Appliance GuideVersion 1.0

Contents 1

Contents

Contents 1

Revision history 2

Getting Started 3

Getting to Know the R7-3000/5000/5000x 5

Getting to Know the R7-1000 6

Setting Up the Appliance 7

Logging in to the Appliance 8

Configuring Network Settings 9

Identifying the Nexpose Appliance Type 11

Adding a Scan Engine (NSE Only) 12

Logging in to theWeb Interface (NSC Only) 15

Identifying the operating system 16

Identifying the appliancemodel and serial number 17

CommonOperations andMaintenance Tasks 18

ApplianceModels 21

Revision history 2

Revision history

Date Revision

August 25, 2016 First version of guide published.

Getting Started 3

Getting Started

The Nexpose Appliance is a preconfigured server that enables you to assess vulnerabilities in your internalnetwork devices and websites, manage vulnerability data, andmitigate threat exposures. You can deployas many appliances as you need to build a scalable and robust vulnerability management solution on site.

Read on to learn how to set up the R7-1000/3000/5000/5000x.

Before you begin

Before you can set up the appliance, you'll need to have the following items available:

l Rack cabinet enclosure (if you plan to rack mount the appliance)

l Phillips screwdriver (if you plan to rack mount the appliance)

l RJ-45 Ethernet cable

l Monitor

l Keyboard

l Mouse

When you are ready to set up the appliance, you'll need to:

l Verify that the box contains the appliance and power cords. If any items aremissing or damaged,please contact our support team.

l Remove the appliance and power cords from the box.

l Install the Nexpose Appliance into a server rack. Use the following guides to show you how to installthe server into a rack:

l R7-3000/R7-5000(x) -DL380Gen9 Server User Guide

l R7-1000 -DL120Gen9 Server User Guide

l Make sure that the Nexpose Security Console is online and its Web interface is accessible if you aresetting up a Nexpose Scan Engine.

Set up overview

The general set up instructions for the Nexpose Security Console and the Nexpose Scan Engine are verysimilar. However, if you have purchased a Scan Engine, there are additional steps that you will need to

Getting Started 4

perform to connect it to the Nexpose Security Console.

Generally, the set up steps for the Nexpose Security Console and Nexpose Scan Engine appliancesinclude:

1. Installing the appliance into a server rack.

2. Connecting the peripherals to the appliance.

3. Connecting the appliance to the network.

4. Powering on the appliance.

5. Logging into the appliance.

6. Configuring the network settings for the appliance.

If you have purchased a Nexpose Scan Engine, you'll also need to:

1. Verify that the Nexpose Security Console is online and its web interface is accessible.

2. Add the Nexpose Scan Engine through the Security Console web interface.

3. Pair the Security Console with the Scan Engine.

4. Verify that the Scan Engine has successfully paired with the Security Console.

Getting to Know the R7-3000/5000/5000x 5

Getting to Know the R7-3000/5000/5000x

Now that you've unpacked everything, you're ready to set up the appliance. If you are setting up the R7-3000/5000/5000x, you'll need to be able to identify the RJ-45 port, power supply, VGA port, and USB portsto set up the appliance. Let's take a look at the rear view:

Item Name

1 PCI Express slots 1 (top), 2 (center), and 3 (bottom)

2Extra PCI Express slots 4 (top), 5 (center), and 6 (bottom); requires second riser card andsecond processor

3 Serial port

4 Power supply 1

5 Power supply 2

6 VGA connector

7 1GbE RJ-45 port 4

8 1GbE RJ-45 port 3

9 1GbE RJ-45 port 2

10 1GbE RJ-45 port 1

11 iLO connector

12 USB 3.0 connector 1

13 USB 3.0 connector 2

14 FlexibleLOM ports

Getting to Know the R7-1000 6

Getting to Know the R7-1000

If you are setting up the R7-1000, you'll need to be able to identify the power supply, RJ-45 ports, VGAport, and USB ports to set up the appliance. Let's take a look at the rear view:

Item Name

1 PCI Express slot 3

2 PCI Express slot 2

3 PCI Express slot 1

4 Non-hot-plug power supply

5 Power supply power connection

6 1GbE RJ-45 port 1 and 2

7 VGA connector

8 USB 3.0 connectors

Setting Up the Appliance 7

Setting Up the Appliance

You're now ready to set up the appliance.

