This guide will take you to the process of configuring an Internal Scanner Standalone VM on a certain instance.
An Internal Scanner is a decoupled scan engine that can allow Footprint to scan internal ranges and services that you do not want exposed to the internet.
You can configure an internal scanner either by:
📥 Downloading the installer and configuring the service yourself
💻 Installing a ready-made virtual machine and configuring it
This guide will show the steps to configure a ready-made virtual machine.
📥 Downloading the virtual machine
From the Footprint console, go to SCAN SURFACE in the main menu:
Once here, go to the SETUP SCANNERS menu option:
Once here, you will be presented with a brief overview of what an internal scanner is, as well as some required information:
🌐 Footprint Management URL: This is the URL of your Footprint instance
🔑 Internal Scanner Token: This is the token that you will use to authorize the internal scanner on your instance.
You can download the virtual machine in one of two flavors:
Image type |
Hypervisor type |
Supported versions |
---|---|---|
VMDK Image |
VMWare |
VMWare Fusion > 14 VMWare Player > 14 VMWare Workstation > 14 |
VHD Image |
Hyper-V |
Windows 8 or greater |
OVA Image |
Proxmox |
Proxmox 7 or greater |
Manual download links:
OVA Virtual Machine (5GB): https://update.codacloud.net/is/vm/IS-Full.ova
VMWare VMDK Disk (5GB): https://update.codacloud.net/is/vm/IS-Full.vmdk.zip
Microsoft Hyper-V VHD Disk (5GB): https://update.codacloud.net/is/vm/IS-Full.vhd.zip
QEMU Image (qcow2 format - 6GB): http://update.codacloud.net/is/vm/IS-Full.qcow2.zip
OVA (accelerated link) (5GB) : https://is-vm.s3-accelerate.amazonaws.com/IS-Full.ova
🔧 Installing and configuring the scanner
Once you have downloaded the appropriate image for your hypervisor type, you will need to create a new virtual machine for the scanner.
Hyper-V
Start the Hyper-V Manager and go to ACTION ➡ NEW ➡ VIRTUAL MACHINE :
Follow the steps in the Virtual Machine wizard, assigning a name to the machine:
When prompted to select a generation, select GENERATION 1 :
Next, assign desired memory for the virtual machine. The minimum amount for a /24
scan is 8192MB (8GB).
Higher workloads may require more memory. We recommend leaving the USE DYNAMIC MEMORY checkbox selected.
With regards to networking, the Default Switch
usually works fine:
When reaching the Connect Virtual Hard Disk step, select Use an existing virtual hard disk
, select BROWSE and navigate to the downloaded VHD file:
Hit finish to complete the VM creation process:
The Virtual Machine will appear in your manager’s list:
To start the machine, double click it and click on the START button. This will boot up the machine and, after a few minutes, you will see the login screen of the VM:
VMWare
For the VMWare setup example, we will use the VMWare Workstation 16 Player. The setup process will be similar on other VMWare products.
First up, open VMWare Player and click on Create a New Virtual Machine
:
In the New Virtual Machine wizard, select I will install the operating system later
:
On the Guest Operating System
page, select Linux
and Ubuntu
:
Give a name to the virtual machine and select the location where you want it to be stored:
On the next screen, keep the default options and select Store virtual disk as single file
. We will not use the disk VMWare creates for us, but it is a required step in order to create a new VM.
Don’t worry about disk space use - the disk we create here won’t use any space because we won’t write anything to it.
On the final screen, hit FINISH to create the new machine:
Note : The minimum requirements are at least 2 CPU cores, 8GB RAM and 80GB storage for reduced scan scopes. Recommended specifications are 4 CPUs and 8(16) GB of RAM. Ideally, the ISVM should have at least 4 CPUs and 16 GB of RAM for a larger Scan Surface target.
With our VM being created, we now need to associate the downloaded VMDK file. Right click the virtual machine and select SETTINGS :
In the window that appears, remove the existing Hard Disk (SCSI)
entry:
Next up, click on Add…
in the lower left, and select Hard Disk
:
Select SCSI
in the next screen and click Next
:
In the Select a Disk
screen, select Use an existing virtual disk
:
Hit Browse
on the next screen and navigate to the downloaded VMDK file:
Hit Finish
when done.
If asked whether to convert existing format, select Keep existing format
On the next screen, click OK
to save your changes. In order to start the VM, double-click it.
If you get a warning regarding device sata0:1
, select no on the prompt.
The VM will start and you will be presented with the login screen:
Proxmox VE
Prerequisite steps
For Proxmox VE we will be using version 8.3 installed on a generic 11th gen intel x86 platform.
First step is to open the web portal, and click on Datacenter (this applies to single node setups as well as to fully fledged clusters ).
