Scanning in OpenStack

Document created by Pukhraj Singh Employee on Jul 21, 2016Last modified by Pukhraj Singh Employee on Nov 28, 2016
Version 18Show Document
  • View in full screen mode

This document describes briefly how to deploy the Qualys Virtual Scanner Appliance on OpenStack. This scanner, once deployed, will function as a Standard Virtual Scanner. Want to learn more about Qualys? Check out https://www.qualys.com/

 

We'll help you with the steps

- Extract VMDK from OVA

- Upload the Scanner Image

- Launch the Scanner Instance

- How do I know my scanner is ready to use?

 

The following deployment is performed on the OpenStack Mitaka release. (( The scanner image also works with OpenStack latest release -- Newton )).

 

Login into the Qualys Cloud Platform and download the OpenStack Scanner Image. The image will be in the OVA format and you'll need to extract the VMDK from it.

 

Extract VMDK from OVA

 

Linux

# tar -xvf qVSA.i386.-2.2.23-1.OpenStack.ova

This will generate three files:

qVSA.i386-2.2.23-1.OpenStack.ovf

qVSA.i386-2.2.23-1.OpenStack.mf

qVSA.i386-2.2.23-1.OpenStack-disk1.vmdk

Select the VMDK file and upload it using the dashboard or the command line.

 

Windows

You can install 7-zip or any other extracting tool on the machine.

 

 

Using the tool, extract all the files from the ova.

This will generate three files:

qVSA.i386-2.2.23-1.OpenStack.ovf

qVSA.i386-2.2.23-1.OpenStack.mf

qVSA.i386-2.2.23-1.OpenStack-disk1.vmdk

Select the VMDK file and upload it using the dashboard or the command line.

 

Upload the Scanner Image

 

Upload the Scanner image using dashboard

 

Go to Images and click the Create Image button.

1.JPG

Give a name to the image, then add the source, it can either be a link or an image file from the localhost. The format should be VMDK ( Virtual Machine Disk ). Then click Create Image. The image will be saved (will take a minute or two) and you'll see it on the dashboard.

 

Capture17.JPG

 

Upload the Scanner image using command line

Run the following command on the Controller Node:

openstack image create < "IMAGE NAME" > --file < IMAGE_DISTRO_FILE > --disk-format < DISK_FORMAT > --container-format  bare --public

 

Launch the Scanner Instance

Go to instances and then click the Launch Instance button.

 

Launch the Scanner Instance using dashboard

Click the Launch Instance button under Instances. Fill out all the required details.

 

     Enter a Name for your Instance

2.JPG

 

     Select the Scanner Image

3.JPG

 

     Requirements: The set up needs at least 40GB free hard disk space, 5GB RAM and network connectivity to the outside world.

 

     The flavor you choose, must have this much capacity. If you are using the default flavors you can use the medium or large flavor.

4.JPG

 

     Select the network which has connectivity to the outside world

5.JPG

 

     Skip the Network Ports Step ( This setting is not required for launching the Scanner Instance )

 

     Choose the Security group

6.JPG

 

     Skip the Key Pair Step - ( Since you are not allowed to login into the Scanner Instance, you don't need the key )

 

     Next enter the personalization code you obtained from the Qualys Cloud Platform in Customization Script.

7.JPG

 

     Optional: You can also provide Proxy information.

8.JPG

In the Customization Script. script add the information in the following format:

PERSCODE = xxxxxxxxxxxxxx

PROXY_URL = username:password@< IP > : PORT

If the proxy doesn't have username and password use:

PROXY_URL = < IP > : PORT

 

Note: You must provide Proxy information at the time the instance is launched - it can't be provided after launching the instance.

However you can enter the personalization code even after launching the instance.

Skip the Metadata Step - ( For launching the Scanner Instance you don't need to provide any type of metadata )

 

After all the information is added, click the Launch Instance button to create the instance. The instance status will be ACTIVE after it is successfully launched.

 

     The scanner will start downloading the latest packages and you can view the install progress from the console.

9.JPG

 

 

After all the packages are downloaded, the GUI will display the message Welcome to Qualys Virtual Scanner.

 

     It will have the Appliance name and an IP address assigned.

10.JPG

 

Launch the Scanner Instance using command line

>> PERSCODE in the form of userdata can also be provided through the command line. In this case you will not be prompted to enter the code on the console.

How to provide the PERSCODE through command line

Create a file and add the following line in it:

PERSCODE=xxxxxxxxxxxxxx

PROXY_URL= username : password@< IP > PORT ( OPTIONAL )

If the proxy doesn't have username and password use:

PROXY_URL = < IP > : PORT

 

Then run the following commands to launch an instance:

Obtain your net-id

openstack network list

Run the following command to create an instance

openstack server create --flavor < FLAVOR > --image  < SCANNER IMAGE > -nic net-id= < NET_ID >  --security-group < SECURITY_GROUP >  --user-data < FILE > < INSTANCE_NAME >

 

 

>> On the other hand if you don't provide PERSCODE in the form of userdata, you will be prompted to enter it on the GUI console.

Run the following commands on the Controller Node:

Obtain your net-id

openstack network list

To create an Instance

openstack server create --flavor < FLAVOR > --image < IMAGE_NAME > --nic net-id= < PROVIDER_NET_ID > --security-group < SECURITY_GROUP > < INSTANCE_NAME >

 

     The instance status will be ACTIVE, after it is successfully launched.

11.JPG

 

 

     Press enter and type the personalization code.

12.JPG

 

How do I know my scanner is ready to use?

Check your virtual scanner status in Qualys. Go to Scans > Appliances, and find your scanner in the list.

Tip - It can take several minutes for the Qualys user interface to get updated after you add a new appliance. Please refresh your browser periodically to ensure that you are seeing the most up to date details.

13.JPG

Looking for more help?

Check out our Help Center

Attachments

    Outcomes