Step 1: Connect the appliance to the network

The Nexpose Appliance connects like any other computer to a switch on your network. To set up thenetwork connection, connect one end of an Ethernet cable to the Ethernet LAN port labeled ETH0 or 1 onthe appliance. Connect the other end of the Ethernet cable to a network jack.

Step 2: Connect the appliance to peripherals

The next thing you need to do is connect the appliance to amonitor, keyboard, andmouse. To attach theperipherals, connect themonitor to the VGA port and connect the keyboard andmouse to the USB portson the back of the appliance.

Step 3: Connect the appliance to a power supply

The appliance is now ready to be powered on. Plug one end of the power cord into a power strip and theother end into the AC power plug on the appliance. Press the Power button located on the front of theappliance to turn it on and start the boot up process.

The first time you boot-up the appliance, it attempts to use DHCP to configure network settings for NIC 1(ETH0). The process may take up to fiveminutes. If DHCP IPs are not available, you will need toconfigure a static IP.

After the boot-up process completes, you can log into the system to configure your network settings.

Logging in to the Appliance 8

Logging in to the Appliance

When your appliance boots up, it will present you with a login prompt. To log in to the appliance, you willneed to provide the default credentials:

Username: administratorPassword: rapid7

Youwill be prompted to re-enter the password and enter a new password to continue.

! A dictionary word cannot be used for your new OS or SSH password.

After logging in, you will be able configure your network settings. If you need static IP addressing, pleaseread the next section. If your environment requires DHCP, you are can skip to section on identifying theNexpose Appliance type.

Configuring Network Settings 9

Configuring Network Settings

The first time you switch on the appliance, Nexpose attempts to use DHCP to configure network settingsfor NIC 1 (ETH0). If Nexpose is unable to configure the appliance settings, you'll need tomanuallyconfigure the network settings.

Setting up a static IP for the appliance

To add a static IP address for your appliance, you will need to edit the /etc/network/interfaces file.

In a terminal, type the following:

$ nano /etc/network/interfaces

Edit the following values:

auto eth0iface eth0 inet staticaddress 192.168.0.2netmask 255.255.255.0network 192.168.0.0 (Optional)broadcast 192.168.0.127gateway 192.168.0.1

To save the file, use the key combination of Ctrl+N and follow the prompts.

When you are done, you will need to run the following command to restart the networking service:

$ ifdown eth0 && ifup eth0

To verify changes to the configuration, run the following command:

$ ifconfig eth0

Adding DNS server information

After you've configured the static IP address for the appliance, you'll need to update the DNS informationin the resolv.conf file.

Configuring Network Settings 10

Run the following to edit the file:

$ nano /etc/resolv.conf

The entries should be similar to the example below:

nameserver <PRIMARY DNS IP ADDRESS (can be multiple *add more lines)>search <LOCAL DNS SEARCH PATHS (can be multiple * separated by spaces)>

When you are done, you will need to run the following command to restart the networking service:

$ ifdown eth0 && ifup eth0

To verify changes to the configuration, run the following command:

$ ifconfig eth0

Identifying the Nexpose Appliance Type 11

Identifying the Nexpose Appliance Type

As previously mentioned, the Nexpose Appliance is a scalable solution, whichmeans that you can deploymultiple instances of it. Each appliance can either act as a Nexpose Scan Engine (NSE) or NexposeSecurity Console (NSC).

TheNexpose Scan Engine discovers assets during scans and checks them for vulnerabilities or policycompliance. TheNexpose Security Console is an engine that has a web interface and reportingcapabilities. You can think of the Security Console as an engine that controls multiple engines andintegrates their data into the database for display and reporting.

