a key pair and a certificate request are created.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate.

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

  4. Select OK and press Enter.

  5. Open the web browser and enter the displayed URL.

  6. Download the PEM file.

    → The GOS administration menu displays a message to verify that the CSR has not been tampered with.

  7. Verify the information by pressing Enter.

    Note

    When the certificate is signed, it has to be uploaded to the appliance. The upload is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.2, steps 1 – 4 and 11 – 14.

3. Creating a Web Administrator

If there is no web administrator, it is asked whether such an account should be created (see Fig. 5.35).

Note

A web administrator is required to use the web interface of the appliance.

The first web administrator (web user) that is created is automatically the Feed Import Owner (see Chapter 7.2.1.9).

_images/first_setup_wizard_7.png

Fig. 5.35 Creating a web administrator

  1. Select Yes and press Enter.

  2. Enter the user name for the web administrator.

  3. Enter the password for the web administrator twice.

  4. Select OK and press Enter.

    → A message informs that the web administrator has been created.

  5. Press Enter to close the message.

4. Entering or Uploading a Greenbone Enterprise Feed Subscription Key

If no valid subscription key is stored on the appliance, the appliance only uses the public Greenbone Community Feed and not the Greenbone Enterprise Feed. A subscription key can be entered or uploaded as follows:

  1. Select Editor and press Enter (see Fig. 5.36).

    → The editor is opened.

    _images/first_setup_wizard_9.png

    Fig. 5.36 Entering or uploading a subscription key

  2. Enter the subscription key.

  3. Press Ctrl + X.

  4. Press Y to save the changes.

  5. Press Enter.

    or

  1. Select HTTP Upload and press Enter.
  2. Open the web browser and enter the displayed URL.
  3. Click Browse…, select the subscription key and click Upload.

5. Downloading the Feed

If no feed is present on the appliance, the feed can be downloaded as follows:

  1. Select Yes and press Enter (see Fig. 5.37).

    _images/first_setup_wizard_4.png

    Fig. 5.37 Downloading the feed

    → A message informs that the feed update was started in the background (see Fig. 5.38).

    _images/first_setup_wizard_5.png

    Fig. 5.38 Downloading the feed

  2. Press Enter to close the message.

6. Finishing the First Setup Wizard

Note

After the last step, a status check is performed.

  1. When the check is finished, press Enter.

    → The results of the check are displayed (see Fig. 5.39).

    _images/first_setup_wizard_6.png

    Fig. 5.39 Result of the status check

  1. Press Enter.

    → The GOS administration menu can be used as described in Chapter 7.

    If there are any unfinished or skipped steps, the first setup wizard is shown when logging in again.

5.3.5 Logging into the Web Interface

The main interface of the appliance is the web interface, also called Greenbone Security Assistant (GSA). The web interface can be accessed as described in Chapter 8.1.

5.4 Greenbone Enterprise 35

This setup guide shows the steps required to put a Greenbone Enterprise 35 into operation.

5.4.1 Installing the Appliance

The Greenbone Enterprise 35 is 19-inch mountable and requires one rack unit (RU). The optional RACKMOUNT35 kit provides the rack holders for installing the appliance in a 19-inch rack.

For stand-alone appliances, four self-sticking rubber pads have to be mounted on the corresponding bottom side embossments.

For cabling, the Greenbone Enterprise 35 has corresponding connectors at the front and back:

  • Front
    • 1 RS-232 serial port, Cisco compatible, suitable cable is enclosed
    • 2 USB 3.0 ports
    • 1 HDMI port
    • 4 RJ45 Ethernet ports
  • Back
    • 1 power supply

The installation requires either a monitor and a keyboard or a serial console connection and a terminal application.

5.4.2 Utilizing the Serial Port

The enclosed console cable is used for utilizing the serial port. Alternatively, a blue Cisco console cable (rollover cable) can be used.

To access the serial port, a terminal application is required. The application must be configured to a speed of 9600 bits/s (Baud).

Under Linux, the command screen can be used in the command line to access the serial port. The device providing the serial port must be passed as a parameter:

screen /dev/ttyS0  #(for serial port)
screen /dev/ttyUSB0 #(for USB adapter)

Tip

After starting screen, it may be necessary to press Enter several times to see a command prompt.

To close the serial connection, press Ctrl + a and immediately afterwards \.

In Microsoft Windows, PuTTY can be used. After starting it, the options as shown in Fig. 5.1 and the appropriate serial port must be selected.

_images/putty_serial.png

Fig. 5.40 Setting up the serial port in PuTTY

5.4.3 Starting the Appliance

Once the appliance is fully wired, a connection to the appliance using the console cable is achieved and the terminal application (PuTTY, screen or similar) is set up, the appliance can be started.

The appliance will boot and after a short time – depending on the exact model – the first messages will be displayed in the terminal application.

