Knowledge Base

InsightVM and Nexpose Virtual Appliance Guide

IMPORTANT

The Virtual Appliance has limited disk space and is only intended for product evaluation purposes.

It is NOT intended for enterprise and production deployments.

Deploying the Virtual Appliance

Read this section to learn how to deploy the Virtual Appliance in one of the supported environments.

Supported environments

The Virtual Appliance is tested and supported in the following environments:

  • VMware Player 6 or later
  • VMware Workstation 9 or later
  • VMware Fusion 8 or later
  • VMware vCenter 5.5, 6.0
  • VMware ESXi 5.5, 6.0

Downloading the Virtual Appliance

Rapid7 provides the Virtual Appliance as an Open Virtualization Archive (OVA) file. You can download either a Virtual Appliance Security Console (VA) or the Virtual Appliance Scan Engine (VASE). The Rapid7 OVA can be downloaded from our help.rapid7.com site here.

Deploying in VMware Player and VMware Workstation

  1. In VMware Player and VMware Workstation, click "File" -> "Open".
  2. In the dropdown list, select the group that includes *.ova.
  3. Select the Virtual Appliance file, and click "Open".

The "Import Virtual Machine" window will appear.

OPTIONAL

You can rename the Virtual Appliance file name if desired.

  1. Specify the storage path for the Virtual Appliance.
  2. Click "Import".

The import process converts the Virtual Appliance file to a Virtual Machine Disk Format (VMDK) file. When the import process is complete, the Virtual Appliance appears on the list of available virtual machines in VMware Player.

  1. Select the Rapid7 Virtual Appliance, and click "Play" or "Power On this Virtual Machine" if using VMware Workstation.

Deploying in vCenter or VMware ESXi

  1. In vCenter or VMware ESXi, click File | Deploy OVF Template...
    The Deploy OVF template window appears.
The Deploy OVF template window

The Deploy OVF template window

  1. Locate the downloaded Virtual Appliance file, and click Next.
    The OVF Template Details panel appears for configuring Virtual Appliance set-
    tings.
The OVF Template details panel

The OVF Template details panel

  1. Enter a name for the Virtual Appliance.
  2. Select an inventory location, and click Next.
  3. Select a host or cluster for the Virtual Appliance, and click Next.
  4. Select a resource pool, and click Next.
  5. Select a datastore, and click Next.
  6. Select Thin or Thick (recommended) Provision for the disk format, and click Next.
  7. Select a network mapping, and click Next.
  8. Click Finish.

Powering on the Virtual Appliance

  1. When the import process is complete, select the Virtual Appliance from the list of available virtual machines.
  2. Click Power on.
  3. Click the Console tab to view a terminal window for the Virtual Appliance.

Administering the Virtual Appliance

Log in to the Virtual Appliance after it starts to perform any necessary administrative functions. The operating system for the Virtual Appliance is a CIS hardened, minimal install of Ubuntu Server 16.04 LTS.

When startup is complete, the Virtual Appliance window displays a login prompt. If you are logging in for the first time, you will be asked to change the current UNIX password:

  1. Enter the default username: nexpose
  2. Enter the default password: nexpose

TIP

Your password keystrokes will not appear in the terminal as you type them. Take care that you input the password accurately.

  1. When prompted, enter the default password again.
  2. Enter your new password according to the complexity requirements.

Password Complexity Requirements

Passwords must at least 14 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character.

  1. Enter your new password again to confirm the change.

You need the IP address of the Virtual Appliance in order to login to to the Web interface. Run ifconfig -a to view the IP address.

Updating the host's operating system

As a security best practice, make sure to keep your operating system current with the latest updates.
To apply an update, take the following steps:

  1. Access the operating system of your Virtual Appliance using SSH or by
    opening the a virtual console.
  2. Run the following command to update all operating system packages to the
    latest versions:
    sudo apt-get update && sudo apt-get upgrade

Note

The unattended-updates package is installed and configured to automatically apply security updates when available. The virtual appliance requires access to us.archive.ubuntu.com and security.ubuntu.com to retrieve updated packages. Unattended update logs can be reviewed in /var/log/unattended-upgrades/unattended-upgrades.log

Logging onto the Security Console

You perform all Security Console operations through a Web-based interface, which supports the browsers listed at https://www.rapid7.com/products/nexpose/system-requirements/.

