3 Managing OpenSight OS¶
3.1 General Information¶
3.1.2 System-Level Access¶
Full system-level access is granted for the root user only.
The password for the root user cannot be revoked if is lost.
3.1.3 Administrative Access¶
All required administrative tasks in order to ensure operation and maintenance of OpenSight OS are handled via the OpenSight OS CLI. The admin user is granted all required privileges in order to access and operate the CLI.
Since the admin user has no privilege for changing the root password, the password for the root user cannot be revoked if is lost.
3.1.4 Tab Auto-Complete¶
The OpenSight OS CLI provides a handy tab auto-completion for all commands.
Partially typed in commands can be completed by pressing the Tab key.
This simplifies and accelerates the use of the OpenSight OS CLI.
Example:
Type the beginning of a command:
opensight-os-cli upPress
Tab.→ The command is automatically completed as follows:
opensight-os-cli upgradePress
SpaceandTabagain.→ Possible options are displayed:
opensight-os-cli upgrade check (Check if updates are available) show-all (Get installed packages) deploy (Deploy upgrade) show (Get information about specific package)
3.2 Configuring the Network Settings¶
The OpenSight OS virtual machine is configured to be ready for use and to configure the network interface (eth0) via DHCP. If there are no further requirements regarding the network configuration, this chapter is not relevant.
3.2.1 Configuring the Network Interfaces¶
3.2.1.1 Getting Information about the Configured Interfaces¶
Display information of all configured interfaces by running the following command:
opensight-os-cli network show-all-ethernets
→ The output shows all interfaces configured in OpenSight OS with the according values:
Note
Per default, only eth0 is configured via DHCP.
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 495
Content-Type: application/json
Date: Thu, 23 Jan 2025 15:42:15 GMT
Server: nginx
accept-ra: null
addresses: null
dhcp4: true
dhcp6: false
dynamic_addresses:
- 10.0.2.15/24 (dynamic, dhcp)
- fe80::a00:27ff:fe6f:faee/64 (link)
ipv6-mtu: null
mtu: null
nameservers: null
routes: []
system_state_differences: {}
3.2.1.2 Setting up a Static IP Address¶
Configure an interface with a static IP address by running the following command with the according interface, IP address and net mask specified:
opensight-os-cli network add-ethernet-address <INTERFACE> <IP_ADDRESS>/<NET_MASK>
Example:
opensight-os-cli network add-ethernet-address eth0 192.168.0.1/24
→ The output shows the configured IP address:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 224
Content-Type: application/json
Date: Thu, 23 Jan 2025 15:42:15 GMT
Server: nginx
accept-ra: null
addresses:
- 192.168.0.1/24
dhcp4: false
dhcp6: false
dynamic_addresses:
- fe80::a00:27ff:fe6f:faee/64 (link)
ipv6-mtu: null
mtu: null
nameservers: null
routes: []
system_state_differences: {}
3.2.1.3 Configuring the Global Gateway¶
Add a default gateway for an interface with a static IP address by running the following command which adds an according route:
opensight-os-cli network add-ethernet-route eth0 via:<GATEWAY_IP>
Example:
opensight-os-cli network add-ethernet-route eth0 via:192.168.0.123
→ The output shows the interface configuration with the configured route:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 567
Content-Type: application/json
Date: Mon, 28 Apr 2025 13:48:13 GMT
Server: nginx
eth0:
accept-ra: null
addresses: null
dhcp4: true
dhcp4-overrides: {}
dhcp6: false
dhcp6-overrides: {}
dynamic_addresses:
- 192.168.0.1 (dynamic, dhcp)
ipv6-mtu: null
match:
macaddress: 08:00:27:dd:30:5c
mtu: null
nameservers: null
routes:
- from: null
to: default
via: 192.168.0.123
system_state_differences: {}
3.2.1.4 Configuring a Network Route¶
Configure a network route by running the following command:
opensight-os-cli network add-ethernet-route eth0 via:<GATEWAY_IP>,to:<TARGET_IP/PREFIX>
Example:
opensight-os-cli network add-ethernet-route eth0 via:192.168.0.123,to:192.168.100.0/24
→ The output shows the configured route:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 591
Content-Type: application/json
Date: Wed, 30 Apr 2025 07:07:24 GMT
Server: nginx
accept-ra: null
addresses:
- 192.168.0.1/24
dhcp4: false
dhcp4-overrides: {}
dhcp6: false
dhcp6-overrides: {}
dynamic_addresses:
ipv6-mtu: null
match:
macaddress: 08:00:27:dd:30:5c
mtu: null
nameservers: null
search: []
routes:
- from: null
to: 192.168.100.0/24
via: 192.168.0.123
system_state_differences: {}
3.2.1.5 Configuring a Network Interface to Use DHCP¶
Configure an interface with DHCP by running the following command with the according interface specified:
opensight-os-cli network update-ethernet <INTERFACE> dhcp4:true,dhcp6:false
Example:
opensight-os-cli network update-ethernet eth1 dhcp4:true
→ The output shows the dynamic IP address retrieved via DHCP:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 238
Content-Type: application/json
Date: Thu, 23 Jan 2025 15:42:15 GMT
Server: nginx
accept-ra: null
addresses: null
dhcp4: true
dhcp6: false
dynamic_addresses:
- 192.168.56.49/24 (dynamic)
- fe80::a00:27ff:fe60:96f1/64 (link)
ipv6-mtu: null
mtu: null
nameservers: null
routes: []
system_state_differences: {}
3.2.1.6 Configuring the Maximum Transmission Unit (MTU)¶
The MTU can be set by running the following command:
opensight-os-cli network update-ethernet <INTERFACE> mtu:1280, ipv6-mtu:1280
Note
Use mtu for IPv4 and ipv6-mtu for IPv6 respectively.
The MTU can only be an integer between 1280 and 64000, or null in case it should be unset.
Example:
opensight-os-cli network update-ethernet eth0 ipv6-mtu:1280
→ The output shows the updated interface with its updated value for ipv6-mtu:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 354
Content-Type: application/json
Date: Tue, 22 Apr 2025 13:46:53 GMT
Server: nginx
accept-ra: null
addresses: null
dhcp4: true
dhcp4-overrides:
use-mtu: false
dhcp6: false
dhcp6-overrides:
use-mtu: false
dynamic_addresses:
- 192.168.56.49/24 (dynamic)
- fe80::a00:27ff:fe60:96f1/64 (link)
ipv6-mtu: 1280
match:
macaddress: 08:00:27:33:8c:4b
mtu: null
nameservers: null
routes: []
system_state_differences: {}
3.2.1.7 Configuring the Router Advertisement for IPv6¶
The router advertisement can be set using the accept-ra parameter, which can accept different values depending on the desired configuration:
true: this will then respond to Router Advertisementsfalse: this will ignore Router Advertisementsnull: this will host the kernel default setting. This is the default setting.
Note
Setting accept-ra alone is not sufficient to bring up an interface.
For that please refer to dhcp6.
The router advertisement can be set by running the following command:
opensight-os-cli network update-ethernet <INTERFACE> accept-ra:true
Example:
opensight-os-cli network update-ethernet eth1 accept-ra:true
→ The output shows the updated interface with its updated value for accept-ra:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 354
Content-Type: application/json
Date: Tue, 22 Apr 2025 13:46:53 GMT
Server: nginx
accept-ra: true
addresses: null
dhcp4: true
dhcp4-overrides:
use-mtu: false
dhcp6: false
dhcp6-overrides:
use-mtu: false
dynamic_addresses:
- 192.168.56.49/24 (dynamic)
- fe80::a00:27ff:fe60:96f1/64 (link)
ipv6-mtu: 1280
match:
macaddress: 08:00:27:33:8c:4b
mtu: null
nameservers: null
routes: []
system_state_differences: {}
3.2.1.8 Configuring a DNS Server¶
Configure a custom DNS server by running the following command with the server IP address and the interface the DNS is configured on specified:
opensight-os-cli network add-ethernet-nameservers-address <INTERFACE> <SERVER-IP>
Example:
opensight-os-cli network add-ethernet-nameservers-address eth0 192.168.0.124
Note
A valid route/gateway (via DHCP or setting a static IP address) must exist to reach the DNS and the hosts that should be reached.