5.4.4 Performing a General System Setup

All appliances share the same way of basic configuration and readiness check.

However, since the Greenbone Enterprise 35 is a dedicated sensor, the master key has to be exchanged with the sensor.

When the appliance is delivered by Greenbone Networks or after a factory reset, the GOS administration menu shows the first setup wizard after logging in to assist with the basic GOS configuration (see Fig. 5.41).

_images/first_setup_wizard_1.png

Fig. 5.41 Using the first setup wizard

By selecting Yes and pressing Enter the first setup wizard is opened.

Note

By selecting No and pressing Enter the wizard can be closed. Incomplete steps are displayed when logging in again.

By selecting Cancel and pressing Enter the wizard can be closed as well. However, in this case, incomplete steps are not displayed again.

The first setup wizard is dynamic and shows only those steps necessary to operate the used appliance model. In the following, all possible steps are mentioned but they may not appear in every case.

In case of a factory reset, all steps have to be carried out (see 20.8).

Every step can be skipped by selecting Skip or No and pressing Enter. Skipped steps are displayed when logging in again.

1. Configuring the Network

The network must be set up for the appliance to be fully functional. If there is no IP address configured, it is asked whether the network settings should be adjusted (see Fig. 5.42).

_images/first_setup_wizard_10.png

Fig. 5.42 Configuring the network settings

  1. Select Yes and press Enter.

  2. Select Interfaces and press Enter.

  3. Select the desired interface and press Enter.

    → The interface can be configured (see Fig. 5.43).

    _images/first_setup_wizard_12.png

    Fig. 5.43 Configuring the network interface

  4. If DHCP should be used, select DHCP (for IPv4 or IPv6) and press Enter.

  5. Select Save and press Enter.

  6. Select Back and press Enter.

  7. Select Back and press Enter.

  8. Select Ready and press Enter.

    or

  1. If a static IP address should be used, select Static IP (for IPv4 or IPv6) and press Enter.

  2. Enter the IP address including the prefix length in the input box (see Fig. 5.44).

    _images/first_setup_wizard_13.png

    Fig. 5.44 Entering a static IP address

  3. Press Enter.

    → A message informs that the changes have to be saved.

  4. Press Enter to close the message.

  5. Select Save and press Enter.

  6. Select Back and press Enter.

  7. Select Back and press Enter.

  8. Select Ready and press Enter.

2. Importing or Generating an HTTPS Certificate

An HTTPS certificate must present on the appliance to use the web interface securely. The certificate can be imported or generated as follows:

  1. Select Import and press Enter (see Fig. 5.45).

    → A message informs that a PKCS#12 file can be imported.

    _images/first_setup_wizard_2.png

    Fig. 5.45 Importing or generating an HTTPS certificate

  2. Select Continue and press Enter.

  3. Open the web browser and enter the displayed URL.

  4. Click Browse…, select the PKCS#12 file and click Upload.

    → When the certificate is retrieved by the appliance, the GOS administration menu displays the fingerprint of the certificate for verification.

  5. Check the fingerprint and confirm the certificate by pressing Enter.

    or

  1. Select Generate and press Enter.

    → A message informs that parameters have to be entered to generate the certificate.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate (see Fig. 5.46).

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

    _images/first_setup_wizard_3.png

    Fig. 5.46 Entering information for the certificate

  4. Select OK and press Enter.

    → A message informs that the certificate is created and can be downloaded (see Fig. 5.47).

    Note

    The download is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.1, steps 1 – 4 and 9 – 13.

    _images/first_setup_wizard_8.png

    Fig. 5.47 Completing the HTTPS certificate

    or

  1. Select CSR and press Enter.

    → A message informs that a key pair and a certificate request are created.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate.

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

  4. Select OK and press Enter.

  5. Open the web browser and enter the displayed URL.

  6. Download the PEM file.

    → The GOS administration menu displays a message to verify that the CSR has not been tampered with.

  7. Verify the information by pressing Enter.

    Note

    When the certificate is signed, it has to be uploaded to the appliance. The upload is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.2, steps 1 – 4 and 11 – 14.

3. Entering or Uploading a Greenbone Enterprise Feed Subscription Key

If no valid subscription key is stored on the appliance, the appliance only uses the public Greenbone Community Feed and not the Greenbone Enterprise Feed. A subscription key can be entered or uploaded as follows:

  1. Select Editor and press Enter (see Fig. 5.48).

    → The editor is opened.

    _images/first_setup_wizard_9.png

    Fig. 5.48 Entering or uploading a subscription key

  2. Enter the subscription key.

  3. Press Ctrl + X.

  4. Press Y to save the changes.

  5. Press Enter.

    or

  1. Select HTTP Upload and press Enter.
  2. Open the web browser and enter the displayed URL.
  3. Click Browse…, select the subscription key and click Upload.

