QuickStart Guide

Version 1.10
Contents

1.0 System Requirements .................................................................................................................... 3

2.0 Installing the Vsam Appliance ..................................................................................................... 3

3.0 Accessing Vsam .............................................................................................................................. 4

4.0 Configuring the Vsam Appliance ................................................................................................ 4

5.0 Configuring the Vsam Application. ............................................................................................ 6

6.0 Starting a Scan ................................................................................................................................ 7

-2 -
Vsam (Vulnerability, Scanning And Management) is a VMware virtual appliance that provides
comprehensive management capabilities to Nessus Scans. This guide is intended to be only a
starting point and assists a Security or IT professional to install and configure Vsam in several
easy to follow steps.

1.0 System Requirements

Vsam requires a VMware environment. The appliance is a VMware 6.5-7 compatible image
and should run in the following environments.

 VMware workstation 6.5-7

 VMplayer 3.0
 VMware Server 2.0
 ESX/ESXi (with vcenter converter)

1.1 Guest Requirements

Memory: Minimum 512MB, Recommended 1GB or more

Hard Disk: Minimum 10GB, Recommended 50GB or more

1.2 VMware Host Requirements

Please consult your VMware administrator or VMware Documentation

2.0 Installing the Vsam Appliance

Vsam is packaged as a 7-zip archive. To download, visit http://sourceforge.net/projects/vsam

Download the archive and store in a temporary directory. To extract, install 7-zip (www.7-
zip.org) and store these files into a temporary directory. Note that this archive is also
supported by other archiving software such as Winzip.

If you are using VMware workstation or VMplayer, start up the appliance by opening the
VMware application, click File->Open and browse to the directory where the archive was
decompressed select the configuration file. The virtual appliance should begin to boot up and
be available within 1-2 minutes.

For individuals using VMware Server or ESX, please consult your VMware administrator to
install and setup the image.

-3 -
3.0 Accessing Vsam

Access to Vsam is available through the following interfaces:

3.1 Web Browser (User Access)

https://<ip_address or dns name>

Default Username: admin

Default Password: password

3.2 VMware Guest Console

Via VMware guest machine console access

Default Username: root

Default Password: password

3.3 SSH

Remote access via SSH client

Default Username: root

Default Password: password

4.0 Configuring the Vsam Appliance

Before Vsam can be used, the Appliance must be configured. It is important that a little
planning is completed prior to these steps. Vsam requires access to the Internet in order to
both license Nessus and update the Appliance as new vulnerabilities are discovered.

Please ensure that the IP Address assigned to the Appliance in the following steps, has direct
access to:

 downloads.nessus.org

Once this has been confirmed, please complete the steps below.

-4 -
1. Login into the Appliance via VMware’s Guest Console.
2. Type ./setup and hit enter. Please note the period backslash are part of the command.
3. The script will ask for various pieces of information that must be provided in order to
ensure the appliance is setup for operation. The required information is described
below.

Requested Description Required

Information
Appliance The Setup script should auto-detect an available interface. 
Interface This can be changed after auto-detect has completed
IP Address This address will be used for: 
- Scanning hosts
- Emailing notifications
- Vsam user access
- Access to the console via SSH
Subnet Mask Based on the subnet the appliance will be attached to 
Default Gateway For communications off subnet 
Local Domain Last part of the full domain name. If this field is set to 
Suffix abc.com, any dns resolution to a host, will also add abc.com to
make up the fully qualified domain name (vsam.abc.com)
Primary DNS IP The Primary IP address of the server to resolve names to ip 
Address addresses
Secondary DNS The Secondary IP address of the server to resolve names to ip
IP Address addresses
Time zone To setup a change in the timezone that the appliance will be
configuration running select ‚y‛ and follow screen instructions
Time Configures time synchronization to a time source. The time
synchronization source can be local or an external Internet time source. Select
‘y’ and then input the IP Address or dns name of your time
servers as directed on screen.
Root Password Used for SSH and Console Access. For security reasons, the 
password must be changed from its default.
Nessus License Required for Nessus to run. Vsam will not function without a 
Code valid Nessus license. Licenses can be obtained from Nessus at
http://www.nessus.org/plugins/index.php?view=register-info.

4. Once all information has been entered, the appliance will make the necessary
configuration changes, confirm the changes and reboot.

-5 -
 5. The appliance is now ready to use. It can be accessed via a HTTPS web session at the IP
address specified in the script above.

5.0 Configuring the Vsam Application.

While not required, it is highly recommended that Vsam be configured as described below to
ensure the correct information has been entered about your environment. This will allow Vsam
to better process scan data.

5.1 Sites
At a minimum, Vsam requires some information about the environment it will
be tracking. As a Nessus user, this may seem unnecessary, however, because
Vsam is managing scan data from Nessus, it requires some additional knowledge
about your environment.

In order to run scans, at least one site must be configured. Defining a Site allows
subnets to also be defined and assigned to a specific site. This provides some
structure when scan data is processed.

To define a site, please complete the following steps.

a. Select the Infrastructure menu, then Sites.

b. Select ‘Add new site’
c. Fill in the following fields at a minimum.
a. Name – Display name for the site
b. SITE: - Code to be assigned to site. Must be unique.

Other fields may be filled in optionally.

d. Click the ‘Save’ Button

5.2 Subnets

In order to begin scanning, intended subnets to be scanned must be configured

and assigned to a site. Please complete the following steps to setup a subnet.

-6 -
 a. Select the Infrastructure menu, then Sites
b. Click on the number in the ‘Auto Notify Column or click on the edit icon
(pencil) and then the SUBNETS link.
c. Click ‘Add New Subnet’
d. Enter the subnet to be scanned as a CIDR. For example, 192.168.1.0/24 or
172.16.1.0/24. If partial subnets are required, adjust the subnet mask. The
range fields (Start IP and End IP) fields may also be used instead of entering
a CIDR.
e. Select ‘Assigned’ for the Status field
f. Enter an email address in the POC field. If no email address is required, use
‘root@localhost.com’
g. Check the ‘Allowed to Scan’ box.
h. Click the Save Button

Repeat this process for any additional subnets that you would like to assign to this site.

6.0 Starting a Scan

Vsam comes pre-configured with some of the required information to run Nessus. This
includes a pre-configured local Nessus server, pre-configured Nessus profiles, and pre-loaded
plugins. This allows for quick setup of scans. To scan a host simply do the following.

1. From the Security Scan Menu, select New Scan Job

2. Enter a name of the scan job and a email for notification
3. Select the scheduled method. In this case select Immediately as we want the scan to
start once submitted.
4. Add a target host. This can be in the following forms:
a. IP List – list of IP Addresses separated by newline
b. IP Range – A range of IP Address. Input will ask for a start and end range
c. Named Target List – Same as IP List but with host names.
d. CIDR - A subnet to scan (i.e. 192.168.1.0/24)
e. Subnet – this will only work if section sites and subnets have been configured
5. By default, the Full Audit profile will be selected. This can be changed in by
selecting the Scan link.
6. If an authenticated scan is desired, select the Credentials link. You will have a choice
of entering or using a previously stored credential.

-7 -
 7. Once all information has been entered, click on the submit button. The scan will be
queue for processing.

Once the scan has completed, results will be available in the Reports->Nessus Scan Results
menu

-8 -