Identifying the appliance type

To determine whether your appliance is a Nexpose Security Console or a Nexpose Scan Engine, you'llneed to check for the nsc folder in opt/rapid7/nexpose. If it exists, the appliance is a SecurityConsole. If it does not have an nsc folder, it is a Scan Engine.

To see if the opt/rapid7/nexpose/nsc path exists, run the following command:

$ ls -al /opt/rapid7/nexpose/nsc

If the contents of the nsc folder are listed, the appliance is a Security Console; otherwise, it is a ScanEngine.

Adding a Scan Engine (NSE Only) 12

Adding a Scan Engine (NSE Only)

If you are setting up a Nexpose Scan Engine, the last thing you need to do is add it to the Security Consoleand pair them together.

If you are setting up a Nexpose Security Console, you can skip to the next section on logging into theWebinterface.

Adding a Scan Engine to the Security Console

1. Start aWeb browser and log in to the Security ConsoleWeb interface.

2. Go to the Administration page.

3. Find the "ScanOptions" section and select the Create option for Engines.

Adding a Scan Engine (NSE Only) 13

4. Enter the address and port number the Scan Engine will use to listen for communication from theSecurity Console.

5. Save the new Scan Engine. After you add the engine, the Security Console creates theconsoles.xml file. You will need to edit this file in the pairing process.

Pairing the Scan Engine with the Security Console

1. Open the consoles.xml file using a text editing program, like nano. Consoles.xml is located in the[installation_directory]/nse/conf directory on the Scan Engine.

2. Locate the line for the console that you want to pair with the engine. The console will bemarked by aunique identification number and an IP address.

3. Change the value for the Enabled attribute from 0 to 1.

Adding a Scan Engine (NSE Only) 14

4. Save and close the file.

5. Restart the Scan Engine, so that the configuration change can take effect.

After you add and pair your Scan Engine, it is ready to be used.

Logging in to the Web Interface (NSC Only) 15

Logging in to the Web Interface (NSC Only)

The Nexpose Security Console comes with aWeb interface that you can use tomanage your vulnerabilityscans, scan results, and other scan engines. You perform all tasks with Nexpose through the SecurityConsoleWeb interface.

To access the Security Console, start aWeb browser and navigate to the IP address of the appliance andspecify the port. The default port number is 3780. You'll need tomake sure you specify HTTPS when youare entering the URL. An example of an address for the Security console would behttps://192.168.1.1:3780.

When the browser displays the login page for the Nexpose Security Console, you'll need to enter yourcredentials. The first time you are log in to the Security Console, you'll need to use the default credentials:

Username: nxadminPassword: nxpassword

After you log in successfully, you will be ready to start using Nexpose.

Can't access the Web interface?

Make sure to specify an HTTPS connection and the correct port number when entering the IP address ofyour Appliance. If you have properly entered the address and still cannot connect, it’s possible that afirewall may be blocking you from reaching Nexpose. Check your firewall settings.

Identifying the operating system 16

Identifying the operating system

To identify the operating system running on the appliance, you can run the following command:

$ lsb_release -a

The results display the operating system

No LSB modules are available.Distributor ID: UbuntuDescription: Ubuntu 14.04.3 LTSRelease: 14.04Codename: trusty

Identifying the appliance model and serial number 17

Identifying the appliance model and serial number

To identify the appliancemodel and serial number, you can run the following command:

$ cat /etc/r7appliance/info

Running the command returns the following information:

MODEL=R7-1000CHASSIS_SN=2M25240848IMAGE_SN=7a37dfa299d043bdf419580d05496a23IMAGE_REVISION=r06ORIGINAL_KERNEL=3.13.0-74-genericINSTALLATION_TIMESTAMP='Thu Feb 4 22:51:30 UTC 2016'

Themodel number in this example is 'R7-1000' and the chassis serial number is '2M25240848 '.

Common Operations and Maintenance Tasks 18

Common Operations and Maintenance Tasks

The following sections provide you with information on how to perform some common operations andmaintenance tasks, such as configuring the NTP service, backing up your data, and recovering a forgottenpassword.