4. Downloading the Feed

If no feed is present on the appliance, the feed can be downloaded as follows:

  1. Select Yes and press Enter (see Fig. 5.49).

    _images/first_setup_wizard_4.png

    Fig. 5.49 Downloading the feed

    → A message informs that the feed update was started in the background (see Fig. 5.50).

    _images/first_setup_wizard_5.png

    Fig. 5.50 Downloading the feed

  2. Press Enter to close the message.

5. Finishing the First Setup Wizard

Note

After the last step, a status check is performed.

  1. When the check is finished, press Enter.

    → The results of the check are displayed (see Fig. 5.51).

    _images/first_setup_wizard_6.png

    Fig. 5.51 Result of the status check

  1. Press Enter.

    → The GOS administration menu can be used as described in Chapter 7.

    If there are any unfinished or skipped steps, the first setup wizard is shown when logging in again.

6. Exchanging the Master Key with the Sensor

Continue with Chapter 16 to exchange the keys with the master.

Note

The Greenbone Enterprise 35 does not offer any web interface. The sensor is solely managed by the master. Logging into the sensor is possible by using the console and SSH from the master.

If the communication between master and sensor fails, the rule set of any internal firewall governing the network connection may be adjusted.

5.5 Greenbone Enterprise CENO/DECA/TERA/PETA/EXA

This setup guide shows the steps required to put a Greenbone Enterprise CENO/DECA/TERA/PETA/EXA into operation.

5.5.1 Setup Requirements

This section lists the requirements for successfully deploying a Greenbone Enterprise CENO, Greenbone Enterprise DECA, Greenbone Enterprise TERA, Greenbone Enterprise PETA or Greenbone Enterprise EXA. All requirements have to be met.

5.5.1.1 Resources

The virtual appliances require at least the following resources:

Greenbone Enterprise CENO

  • 2 virtual CPUs
  • 8 GB RAM
  • 135 GB virtual hard disk

Greenbone Enterprise DECA

  • 4 virtual CPUs
  • 8 GB RAM
  • 220 GB virtual hard disk

Greenbone Enterprise TERA

  • 6 virtual CPUs
  • 8 GB RAM
  • 220 GB virtual hard disk

Greenbone Enterprise PETA

  • 8 virtual CPUs
  • 16 GB RAM
  • 220 GB virtual hard disk

Greenbone Enterprise EXA

  • 12 virtual CPUs
  • 24 GB RAM
  • 225 GB virtual hard disk

5.5.1.2 Supported Hypervisor

The following hypervisors are officially supported for running a Greenbone Enterprise DECA/TERA/PETA/EXA:

  • Microsoft Hyper-V, version 5.0 or higher
  • VMware vSphere Hypervisor (ESXi), version 6.0 or higher
  • Huawei FusionCompute, version 8.0

The following hypervisors are officially supported for running a Greenbone Enterprise CENO:

  • Microsoft Hyper-V, version 5.0 or higher
  • VMware vSphere Hypervisor (ESXi), version 6.0 or higher

For Microsoft Hyper-V, each Greenbone Enterprise CENO/DECA/TERA/PETA/EXA is delivered as a generation 2 virtual machine.

The required booting mode is the EFI/UEFI boot mode.

5.5.1.3 Verification of Integrity

Note

The integrity of the virtual appliance can be verified. On request, the Greenbone Enterprise Support provides an integrity checksum.

To request the checksum, contact the Greenbone Enterprise Support via e-mail (support@greenbone.net) including the subscription number.

The integrity checksum can be provided via phone or via support portal. Specify the preferred channel in the e-mail.

The local verification of the checksum depends on the host operating system.

On Linux systems, the following command for calculating the checksum for the Greenbone Enterprise CENO/DECA/TERA/PETA/EXA can be used:

sha256sum <file>

Note

Replace <file> with the name of the appliance’s OVA file.

On Microsoft Windows systems, the following command for calculating the checksum for the Greenbone Enterprise CENO/DECA/TERA/PETA/EXA can be used in the Windows PowerShell:

Get-Filehash 'C:\<path>\<file>' -Algorithm SHA256

Note

Replace <path> and <file> with the path and the name of the appliance’s OVA file.

If the checksum does not match the checksum provided by the Greenbone Enterprise Support, the virtual appliance has been modified and should not be used.

5.5.2 Deploying the Appliance

The virtual appliance is provided by Greenbone Networks in the Open Virtualization Appliance (OVA) format.

Each Greenbone Enterprise CENO/DECA/TERA/PETA/EXA is activated using a unique subscription key.

Note

Cloning the Greenbone Enterprise CENO/DECA/TERA/PETA/EXA and using several instances in parallel is not permitted and can result in inconsistencies and unwanted side effects.

To deploy a Greenbone Enterprise CENO/DECA/TERA/PETA/EXA, it has to be imported into the hypervisor of choice as follows:

Note

The example features VMware ESXi, but is also applicable for VMware vCenter.