→ The output shows the configured DNS:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 354
Content-Type: application/json
Date: Tue, 22 Apr 2025 13:46:53 GMT
Server: nginx
accept-ra: null
addresses:
- 192.168.0.1/24
dhcp4: false
dhcp6: false
dynamic_addresses:
- fe80::a00:27ff:fe6f:faee/64 (link)
ipv6-mtu: null
match:
macaddress: 08:00:27:33:8c:4b
mtu: null
nameservers:
addresses:
- 192.168.0.124
search: []
routes:
- from: null
to: default
via: 192.168.0.123
system_state_differences: {}
3.2.1.9 Removing a DNS Server¶
Remove a custom DNS server by running the following command with the server IP address and the interface the DNS is configured on specified:
opensight-os-cli network delete-ethernet-nameservers-address <INTERFACE> <SERVER-IP>
Example:
opensight-os-cli network delete-ethernet-nameservers-address eth0 192.168.0.124
3.2.1.10 Setting the Host Name and the Domain Name¶
Set a new host name by running the following command with the host name specified:
opensight-os-cli network update-hostname hostname:<HOSTNAME>
Example:
opensight-os-cli network update-hostname hostname:myhost123
→ The output shows the configured host name:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 354
Content-Type: application/json
Date: Tue, 22 Apr 2025 13:46:53 GMT
Server: nginx
myhost123
Note
To update the host name displayed in the CLI, it is necessary to log out of OpenSight OS and log in again.
3.3 Configuring the Proxy¶
The OpenSight Proxy module allows the configuration of an internet proxy which will be used to receive OpenSight OS packages as well as accessing OPENVAS application resources (via packages.greenbone.net).
3.3.1 Displaying the Current Proxy Configuration¶
Display the current proxy configuration by running the following command:
opensight-os-cli proxy show-all
3.3.2 Adding a Proxy Configuration¶
Add a proxy configuration by running the following command:
opensight-os-cli proxy set-proxy scheme: <SCHEME>, url: <SCHEME>://<USERNAME>:<PASSWORD>@<PROXY_HOST>:<PROXY_PORT>
Example for an HTTP proxy without authentication:
opensight-os-cli proxy set-proxy scheme: http, url: http://85.214.250.48:3129
→ The output shows the current proxy configuration:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 354
Content-Type: application/json
Date: Tue, 22 Apr 2025 13:46:53 GMT
Server: nginx
scheme: http
url: http://85.214.250.48:3129
3.3.3 Removing a Proxy Configuration¶
Remove a proxy configuration by running the following command:
opensight-os-cli proxy remove-proxy --scheme <SCHEME>
Example:
opensight-os-cli proxy remove-proxy --scheme http
→ The return code No Content within the output indicates the removal of the proxy configuration:
HTTP/1.1 204 No Content
Connection: keep-alive
Content-Type: application/json
Date: Tue, 29 Apr 2025 11:52:15 GMT
Server: nginx
3.4 Configuring SSH¶
SSH is required for setting up OPENVAS products.
3.4.1 Checking the State of the SSH Service¶
By default, SSH is disabled.
To check the status of sshd (SSH daemon) by running the following command:
opensight-os-cli service show sshd
→ The output shows the current state of the SSH service:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 30
Content-Type: application/json
Date: Tue, 22 Apr 2025 13:23:26 GMT
Server: nginx
enabled: false
name: sshd
Tip
Display the status of all available services by running the following command:
opensight-os-cli service show-all
3.4.2 Enabling SSH¶
Enable SSH by running the following command:
opensight-os-cli service update sshd enabled:true
→ The output shows the value true for the state of the SSH service:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 30
Content-Type: application/json
Date: Tue, 22 Apr 2025 13:32:49 GMT
Server: nginx
enabled: true
name: sshd
3.4.3 Disabling SSH¶
Disable SSH by running the following command:
opensight-os-cli service update sshd enabled:false
→ The output shows the value false for the state of the SSH service:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 30
Content-Type: application/json
Date: Tue, 22 Apr 2025 13:32:49 GMT
Server: nginx
enabled: false
name: sshd
3.5 Updating OpenSight OS¶
Note
To keep OpenSight OS up-to-date and secure, available updates should be regularly checked and installed.
