Nmap - Introduction (Part 1)

Kavish Gour — Wed, 28 Aug 2019 15:21:58 +0000

In this post, I will explain what Nmap is all about, and a basic demonstration. I'm launching my career in Cybersecurity, and i hope this series will benefit InfoSec enthusiasts. Have fun.

Note: If you don't know how to install Nmap, click here.

Introduction

Nmap or Network Mapper is a network scanning tool designed to audit a range of hosts (large networks) or a single host (a computer). Nmap sends TCP, UDP, SCTP, and ICMP packets to the target host and examines the response by comparing the result to its database(always use the latest version), to determine what services are running, which OS versions is installed, types of firewalls, and other cool stuff.

Nmap is a very powerful, mature network scanner that will help you see everything that you need to see on your network. To get you excited, here's an analogy: You're about to go on a road trip, so basically you'll need some sort of map or an app that you would use to plane your route and be aware of what's around you, like road conditions and so forth. Well, think of Nmap like a map for you network.

Nmap Syntax

The syntax is very simple, but the number of options provided are overwhelming. Always run nmap as a privileged user or root (on windows: open command prompt as administrator).

The syntax: nmap [Scan Type(s)] [Options] {target specification}

In this post, i'll only use nmap and a target to keep it simple. The target can be a hostname, an IP, a network range, etc.

Disclaimer: Use Nmap on your own networks. When being used on networks without prior authorization, and your intention was only to perform a scan, you'll look like the malicious type.

Let's get started

Let's run 'nmap localhost':

MacBook-Pro:~ kavish$ nmap localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-28 11:52 +04
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00036s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 993 closed ports
PORT    STATE SERVICE
88/tcp  open  kerberos-sec
110/tcp open  pop3
143/tcp open  imap
445/tcp open  microsoft-ds
548/tcp open  afp
993/tcp open  imaps
995/tcp open  pop3s

Nmap done: 1 IP address (1 host up) scanned in 6.83 seconds

The scan took approximately 6 seconds (depends on how services you got running).

Your output will be different. The main key here, is that Nmap can show you things on your network that you're not aware of. Or maybe you've no clue what services are running on your machine.

From the above output, i can see that kerberos, afp, and microsoft-ds are running. I didn't start those services, and i don't know what has.

Did a quick google search, and found out that those 3 services are responsible for file sharing. I disabled file sharing, and voila:

MacBook-Pro:~ kavish$ nmap localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-28 11:54 +04
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00038s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 995 closed ports
PORT    STATE SERVICE
110/tcp open  pop3
143/tcp open  imap
631/tcp open  ipp
993/tcp open  imaps
995/tcp open  pop3s

Nmap done: 1 IP address (1 host up) scanned in 7.22 seconds

A simple scan like this will not retrieve sufficient information. But it's enough to get your feet wet, and become familiar with Nmap.

Stay tuned for part 2 where I explain how to run more advanced commands and, how to manipulate your results with Python-Nmap.

How to install and configure Nagios Core on CentOS 7 (without compiling)

Kavish Gour — Sun, 11 Aug 2019 14:50:49 +0000

Nagios Core is an open source tool for IT insfrastructure monitoring. Nagios relies on plugins to monitor everything - databases, operating systems, applications, network equipment, protocols, and more!

Installation

Update your repo and install nagios:

yum update -y ; yum install nagios -y

Nagios depends on the Apache web server for its web interface. The previous commands will install apache. Start and enable the service:

systemctl enable httpd.service
systemctl start httpd.service

Now, lets open port 80:

firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --zone=public --add-port=80/tcp --permanent

Install the plugins and nrpe:

yum install nagios-plugins nrpe nagios-plugins-nrpe
systemctl start nrpe
systemctl enable nrpe

Note: NRPE, allows you to remotely execute Nagios plugins on other Linux/Unix machines and receive the output through nagios.

We also need some basic plugins, that nagios needs by default:

for i in users uptime ssh ping procs load http swap disk; do yum install nagios-plugins-$i -y; done

Start and enable nrpe:

systemctl start nrpe
systemctl enable nrpe

The check_http plugin won't work unless we create an 'index.html' in /var/www/html. Lets'create one:

echo "<h1> Apache is UP and RUNNING. </h1>" > /var/www/html/index.html

Click here for more details about the plugins.

Now, for apache to allow access to the web interface, we've to give the 'nagiosadmin' user a password. The user is created by default. You can change it if you want. To achieve this, let's run 'htpasswd' and input your password:

htpasswd  /etc/nagios/passwd nagiosadmin

All is set. Let's start and enable the nagios service:

systemctl start nagios.service
systemctl enable nagios.service

Go to 'http://localhost/nagios' or 'http://{ip-address}/nagios', enter your credentials, and that's it.

Note: In the services tab, several plugins will print status critical. Give nagios a minute or two to read its configuration and use its required plugins.

You can also use the 'nagiostats' utility on the command line:

[root@centos \~]# nagiostats | grep '^Services Ok'
Services Ok/Warn/Unk/Crit:              8 / 0 / 0 / 0

Just for fun: I wrote a python script to automate the installation.