The figures show the installation of a Greenbone Enterprise TERA. The installation of a Greenbone Enterprise CENO/DECA/PETA/EXA is carried out equivalently. File names used in the example differ based on the appliance model and the subscription key.

  1. Open the web interface of the VMware ESXi instance and log in.

  2. Click Virtual Machines in the Navigator column on the left.

  3. Click create_register_vm Create / Register VM.

  4. Select Deploy a virtual machine from an OVF or OVA file and click Next (see Fig. 5.52).

    _images/vmware_2.png

    Fig. 5.52 Selecting the creation type

  5. Enter a name for the virtual machine in the input box.

  6. Click Click to select files or drag/drop, select the OVA file of the appliance and click Next.

  7. Select the storage location in which to store the virtual machine files and click Next.

  1. Adjust the deployment options as required and click Next.

    Note

    The default deployment settings may be used.

  2. Check the configuration of the virtual machine (see Fig. 5.53).

    Tip

    Settings can be changed by clicking Back and adjusting them in the respective dialog.

    _images/setup_vmware_readycomplete.png

    Fig. 5.53 Checking the configuration of the virtual machine

  3. Click Finish.

    → The appliance is being imported. This can take up to 10 minutes.

    Important

    Do not refresh the browser while the virtual machine is being deployed.

  4. When the appliance is imported, click Virtual Machines in the Navigator column on the left.

  5. Select the appliance in the list and click vm_poweron Power on (see Fig. 5.54).

    _images/vmware_3.png

    Fig. 5.54 Imported virtual machine

5.5.3 Performing a General System Setup

All appliances share the same way of basic configuration and readiness check.

When the appliance is delivered by Greenbone Networks or after a factory reset, the GOS administration menu shows the first setup wizard after logging in to assist with the basic GOS configuration (see Fig. 5.55).

_images/first_setup_wizard_1.png

Fig. 5.55 Using the first setup wizard

By selecting Yes and pressing Enter the first setup wizard is opened.

Note

By selecting No and pressing Enter the wizard can be closed. Incomplete steps are displayed when logging in again.

By selecting Cancel and pressing Enter the wizard can be closed as well. However, in this case, incomplete steps are not displayed again.

The first setup wizard is dynamic and shows only those steps necessary to operate the used appliance model. In the following, all possible steps are mentioned but they may not appear in every case.

In case of a factory reset, all steps have to be carried out (see 20.8).

Every step can be skipped by selecting Skip or No and pressing Enter. Skipped steps are displayed when logging in again.

1. Importing or Generating an HTTPS Certificate

An HTTPS certificate must be present on the appliance to use the web interface securely. The certificate can be imported or generated as follows:

  1. Select Import and press Enter (see Fig. 5.56).

    → A message informs that a PKCS#12 file can be imported.

    _images/first_setup_wizard_2.png

    Fig. 5.56 Importing or generating an HTTPS certificate

  2. Select Continue and press Enter.

  3. Open the web browser and enter the displayed URL.

  4. Click Browse…, select the PKCS#12 file and click Upload.

    → When the certificate is retrieved by the appliance, the GOS administration menu displays the fingerprint of the certificate for verification.

  5. Check the fingerprint and confirm the certificate by pressing Enter.

    or

  1. Select Generate and press Enter.

    → A message informs that parameters have to be entered to generate the certificate.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate (see Fig. 5.57).

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

    _images/first_setup_wizard_3.png

    Fig. 5.57 Entering information for the certificate

  4. Select OK and press Enter.

    → A message informs that the certificate is created and can be downloaded (see Fig. 5.58).

    Note

    The download is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.1, steps 1 – 4 and 9 – 13.

    _images/first_setup_wizard_8.png

    Fig. 5.58 Completing the HTTPS certificate

    or

  1. Select CSR and press Enter.

    → A message informs that a key pair and a certificate request are created.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate.

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

  4. Select OK and press Enter.

  5. Open the web browser and enter the displayed URL.

  6. Download the PEM file.

    → The GOS administration menu displays a message to verify that the CSR has not been tampered with.

  7. Verify the information by pressing Enter.

    Note

    When the certificate is signed, it has to be uploaded to the appliance. The upload is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.2, steps 1 – 4 and 11 – 14.

2. Creating a Web Administrator

If there is no web administrator, it is asked whether such an account should be created (see Fig. 5.59).

_images/first_setup_wizard_7.png

Fig. 5.59 Creating a web administrator

Note

A web administrator is required to use the web interface of the appliance.

The first web administrator (web user) that is created is automatically the Feed Import Owner (see Chapter 7.2.1.9).

  1. Select Yes and press Enter.

  2. Enter the user name for the web administrator.

  3. Enter the password for the web administrator twice.

  4. Select OK and press Enter.

    → A message informs that the web administrator has been created.