OpenSight OS can be updated as follows:
Access OpenSight OS as the admin user via SSH (see Chapter 3.4).
Check for available updates by running the following command:
opensight-os-cli upgrade check
The output shows a list of all installed packages for which an update is available, with their current and available version:
HTTP/1.1 200 OK Connection: keep-alive Content-Length: 2450 Content-Type: application/json Date: Wed, 23 Apr 2025 08:24:56 GMT Server: nginx - available_version: 9.7-1 installed_version: 9.6-4 name: coreutils - available_version: 8.13.0-2 installed_version: 8.12.1-1 name: curl - available_version: 1:28.0.4-2 installed_version: 1:28.0.4-1 name: docker - available_version: 2.35.0-1 installed_version: 2.33.1-1 name: docker-compose ...
Deploy all available updates by running the following command:
opensight-os-cli upgrade deploy
Tip
Display a list of all installed packages by running the following command:
opensight-os-cli upgrade show-all
Display information about a specific package by running the following command:
opensight-os-cli upgrade show <PACKAGE_NAME>
3.6 Performing and Restoring a Backup¶
The OpenSight Backup module is used to store and restore the according OPENVAS product comprising container, OCI images, volumes and configurations.
The OpenSight Backup API grants the admin user all necessary privileges to create, restore and delete backups. Similar to the product artifacts (meaning direct access to the Docker container), the admin user does not have direct access to the backup files themselves for security reasons.
3.6.1 Creating a Backup¶
Create a backup of an deployed product by running the following command:
opensight-os-cli backup create
→ Once the backup has been created, the output displays the creation time and the ID of the generated backup:
HTTP/1.1 201 Created
Connection: keep-alive
Content-Length: 122
Content-Type: application/json
Date: Tue, 29 Apr 2025 13:52:29 GMT
Server: nginx
creation_time: "2025-04-29T13:50:38.278784514Z"
id: 09fb580c8156f680a544fac2e1c52ff8d51baae082dd54ed01d5fa7e6914d5c3
3.6.2 Displaying all Existing Backups¶
Display a list of all existing backups by running the following command:
opensight-os-cli backup show-all
→ The output shows all existing backups (in this example there is only one backup) with their creation time and ID:
HTTP/1.1 201 Created
Connection: keep-alive
Content-Length: 122
Content-Type: application/json
Date: Tue, 29 Apr 2025 13:52:29 GMT
Server: nginx
- creation_time: "2025-04-29T13:50:38.278784514Z"
id: 09fb580c8156f680a544fac2e1c52ff8d51baae082dd54ed01d5fa7e6914d5c3
3.6.3 Restoring a Backup¶
Restore a selected backup by running the following command with the backup ID specified:
opensight-os-cli backup restore <ID>
Example:
opensight-os-cli backup restore 09fb580c8156f680a544fac2e1c52ff8d51baae082dd54ed01d5fa7e6914d5c3
→ The output shows the elapsed time for restoring the backup:
HTTP/1.1 201 Created
Connection: keep-alive
Content-Length: 122
Content-Type: application/json
Date: Tue, 29 Apr 2025 13:52:29 GMT
Server: nginx
seconds_elapsed: 22
3.6.4 Deleting a Backup¶
Delete a specific backup by running the following command with the backup ID specified:
opensight-os-cli backup delete <ID>
Example:
opensight-os-cli backup delete 09fb580c8156f680a544fac2e1c52ff8d51baae082dd54ed01d5fa7e6914d5c3