Tag: OpenSUSE

OpenSUSE Mauritius – Powered by cyberstorm.mu

Since the beginning of this year, I was much involved in Linux and opensource activities carried out under the umbrella of cyberstorm.mu and it was pretty fun. After the Hackathon – Operation SAD where members of Cyberstorm Mauritius have fixed SSL bugs in many distros including OpenSUSE, I have decided to reach more potential OpenSUSE enthusiasts in Mauritius, a little island in the Indian Ocean to promote the OpenSUSE project.

The aim of gathering OpenSuse users in Mauritius is to:

  • Reach more people in Mauritius or even outer island to use Linux such as the OpenSUSE distro
  • Code contribution to the OpenSUSE Project
  • Bug reporting and constructive security analysis
  • Advocating OpenSUSE Project and its benefit

Some of the work carried out by cyberstorm.mu these days are:

One of the aims accomplished is code contribution in OpenSUSE which is already in production. There are other members of cyberstorm.mu who dived and fixed security bugs in the world of Ubuntu, Fedora, Debian, Cisco, and even the Linux Kernel. As you may also notice through the media articles have appeared on local press such as Scope, Defimedia, LeMauricien, etc.. cyberstorm.mu as a team strongly feel that we have already emerged in this field to accomplish a good quality job and is looking ahead for a better world by promoting Linux. 



KIWI – Cross-distro images on the cloud with OpenSUSE

Rest assured, Kiwi is neither a bird nor a fruit in the OpenSUSE world! Kiwi is an open source project licensed under the the GPLv2 and it is written in Perl. The project is sponsored by SUSE to build OS image and Appliance. “The KIWI Image System provides a complete operating system image solution for Linux supported hardware platforms as well as for virtualisation systems like KVM (Qemu), Xen, or VMware. KIWI is a command line tool and is the backend of SUSE Studio. The project is sponsored by SUSE. “ – OpenSUSE. OS images are heavily used in cloud environment whether you need  a .vmdk .img .ovf or even a raw file etc.. In brief, Kiwi provides a raw disk images with no additional configuration needed. The idea of the Kiwi project is to maintain efficiency duing the development , building, testing and deployment phases

Screenshot from 2016-04-03 13-48-57

The kiwi tool itself is a command line tool, however, the SUSE Studio web app provides the GUI facility. Let’s now get on some basic commands.

1.To check packages installed on your machine for Kiwi do a zypper se kiwi. These are the packages I got for ‘S’ in means state in the first columns and ‘I’ for installed

Screenshot from 2016-04-03 14-07-56

2. To list all templates available, do a kiwi -l As you can see i have templates for the RHEL and SUSE environments. There are other templates available on the Open build service repository.

Screenshot from 2016-04-03 14-10-48

3. The template locations on an OpenSUSE machine will usually be at /usr/share/kiwi/image where you will find another directory say rhel-06.6-jeOS and some configuration files are found there for the boot process. The file config.xml will gave your an overall idea of which repository, packages etc.. you are going to use with your templates.

4. So, lets create a  suse-13.2 vmx file file with kiwi. The following command is building the image. The parameter -d is the destination and the –type is simply the type of the image. I also created a directory /kiwi Point youself in the directory /usr/share/kiwi and launch

kiwi –build image/suse13.2-JeOS -d /kiwi –type vmx

5. Once the build is finished, you can use the .vmx file to run your machine.

There is also a KIWI cookbook free for you at this link made by Marcus Schäfer which is really interesting. The SUSE Cloud stack will also give you several tools to run and test your images. The OpenSUSE stack environment provides facilities for mixed distros.  The SUSE Studio is a collection of tools designed to improve the efficiency of building managing and maintaining software virtual and cloud applications.

Converting a deb into rpm using alien on openSUSE

The alien command is used by almost all system administrators. You might come across situations where you may need to install a .deb package on an OpenSUSE machine. You will need to convert it to a .rpm prior to doing the installation. The alien command is simply a way to convert or install an alien binary package.

Photo credits: comicvine.com
Photo credits: comicvine.com

Installing Alien on OpenSUSE Leap

A general idea of how to install a .deb package on an OpenSUSE by converting it to a .rpm file can be done with the command alien. If you have freshly install OpenSUSE Leap, you might notice that command zypper install alien gives you the following error.