  5. Press Enter to close the message.

3. Entering or Uploading a Greenbone Enterprise Feed Subscription Key

If no valid subscription key is stored on the appliance, the appliance only uses the public Greenbone Community Feed and not the Greenbone Enterprise Feed. A subscription key can be entered or uploaded as follows:

  1. Select Editor and press Enter (see Fig. 5.60).

    _images/first_setup_wizard_9.png

    Fig. 5.60 Entering or uploading a subscription key

    → The editor is opened.

  2. Enter the subscription key.

  3. Press Ctrl + X.

  4. Press Y to save the changes.

  5. Press Enter.

    or

  1. Select HTTP Upload and press Enter.
  2. Open the web browser and enter the displayed URL.
  3. Click Browse…, select the subscription key and click Upload.

4. Downloading the Feed

If no feed is present on the appliance, the feed can be downloaded as follows:

  1. Select Yes and press Enter (see Fig. 5.61).

    _images/first_setup_wizard_4.png

    Fig. 5.61 Downloading the feed

    → A message informs that the feed update was started in the background (see Fig. 5.62).

    _images/first_setup_wizard_5.png

    Fig. 5.62 Downloading the feed

  2. Press Enter to close the message.

5. Finishing the First Setup Wizard

Note

After the last step, a status check is performed.

  1. When the check is finished, press Enter.

    → The results of the check are displayed (see Fig. 5.63).

    _images/first_setup_wizard_6.png

    Fig. 5.63 Result of the status check

  1. Press Enter.

    → The GOS administration menu can be used as described in Chapter 7.

    If there are any unfinished or skipped steps, the first setup wizard is shown when logging in again.

5.5.4 Logging into the Web Interface

The main interface of the appliance is the web interface, also called Greenbone Security Assistant (GSA). The web interface can be accessed as described in Chapter 8.1.

5.6 Greenbone Enterprise 25V

This setup guide shows the steps required to put a Greenbone Enterprise 25V into operation.

5.6.1 Setup Requirements

This section lists the requirements for successfully deploying a Greenbone Enterprise 25V. All requirements have to be met.

5.6.1.1 Resources

The virtual appliance requires at least the following resources:

  • 2 virtual CPUs
  • 6 GB RAM
  • 70 GB virtual hard disk

5.6.1.2 Supported Hypervisor

The following hypervisors are officially supported for running a Greenbone Enterprise 25V:

  • Microsoft Hyper-V, version 5.0 or higher
  • VMware vSphere Hypervisor (ESXi), version 6.0 or higher
  • Huawei FusionCompute, version 8.0

For Microsoft Hyper-V, each Greenbone Enterprise 25V is delivered as a generation 2 virtual machine.

The required booting mode is the EFI/UEFI boot mode.

5.6.1.3 Verification of Integrity

Note

The integrity of the virtual appliance can be verified. On request, the Greenbone Enterprise Support provides an integrity checksum.

To request the checksum, contact the Greenbone Enterprise Support via e-mail (support@greenbone.net) including the subscription number.

The integrity checksum can be provided via phone or via support portal. Specify the preferred channel in the e-mail.

The local verification of the checksum depends on the host operating system.

On Linux systems the following command for calculating the checksum for the Greenbone Enterprise 25V can be used:

sha256sum <file>

Note

Replace <file> with the name of the appliance’s OVA file.

On Microsoft Windows systems, the following command for calculating the checksum for the Greenbone Enterprise 25V can be used in the Windows PowerShell:

Get-Filehash 'C:\<path>\<file>' -Algorithm SHA256

Note

Replace <path> and <file> with the path and the name of the appliance’s OVA file.

If the checksum does not match the checksum provided by the Greenbone Enterprise Support, the virtual appliance has been modified and should not be used.

5.6.2 Deploying the Appliance

The Greenbone Enterprise 25V is provided by Greenbone Networks in the Open Virtualization Appliance (OVA) format.

Each Greenbone Enterprise 25V is activated using a unique subscription key.

Note

Cloning the Greenbone Enterprise 25V and using several instances in parallel is not permitted because and can result in inconsistencies and unwanted side effects.

To deploy the Greenbone Enterprise 25V, it has to be imported into the hypervisor of choice as follows:

Note

The example features VMware ESXi, but is also applicable for VMware vCenter.

The figures show the installation of a Greenbone Enterprise TERA. The installation of a Greenbone Enterprise 25V is carried out equivalently. File names used in the example differ based on the appliance model and the subscription key.