Next step will be to click on the Storage menu, select local (not local-lvm) and click on Edit
Next step will be to expand the content menu and highlight 2 additional items [Disk image and Import], after this is done , the selection should match the one illustrated below:
The instructions above are mandatory, yet some customers may already have this enabled, a new Proxmox install will however not have them enabled by default.
These are required for the importing of the ova image and for the usage of the disk image on local storage.
The steps below are strictly regarding the deployment of our ova image, and these can be provided as guide to the customers.
Deployment
-
Start by uploading our .ova image to Proxmox by expanding the node where you want to deploy the VM, clicking on local storage, and by selecting the import menu
Note: If “Import” is missing please check for the prerequisite steps above ☝🏻
Upload the .ova image by either clicking on “Upload” and uploading it from the client device, or by clicking on “Download from URL” downloading it directly from the bucket/link
-
When the upload/download is complete, the file “IS-Full.ova“ will be visible, select it and click on the “Import“ button:
-
The following step is important as miss-configuring the VM can lead to reduced performance and even failure to boot.
The “General“ tab of the menu that will be show can be left as is, or one can add more memory ( default 8192 mb ) or cpu cores (4 default ), note that the values provided by default are our minimum requirements.
❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗
One important change that must be done, on the “Advanced“ tab, is that we change the default SCSI controller from “LSI 53C895A” to Virtio SCSI single
❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗❗ Done, now you should have a working internal scanner ready to tackle any task thrown at it .
Optional changes that can be done to optimize performance
The default storage can be changed from “local” to “local-lvm” which instead of a thin provisioned qcow2 will create a raw disk image, which will improve disk speed at the price of consumed storage (about 40gb to the full 100gb which is also the limit of the qcow2 image)
The network interface model can be switched from the emulated E1000 to VirtIO(paravirtualized)
If all of the above have been configured, the resulting config should look similar to the screenshot below:
🔧 Configuring the Internal Scanner
Now that our Internal Scanner is up, we need to configure it in order to link it to our Footprint instance.
Manual, Static IP Address Configuration
Please consult this KB article.
Configuring the required network permissions (outbound)
Remember to allow access from the Scanner to the following outside world destination if there is any firewall involved.
Destination |
Port |
Protocol |
Encrypted |
Purpose |
---|---|---|---|---|
443 |
HTTPS |
Yes |
Footprint IS Automated Updates (mandatory) |
|
443 |
HTTPS |
Yes |
Footprint IS Alerting Service (optional, highly recommended) |
|
443 |
HTTPS |
Yes |
Footprint IS - Console Connectivity (mandatory) |
|
5671 |
SSL |
Yes |
Footprint IS - Console Connectivity (mandatory) |
🔒 Retrieving the necessary credentials
In the Footprint Console, navigate to Scan Surface
→ Setup Scanners
. On this page, you will see the management URL and token right above the download buttons:
You can click the Copy
button next to each of these in order to add them to your clipboard.
You can use the Clipboard History
feature to store multiple elements in your Clipboard. Access it via the Windows + V shortcut.
Setting up the credentials
Navigate to the URL listed on the internal scanner VM’s login screen (see above). You will see the following screen, displaying your scanner’s status:
Click the Configure button in order to input your credentials:
Label: a name that will identify this scanner in the console
Console URL: the URL of the Footprint console you are using (copy it from the Setup Scanners page)
Token: your account’s scanner token (copy it from the Setup Scanners page)
After configuring and clicking Save, the scanner will start registering with the console. This will take a few minutes, after which you will be able to see the scanner in your Deployed Scanners listing in the Footprint Console.
2 photos above show: status of the scanner controller (lef) and status in the Footprint platform (right)
After registering, the Internal Scanner needs to do a series of signature updates. These may take up to 15 minutes, in which the scanner will appear as Starting
and you will not be able to use it to start new scans.
After the scanner is shown as Active
, you are able to start new scans using it. Go to the Extend Area
modal, input your scan targets and select your desired Internal Scanner using the dropdown in the footer:
That’s it! Your scanner will now process your inputs and you will be able to see your results in just a few minutes.
🔧 Troubleshooting
In case your IS does not successfully register to the console, please make sure the following steps are checked:
Log on to the IS VM Controller app (http://IS_INTERNAL_IP:8080) and check its status. Look for any warnings.
Check the time & date of the Virtualization Server Host & the Guest IS VM
Check the outbound connectivity of the IS VM to the required. Make sure it has network access to the required outside world as depicted above in the Required Network Permissions section. Please make sure the VM has network connectivity (IP address, subnet mask, default gw, dns servers) and that outbound traffic is allowed.
Make sure it has the minimum hardware resources required
If none of the above work, give us a call and we’ll be happy to support.
Comments
0 comments
Please sign in to leave a comment.