Heimdall is a tool to manage all the vulnerabilities that are found in the Linux distributions installed in your servers or desktops. The centralized heimdall server collects all the vulnerabilities data from client machines through heimdall agent. This agent that allows you to perform the correction of the vulnerability in a practical and uncomplicated way. Heimdall is developed by information security specialist Matheus Bernardes.
How Heimdall works
〉 Install and configure the Heimdall web platform on a server where you will manage all other clients.
〉 Install and configure the Heimdall agent on clients.
〉 The client get all packages installed and consult on vulners.com, to find which packages are vulnerable.
〉 The client report the vulnerable packages to heimdall_webserver.
〉 You can now upgrade the packages in the clients using the Heimdall Web Platform.
For this article, we will use the following heimdall server and a client where heimdall agent will be installed.
Server IP: 188.8.131.52
Client IP: 184.108.40.206
Prepare Heimdall Server
The per-requisites for installing heimdall server is Python PIP and git. Therefore before installing heimdall server, let us install python PIP and git.
Install python PIP and git in Ubuntu 16 by executing following commands from the terminal.
# sudo apt-get install python-pip # sudo apt-get install git # pip -V # sudo apt-get install git
In CentOS 7, Install python pip and git using yum.
# yum install epel-release # yum -y install python-pip # pip -V # yum install git
Now clone the heimdall webserver using git and run the installer.
# git clone https://github.com/mthbernardes/heimdall_webserver.git # cd heimdall_webserver # chmod +x install.sh # ./install.sh ............................... ............................... ............................... Installed 5 object(s) from 1 fixture(s) [+] - Alldone - [+] Default username and password ................. .................
Run the server by executing following command in the terminal. You can change the port no of your choice.
# python manage.py runserver 0.0.0.0:1337 Performing system checks... System check identified no issues (0 silenced). July 11, 2017 - 14:59:33 Django version 1.11.2, using settings 'heimdall_webserver.settings' Starting development server at http://0.0.0.0:1337/ Quit the server with CONTROL-C.
If you have enabled firewall, then open the port no 1337 so that the client can communicate with the server. Now point your browser to
http://Server-IP:1337 Login with default username and password as 'heimdalll'
Click 'heimdall' from dashboard to change the default password.
To register a client, provide a name, IP address of client along with port number and the distro name.
Click the view button.
Copy the 'API key' for this client in a notepad that we will use while configuring the agent in client machine. The status column will be 'Offline' since we have not configured the client yet.
Click users, the default user will be listed. To register more users, click the 'Register' button.
Fill up the registration form. Choose the group from any of these three-
admin - Can do everything.
infra - Cannot create users.
security,dev - Can only see information's about the servers.
Prepare Heimdall Client
Now that the Heimdall server is ready to get vulnerability information from the clients, let us configure the agent in the client, the IP for which is 220.127.116.11. The installation is pretty straight forward. Clone the git repository of the agent and run it. Remember to install the python pip and git in the same way as we did in the server.
# git clone https://github.com/mthbernardes/heimdall_agent.git # cd heimdall_agent # pip install -r requeriments.txt
Edit the configuration file of agent. The server parameter is the IP of server along with port number and paste the API key that we have copied while configuring the client section in server. Choose distro and distro version depending on which platform the agent is running.
# vi etc/agent.conf [Config] server = 18.104.22.168:1337 distro = centos distro_version = 7 api = 46650c9f-bb50-438e-b720-562fce84f416 update_command = apt-get --only-upgrade install -y
Finally, run the agent.
# python agent.py wait first vulnerability collect
Find vulnerability of client through heimdall server
Now that both the server and agent are running, view/refresh the client page in the web interface of the server. If there are any vulnerable packages then it will be listed in the Vulnerable packages section. View the details of the vulnerability of the package and update it. Once the package has been updated, view the details by pressing the 'View' button.
The heimdall project is on a beta version, there's a lot of bugs and issues are there. So do not use it in the live environment until final release. There's not https implemented yet, it will come on the next upgrade. The other features that will come in the next release are Package upgrade with schedule, E-mail notifications, Activity Log and Vulnerability chat.