  1. Open the web interface of the VMware ESXi instance and log in.

  2. Click Virtual Machines in the Navigator column on the left.

  3. Click create_register_vm Create / Register VM.

  4. Select Deploy a virtual machine from an OVF or OVA file and click Next (see Fig. 5.64).

    _images/vmware_2.png

    Fig. 5.64 Selecting the creation type

  5. Enter a name for the virtual machine in the input box.

  6. Click Click to select files or drag/drop, select the OVA file of the appliance and click Next.

  7. Select the storage location in which to store the virtual machine files and click Next.

  8. Adjust the deployment options as required and click Next.

    Note

    The default deployment settings may be used.

  9. Check the configuration of the virtual machine (see Fig. 5.65).

    Tip

    Settings can be changed by clicking Back and adjusting them in the respective dialog.

    _images/setup_vmware_readycomplete.png

    Fig. 5.65 Checking the configuration of the virtual machine

  1. Click Finish.

    → The appliance is being imported. This can take up to 10 minutes.

    Important

    Do not refresh the browser while the virtual machine is being deployed.

  2. When the appliance is imported, click Virtual Machines in the Navigator column on the left.

  3. Select the appliance in the list and click vm_poweron Power on (see Fig. 5.66).

    _images/vmware_3.png

    Fig. 5.66 Imported virtual machine

5.6.3 Performing a General System Setup

All appliances share the same way of basic configuration and readiness check.

However, since the Greenbone Enterprise 25V is a dedicated sensor, the master key has to be exchanged with the sensor.

When the appliance is delivered by Greenbone Networks or after a factory reset, the GOS administration menu shows the first setup wizard after logging in to assist with the basic GOS configuration (see Fig. 5.67).

_images/first_setup_wizard_1.png

Fig. 5.67 Using the first setup wizard

By selecting Yes and pressing Enter the first setup wizard is opened.

Note

By selecting No and pressing Enter the wizard can be closed. Incomplete steps are displayed when logging in again.

By selecting Cancel and pressing Enter the wizard can be closed as well. However, in this case, incomplete steps are not displayed again.

The first setup wizard is dynamic and shows only those steps necessary to operate the used appliance model. In the following, all possible steps are mentioned but they may not appear in every case.

In case of a factory reset, all steps have to be carried out (see 20.8).

Every step can be skipped by selecting Skip or No and pressing Enter. Skipped steps are displayed when logging in again.

1. Importing or Generating an HTTPS Certificate

An HTTPS certificate must be present on the appliance to use the web interface securely. The certificate can be imported or generated as follows:

  1. Select Import and press Enter (see Fig. 5.68).

    → A message informs that a PKCS#12 file can be imported.

    _images/first_setup_wizard_2.png

    Fig. 5.68 Importing or generating an HTTPS certificate

  2. Select Continue and press Enter.

  3. Open the web browser and enter the displayed URL.

  4. Click Browse…, select the PKCS#12 file and click Upload.

    → When the certificate is retrieved by the appliance, the GOS administration menu displays the fingerprint of the certificate for verification.

  5. Check the fingerprint and confirm the certificate by pressing Enter.

    or

  1. Select Generate and press Enter.

    → A message informs that parameters have to be entered to generate the certificate.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate (see Fig. 5.69).

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

    _images/first_setup_wizard_3.png

    Fig. 5.69 Entering information for the certificate

  4. Select OK and press Enter.

    → A message informs that the certificate is created and can be downloaded (see Fig. 5.70).

    Note

    The download is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.1, steps 1 – 4 and 9 – 13.

    _images/first_setup_wizard_8.png

    Fig. 5.70 Completing the HTTPS certificate

    or

  1. Select CSR and press Enter.

    → A message informs that a key pair and a certificate request are created.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate.

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

  4. Select OK and press Enter.

  5. Open the web browser and enter the displayed URL.

  6. Download the PEM file.

    → The GOS administration menu displays a message to verify that the CSR has not been tampered with.

  7. Verify the information by pressing Enter.

    Note

    When the certificate is signed, it has to be uploaded to the appliance. The upload is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.2, steps 1 – 4 and 11 – 14.

2. Entering or Uploading a Greenbone Enterprise Feed Subscription Key

If no valid subscription key is stored on the appliance, the appliance only uses the public Greenbone Community Feed and not the Greenbone Enterprise Feed. A subscription key can be entered or uploaded as follows:

  1. Select Editor and press Enter (see Fig. 5.71).

    → The editor is opened.

    _images/first_setup_wizard_9.png

    Fig. 5.71 Entering or uploading a subscription key

  2. Enter the subscription key.

  3. Press Ctrl + X.

  4. Press Y to save the changes.

  5. Press Enter.

    or

  1. Select HTTP Upload and press Enter.
  2. Open the web browser and enter the displayed URL.
  3. Click Browse…, select the subscription key and click Upload.

3. Downloading the Feed

If no feed is present on the appliance, the feed can be downloaded as follows:

  1. Select Yes and press Enter (see Fig. 5.72).

    _images/first_setup_wizard_4.png

    Fig. 5.72 Downloading the feed

    → A message informs that the feed update was started in the background (see Fig. 5.73).

