Heimdall - A Tool to Manage Vulnerable Packages on Linux & Unix Systems

Tool Manage Vulnerable PackagesHeimdall is a tool to manage all the vulnerabilities that are found in the Linux distributions installed in your servers or desktops. The centralized heimdall server collects all the vulnerabilities data from client machines through heimdall agent. This agent that allows you to perform the correction of the vulnerability in a practical and uncomplicated way. Heimdall is developed by information security specialist Matheus Bernardes.

How Heimdall works

〉 Install and configure the Heimdall web platform on a server where you will manage all other clients.
〉 Install and configure the Heimdall agent on clients.
〉 The client get all packages installed and consult on vulners.com, to find which packages are vulnerable.
〉 The client report the vulnerable packages to heimdall_webserver.
〉 You can now upgrade the packages in the clients using the Heimdall Web Platform.

For this article, we will use the following heimdall server and a client where heimdall agent will be installed.

Server IP: 139.162.27.102
Client IP: 139.162.57.23

Prepare Heimdall Server

The per-requisites for installing heimdall server is Python PIP and git. Therefore before installing heimdall server, let us install python PIP and git.

Install python PIP and git in Ubuntu 16 by executing following commands from the terminal.

# sudo apt-get install python-pip
# sudo apt-get install git
# pip -V
# sudo apt-get install git

In CentOS 7, Install python pip and git using yum.

# yum install epel-release
# yum -y install python-pip
# pip -V
# yum install git

Now clone the heimdall webserver using git and run the installer.

# git clone https://github.com/mthbernardes/heimdall_webserver.git
# cd heimdall_webserver
# chmod +x install.sh
# ./install.sh
...............................
...............................
...............................

Installed 5 object(s) from 1 fixture(s)
[+] - Alldone - [+]
Default username and password
.................
.................

Run the server by executing following command in the terminal. You can change the port no of your choice.

# python manage.py runserver 0.0.0.0:1337
Performing system checks...
System check identified no issues (0 silenced).
July 11, 2017 - 14:59:33
Django version 1.11.2, using settings 'heimdall_webserver.settings'
Starting development server at http://0.0.0.0:1337/
Quit the server with CONTROL-C.

If you have enabled firewall, then open the port no 1337 so that the client can communicate with the server. Now point your browser to http://Server-IP:1337 Login with default username and password as 'heimdalll'

Heimdall server Login

Click 'heimdall' from dashboard to change the default password.

Heimdall change password

Click clients->Registers

Heimdall register clients

To register a client, provide a name, IP address of client along with port number and the distro name.

Heimdall register client

Click the view button.

Heimdall view clients

Copy the 'API key' for this client in a notepad that we will use while configuring the agent in client machine. The status column will be 'Offline' since we have not configured the client yet.

Heimdall client details

Click users, the default user will be listed. To register more users, click the 'Register' button.

Heimdall system users

Fill up the registration form. Choose the group from any of these three-

admin - Can do everything.
infra - Cannot create users.
security,dev - Can only see information's about the servers.

Heimdall register new user

Prepare Heimdall Client

Now that the Heimdall server is ready to get vulnerability information from the clients, let us configure the agent in the client, the IP for which is 139.162.57.23. The installation is pretty straight forward. Clone the git repository of the agent and run it. Remember to install the python pip and git in the same way as we did in the server.

# git clone https://github.com/mthbernardes/heimdall_agent.git
# cd heimdall_agent
# pip install -r requeriments.txt

Edit the configuration file of agent. The server parameter is the IP of server along with port number and paste the API key that we have copied while configuring the client section in server. Choose distro and distro version depending on which platform the agent is running.

# vi etc/agent.conf
[Config]
server = 139.162.27.102:1337
distro = centos
distro_version = 7
api = 46650c9f-bb50-438e-b720-562fce84f416
update_command = apt-get --only-upgrade install -y

Finally, run the agent.

# python agent.py
wait first vulnerability collect

Find vulnerability of client through heimdall server

Now that both the server and agent are running, view/refresh the client page in the web interface of the server. If there are any vulnerable packages then it will be listed in the Vulnerable packages section. View the details of the vulnerability of the package and update it. Once the package has been updated, view the details by pressing the 'View' button.

The heimdall project is on a beta version, there's a lot of bugs and issues are there. So do not use it in the live environment until final release. There's not https implemented yet, it will come on the next upgrade. The other features that will come in the next release are Package upgrade with schedule, E-mail notifications, Activity Log and Vulnerability chat.

Dwijadas Dey 2:00 am

About Dwijadas Dey

Dwijadas Dey is working with GNU/Linux, Open source systems since 2005. Having avid follower of GNU/Linux, He believes in sharing and spreading the open source ideas to the targeted audience. Apart from freelancing he also writes for community. His current interest includes information and network security.

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.