Screenshot from 2016-03-29 16-37-48

This can be solved easily as there is no repositories available. You can just jump on the Kamikaz Repo of the openSUSE factory. and fire the following commands :

zypper addrepo http://download.opensuse.org/repositories/home:KAMiKAZOW/openSUSE_Leap_42.1/home:KAMiKAZOW.repo
zypper refresh
zypper install alien

You  would have a result similar to this with all the dependencies installed.

Screenshot from 2016-03-29 16-43-42

You can finally launched the zypper install alien which will look similar to this.

Screenshot from 2016-03-29 16-44-24

Let’s now convert a .deb into a .rpm

I will take the example of the nmap tool. I have downloaded the nmap .deb file from the Ubuntu repo. You can choose your own deb file. This is the link to download the nmap from the Ubuntu repo.

wget http://mirrors.kernel.org/ubuntu/pool/main/n/nmap/nmap_7.01-2ubuntu1_amd64.deb

So to convert the file into a .rpm you need to launch the following command

alien --to-rpm <deb file name here>

Of course, on an openSUSE machine you would need the spec file. Here is an idea what kind of error you might came across.

Screenshot from 2016-03-29 16-56-07

Solving the error

The error “rpmbuild not found” clearly give a hint that the package rpmbuild is not found on the machine. Just install in with :

zypper install rpmbuild

Now that the rpmbuild package is installed with all the dependencies you can relaunch the command which in my case is

alien --to-rpm nmap_7.01-2ubuntu1_amd64.deb 

A nice message message where the package.rpm is generated will be prompted. I have just taken the nmap package as a example. It’s generally inadvisable to run alien on a machine having both RPMs and DEBs package because the two systems do not share installed-file database information. You can chose your own .deb file. Have funs with aliens.


Installing and configuring OpenVAS on OpenSUSE Leap

“openSUSE Leap is a brand new way of building openSUSE and is new type of hybrid Linux distribution. Leap uses source from SUSE Linux Enterprise (SLE), which gives Leap a level of stability unmatched by other Linux distributions, and combines that with community developments to give users, developers and sysadmins the best Linux experience available. Contributor and enterprise efforts for Leap bridge a gap between matured packages and newer packages found in openSUSE’s other distribution Tumbleweed.”– OpenSUSE

I would welcome all OpenSUSE fans, system and security administrators and students to try out OpenVAS on an OpenSUSE machine which works pretty fine. OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and mangement solutions.

Photo credits: OpenSUSE & OpenVAS
Photo credits: OpenSUSE & OpenVAS

After you have installed your OpenSUSE Leap on your machine, you will need to open YAST and install the OpenVAS. Let’s installed OpenVAS on the OpenSUSE machine.

1.Open the YAST Control center and under the Software tab click on the software management.

Screenshot from 2016-03-07 10-49-32

2. The YAST2 software management tool will open. Simply type the keyword OpenVAS which will prompt you to install it togather will all the libraries. You will also need to install GreenBone-security-assistant which is a nice tool to use with OpenVAS

Screenshot from 2016-03-07 10-54-12

3. Once, you have installed OpenVAS and Greenbone-security-assistant, now the fun begins. Open a terminal, log in as root user, you will notice that there are several tools which have been installed from the OpenVAS.

Screenshot from 2016-03-07 11-04-06

4. Launch the openvas-setup which will download some bunch of files and libraries.

5. The next step is to create a user which can be done with the command openvas-adduser

6. Create a certificate with openvas-mkcert

7. openvasmd –rebuild which will rebuild openvas with the new configuration

8. Now set address and port number with the command openvasmd -p 9300 -a

9. After that set for administrative purpose local address with the command openvasmd -a -p 9393

10. Setting the http for the GreenBone with the command gsad –http-only –listen= -p 9392

11. You can now navigate on your browser on to access the Greenbone security assistant.

OpenVAS will give you information about the ports summary and information about the possible vulnerabilities that OpenVAS has discovered. Please be aware that many times you will get false positives when there are not any vulnerability or the vulnerability is not accessible to anybody. However, its cool to find out what vulnerability OpenVAS has find on your system for future security enhancements.