    _images/first_setup_wizard_5.png

    Fig. 5.73 Downloading the feed

  2. Press Enter to close the message.

4. Finishing the First Setup Wizard

Note

After the last step, a status check is performed.

  1. When the check is finished, press Enter.

    → The results of the check are displayed (see Fig. 5.74).

  2. Press Enter.

    → The GOS administration menu can be used as described in Chapter 7.

    If there are any unfinished or skipped steps, the first setup wizard is shown when logging in again.

_images/first_setup_wizard_6.png

Fig. 5.74 Result of the status check

5. Exchanging the Master Key with the Sensor

Continue with Chapter 16 to exchange the keys with the master.

Note

The Greenbone Enterprise 25V does not offer any web interface. The sensor is solely managed by the master. Logging into the sensor is possible by using the console and SSH from the master.

If the communication between master and sensor fails, the rule set of any internal firewall governing the network connection may be adjusted.

5.7 Greenbone Enterprise ONE

This setup guide shows the steps required to put a Greenbone Enterprise ONE into operation.

5.7.1 Setup Requirements

This section lists the requirements for successfully deploying a Greenbone Enterprise ONE. All requirements have to be met.

5.7.1.1 Resources

The virtual appliance requires at least the following resources:

  • 2 virtual CPUs
  • 6 GB RAM
  • 130 GB virtual hard disk

5.7.1.2 Supported Hypervisor

The following hypervisors are officially supported for running a Greenbone Enterprise ONE:

  • Oracle VirtualBox, version 6.1 or higher
  • VMware Workstation Player, version 16.0 or higher
  • VMware Workstation Pro, version 16.0 or higher

The required booting mode is the EFI/UEFI boot mode.

5.7.1.3 Verification of Integrity

Note

The integrity of the virtual appliance can be verified. On request, the Greenbone Enterprise Support provides an integrity checksum.

To request the checksum, contact the Greenbone Enterprise Support via e-mail (support@greenbone.net) including the subscription number.

The integrity checksum can be provided via phone or via support portal. Specify the preferred channel in the e-mail.

The local verification of the checksum depends on the host operating system.

On Linux systems the following command for calculating the checksum for a Greenbone Enterprise ONE can be used:

sha256sum <file>

Note

Replace <file> with the name of the appliance’s OVA file.

On Microsoft Windows systems, the following command for calculating the checksum for the Greenbone Enterprise ONE can be used in the Windows PowerShell:

Get-Filehash 'C:\<path>\<file>' -Algorithm SHA256

Note

Replace <path> and <file> with the path and the name of the appliance’s OVA file.

If the checksum does not match the checksum provided by the Greenbone Enterprise Support, the virtual appliance has been modified and should not be used.

5.7.2 Deploying the Appliance

The virtual appliance is provided by Greenbone Networks in the Open Virtualization Appliance (OVA) format.

Each Greenbone Enterprise ONE is activated using a unique subscription key.

Note

Cloning the Greenbone Enterprise ONE and using several instances in parallel is not permitted and can result in inconsistencies and unwanted side effects.

To deploy a Greenbone Enterprise ONE, it has to be imported into the hypervisor of choice as follows:

Note

File names used in the example differ based on the subscription key.

  1. Install Oracle VirtualBox for the current operating system.

    Note

    VirtualBox is often included with Linux distributions.

    Should this not be the case and or a version of Microsoft Windows is used, VirtualBox is available at https://www.virtualbox.org/wiki/Downloads.

  2. Start VirtualBox.

  3. Select File > Import Appliance… in the menu bar.

  4. Click import_vbox and select the OVA file of the appliance (see Fig. 5.75).

    _images/vbox_import_ONE.png

    Fig. 5.75 Importing the OVA file of the appliance

  5. Check the configuration of the virtual machine in the window Appliance settings (see Fig. 5.75).

    Values can be changed by double clicking into the input box of the respective value.

    Note

    If possible, select 4096 MB RAM (memory) for optimal configuration of the virtual appliance.

  6. Click Import.

    → The appliance is being imported. This can take up to 10 minutes.

    When the appliance is imported, it is displayed in the left column in VirtualBox.

  7. Select the appliance in the list and click Start.

5.7.3 Performing a General System Setup

All appliances share the same way of basic configuration and readiness check.

When the appliance is delivered by Greenbone Networks or after a factory reset, the GOS administration menu shows the first setup wizard after logging in to assist with the basic GOS configuration (see Fig. 5.76).

_images/first_setup_wizard_1.png

Fig. 5.76 Using the first setup wizard

By selecting Yes and pressing Enter the first setup wizard is opened.

Note

By selecting No and pressing Enter the wizard can be closed. Incomplete steps are displayed when logging in again.

By selecting Cancel and pressing Enter the wizard can be closed as well. However, in this case, incomplete steps are not displayed again.