Configuring the NTP service

You can use the Network Time Protocol (NTP) to synchronize time between computer systems over thenetwork.

Type the following to configure the appliance to use your time server:

$ sudo nano /etc/openntpd/ntpd.conf

Running the command returns the following information:

servers 0.debian.pool.ntp.orgservers 1.debian.pool.ntp.orgservers 2.debian.pool.ntp.orgservers 3.debian.pool.ntp.org

Add your server's fully qualified domain name to the end of the file and save it.

After configuration file is updated, run the following command to restart the NTP services:

$ sudo service openntpd restart

To verify that NTP service is synchronizing to the remote NTP servers, run the following command:

$ sudo openntpd -d

An example of output demonstrating successful synchronization is shown below:

ntp_adjtime returns frequency of 0.000000ppmntp engine readyreply from 216.75.56.132: offset -0.004655 delay 0.009308, next query 9sreply from 192.155.81.203: offset -0.008303 delay 0.010795, next query 5sreply from 204.2.134.162: offset 0.003466 delay 0.010629, next query 8sreply from 45.79.78.173: offset -0.002455 delay 0.010835, next query 7sreply from 107.170.242.27: offset -0.000492 delay 0.014363, next query 8s

Common Operations and Maintenance Tasks 19

Configuring rsyslog for remote syslog management

Rsyslog provides support for message logging and forwarding logmessages remotely. Support of bothinternet and unix domain sockets enables this utility to support both local and remote logging.

The rsyslog daemon is responsible for listening to logmessages from different parts of a Linux system androuting themessages to the appropriate log file in the /var/log directory. It can also forward logmessages to another Linux server.

Basically, the rsyslog.conf file tells the rsyslog daemonwhere to save its logmessages. This instructioncomes from a series of two-part lines within the file.

This file can be found at /etc/rsyslog.d/50-default.conf in your appliance.

You will need a copy of rsyslog running on a remotemachine which will be receiving the logs from yourexisting server. This setup allows retrieval of your logs in cases where your appliance crashes or isotherwise inaccessible.

You can findmore information on configuring rsyslog on your server athttp://manpages.ubuntu.com/manpages/trusty/man5/syslog.conf.5.html.

Updating the operating system

You can periodically update the system by running the following commands:

$ sudo apt-get update$ sudo apt-get upgrade

You can also enable automatic security updates by opening the/etc/apt/apt.conf.d/30r7applaptupdate file and changing “APT::Periodic::Enable” to “1”.

Backing up your data

Running regularly scheduled backup and restore routines ensures full recovery of the Security Console inthe event of hardware failure. It is also best practice for archiving all scan data and configurations at anypoint in time.

For details on the backup process refer to the Nexpose Administrator's Guide under thePerforming aBackup section.

Common Operations and Maintenance Tasks 20

Reset the root password

If you have lost or forgotten the password for your appliance, you will need to boot the appliance into singleuser mode to reset it. To learn how to boot the appliance into this mode, please readhttp://askubuntu.com/questions/24006/how-do-i-reset-a-lost-administrative-password .

Appliance Models 21

Appliance Models

R7-5000X series appliance specs

Operating System: Ubuntu 14.04 LTSMemory: 256GBCPU: (2) Intel Xeon E5-2609 v3@ 1.9 GHzStorage: 8 TB on a RAID 10 Array with 16 drives

R7-5000 series appliance specs

Operating System: Ubuntu 14.04 LTSMemory: 128GBCPU: (2) Intel Xeon E5-2609 v3@ 1.9 GHzStorage: 4 TB on a RAID 10 Array with 16 drives

R7-3000 series appliance specs

Operating System: Ubuntu 14.04 LTSMemory: 64 GBCPU: (2) Intel Xeon E5-2609 v3@ 1.9 GHzStorage: 2 TB on a RAID 10 Array with 8 drives

R7-1000 series appliance specs

Operating System: Ubuntu 14.04 LTSMemory: 16 GBCPU: (2) Intel Xeon E5-2603 v3@ 1.6 GHzStorage: 1TB on a RAID 1 Array on 2 drives