Forge Home

nexpose

Install and configure rapid7 nexpose

9,228 downloads

6,299 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.2.0 (latest)
  • 0.1.5
  • 0.1.4
  • 0.1.3
released Sep 28th 2018
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 6.0.0

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'icann-nexpose', '0.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add icann-nexpose
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install icann-nexpose --version 0.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

icann/nexpose — version 0.2.0 Sep 28th 2018

nexpose

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with nexpose
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module

Overview

This module attempts to configuer nexpose basic config

Module Description

The module currently supports configuering the basic web server parmaters of the security console including configuering ldap authentication source. It also adds a new custome type nexpose_host this allows for exporting resources and realising them on the nexpose console

Setup

What nexpose affects

This module is configuered to work with the virtual machine provided by nexpose. The following files are altered during configeration

  • /opt/rapid7/nexpose/nsc/conf/httpd.xml (via a template)
  • /opt/rapid7/nexpose/nsc/conf/nsc.xml (using augeas)

It also uses the augeas api to add resources directly to the nexpos console. The policy will install the nexpose gem and configure the system for ruby 1.9.3.

If you are using puppet enterprise you will need to install the puppet gem manully with the following command

/opt/puppet/bin/gem install nexpose

We also introduce three custom types

  • nexpose_host
  • nexpose_site
  • nexpose_user

Setup Requirements

  • puppetlabs/puppetlabs-ruby

Beginning with nexpose

to configure nexpose with default settings add the following:

class {'::nexpose': } 

To configure ldap ad the following to your manifest

class {'::nexpose:ldap':
  ldap\_server => 'ldap.example.com',
  ldap\_base   => 'DC=example,DC=com',
}

To export a resource use the follwing

@@nexpose_host {
    $::fqdn:
        ensure => present,
        site => 'site_name',
        require => Nexpose_site['site_name'];
}

And to realise it use

Nexpose\_host <<||>>

To add a site to the nexpose console

nexpose_site {
    'site_name'
        ensure => present,
        description => 'description',
        scan_template => 'scan_template',
}

The following scan_templates are supported

  • cis
  • disa
  • dos-audit
  • discovery
  • aggressive-discovery
  • exhaustive-audit
  • fdcc-1_2_1_0
  • full-audit
  • full-audit-without-web-spider
  • hipaa-audit
  • internet-audit
  • linux-rpm
  • microsoft-hotfix
  • pci-audit
  • pentest-audit
  • scada
  • network-audit
  • sox-audit
  • usgcb-1_2_1_0
  • web-audit

To add a user to the nexpose console

nexpose\_user {
  'nxadmin'
    ensure      => present,
    enabled     => true,
    password    => 'nxpassword',
    full_name   => 'Default User',
    role        => 'global-admin';
}

If the password is not present then the account will be created with a password of nxpassword. The following roles are supported

  • user
  • system-admin
  • controls-insight-only
  • global-admin
  • security-manager
  • site-admin

Usage

Put the classes, types, and resources for customizing, configuring, and doing the fancy stuff with your module here.

Reference

Here, list the classes, types, providers, facts, etc contained in your module. This section should include all of the under-the-hood workings of your module so people know what the module is touching on their system but don't need to mess with things. (We are working on automating this section!)

Limitations

Only tested with the rapid7 nexpose VM. Currently restarts the nexposeconsole when making changes which takes a long time.

  • When using absent with nexpose_host it will remove the host from all templates
  • if you change the site property of nexpose_host it will add the host to the new site but it will remain in old site (this should probably be an array however in the back end it creates two devices on the backend so still not convinced)

Development

Any feedback or pull requests welcom