The first setup wizard is dynamic and shows only those steps necessary to operate the used appliance model. In the following, all possible steps are mentioned but they may not appear in every case.

In case of a factory reset, all steps have to be carried out (see 20.8).

Every step can be skipped by selecting Skip or No and pressing Enter. Skipped steps are displayed when logging in again.

1. Importing or Generating an HTTPS Certificate

An HTTPS certificate must be present on the appliance to use the web interface securely. The certificate can be imported or generated as follows:

  1. Select Import and press Enter (see Fig. 5.77).

    → A message informs that a PKCS#12 file can be imported.

    _images/first_setup_wizard_2.png

    Fig. 5.77 Importing or generating an HTTPS certificate

  2. Select Continue and press Enter.

  3. Open the web browser and enter the displayed URL.

  4. Click Browse…, select the PKCS#12 file and click Upload.

    → When the certificate is retrieved by the appliance, the GOS administration menu displays the fingerprint of the certificate for verification.

  5. Check the fingerprint and confirm the certificate by pressing Enter.

    or

  1. Select Generate and press Enter.

    → A message informs that parameters have to be entered to generate the certificate.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate (see Fig. 5.78).

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

    _images/first_setup_wizard_3.png

    Fig. 5.78 Entering information for the certificate

  4. Select OK and press Enter.

    → A message informs that the certificate is created and can be downloaded (see Fig. 5.79).

    Note

    The download is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.1, steps 1 – 4 and 9 – 13.

    _images/first_setup_wizard_8.png

    Fig. 5.79 Completing the HTTPS certificate

    or

  1. Select CSR and press Enter.

    → A message informs that a key pair and a certificate request are created.

  2. Select Continue and press Enter.

  3. Provide the settings for the certificate.

    Note

    It is valid to generate a certificate without a common name. However, a certificate should not be created without (a) Subject Alternative Name(s).

    If a common name is used, it should be the same as one of the SANs.

  4. Select OK and press Enter.

  5. Open the web browser and enter the displayed URL.

  6. Download the PEM file.

    → The GOS administration menu displays a message to verify that the CSR has not been tampered with.

  7. Verify the information by pressing Enter.

    Note

    When the certificate is signed, it has to be uploaded to the appliance. The upload is not done in the first setup wizard, but in the later GOS administration menu as described in Chapter 7.2.4.1.7.2, steps 1 – 4 and 11 – 14.

2. Creating a Web Administrator

If there is no web administrator, it is asked whether such an account should be created (see Fig. 5.80).

Note

A web administrator is required to use the web interface of the appliance.

The first web administrator (web user) that is created is automatically the Feed Import Owner (see Chapter 7.2.1.9).

_images/first_setup_wizard_7.png

Fig. 5.80 Creating a web administrator

  1. Select Yes and press Enter.

  2. Enter the user name for the web administrator.

  3. Enter the password for the web administrator twice.

  4. Select OK and press Enter.

    → A message informs that the web administrator has been created.

  5. Press Enter to close the message.

3. Entering or Uploading a Greenbone Enterprise Feed Subscription Key

If no valid subscription key is stored on the appliance, the appliance only uses the public Greenbone Community Feed and not the Greenbone Enterprise Feed. A subscription key can be entered or uploaded as follows:

  1. Select Editor and press Enter (see Fig. 5.81).

    → The editor is opened.

    _images/first_setup_wizard_9.png

    Fig. 5.81 Entering or uploading a subscription key

  2. Enter the subscription key.

  3. Press Ctrl + X.

  4. Press Y to save the changes.

  5. Press Enter.

    or

  1. Select HTTP Upload and press Enter.
  2. Open the web browser and enter the displayed URL.
  3. Click Browse…, select the subscription key and click Upload.

4. Downloading the Feed

If no feed is present on the appliance, the feed can be downloaded as follows:

  1. Select Yes and press Enter (see Fig. 5.82).

    _images/first_setup_wizard_4.png

    Fig. 5.82 Downloading the feed

    → A message informs that the feed update was started in the background (see Fig. 5.83).

    _images/first_setup_wizard_5.png

    Fig. 5.83 Downloading the feed

  2. Press Enter to close the message.

5. Finishing the First Setup Wizard

Note

After the last step, a status check is performed.

  1. When the check is finished, press Enter.

    → The results of the check are displayed (see Fig. 5.84).

    _images/first_setup_wizard_6.png

    Fig. 5.84 Result of the status check

  1. Press Enter.

    → The GOS administration menu can be used as described in Chapter 7.

    If there are any unfinished or skipped steps, the first setup wizard is shown when logging in again.

5.7.4 Logging into the Web Interface

The main interface of the appliance is the web interface, also called Greenbone Security Assistant (GSA). The web interface can be accessed as described in Chapter 8.1.