To log onto the Security Console take the following steps:

  1. Open a web browser.
  2. Enter the URL for the Virtual Appliance. https://<Virtual_Appliance_IP>:3780
  3. Enter the default username (nxadmin) and password (nxpassword).
  4. Click the Logon button.

Change Password

Upon first login the Security Console will prompt you to change your password. Enter the default username and password: nxadmin and nxpassword. Enter a new password, and confirm the new password.

If you are a first-time user and have not activated your license, the Security Console displays an activation dialog box. Enter your license key.
If you do not have a license key, visit https://www.rapid7.com/products/insightvm/download/ to start your 30-day free trail.
After you receive the license key, login and enter the license key in the
activation window.

After you login, you’re ready to start using the Virtual Appliance. See https://insightvm.help.rapid7.com/docs/using-the-web-interface for more information on using the web interface.

Frequently Asked Questions

How do I set up a static IP?

There are two different ways to set up a static IP.

  1. Option 1 - edit one file only

Edit the /etc/network/interfaces config with the following code. Note that you do not need to do the /etc/resolvconf/resolv.conf.d/tail section if you add the dns-nameservers to the /etc/network/interfaces conf file.

auto ens32
iface ens32 inet static
address 192.168.0.16
netmask 255.255.255.0
gateway 192.168.0.1
dns-nameservers 8.8.4.4 8.8.8.8
  1. Option 2 - Edit two files

Edit the /etc/network/interfaces file with the following command:

sudo nano /etc/network/interfaces

Match the corresponding lines to the following values:

auto ens32
iface ens32 inet static

Add the following address, netmask, and gateway lines and specify the values as desired.

NOTE

Values shown here are only examples. ens32 is the default network interface for the OVAs. Run ifconfig to display existing network interfaces to confirm which interface is in use.

address 10.0.0.100 
netmask 255.255.255.0 
gateway 10.0.0.1

How do I set up DNS?

Create the /etc/resolvconf/resolv.conf.d/tail file with the following command:

sudo nano /etc/resolvconf/resolv.conf.d/tail

Add the following lines and specify values according to your configuration requirements:

nameserver 8.8.8.8
nameserver 8.8.4.4
search local.company.com internal.company.com

How do I restart networking?

In order for the static IP and DNS changes to take effect, the existing IP must be flushed with the following command:

sudo ip addr flush ens32

To restart the networking service, use the following command:

sudo systemctl restart networking.service

How do I set the system time?

The virtual appliance comes preinstalled with chrony. To check the current system time, run the chronyc tracking command.

Chrony can be configured by editing the /etc/chrony/chrony.conf file.

Please see https://chrony.tuxfamily.org/faq.html for complete documentation.

To manually sync the time, run the following commands:

sudo service chrony stop
sudo chronyd -q 'pool pool.ntp.org iburst'
sudo service chrony start

To change the timezone, run sudo dpkg-reconfigure tzdata and select the desired timezone.

How do I start, stop, and check the status of the Nexpose Service?

Nexpose Console

sudo systemctl status nexposeconsole.service
sudo systemctl start nexposeconsole.service
sudo systemctl stop nexposeconsole.service

Nexpose Engine

sudo systemctl status nexposeengine.service
sudo systemctl start nexposeengine.service
sudo systemctl stop nexposeengine.service

What is the OS account lockout policy?

Accounts will get locked out after 5 invalid login attempts. Accounts will get automatically unlocked after 15 minutes.

Can I update my existing Rapid7 Virtual Appliance that is running on Ubuntu 12.04 or 14.04 to Ubuntu 16.04?

Operating system maintenance and upgrading is beyond the scope of Support. Please consult your Linux administrator for assistance with upgrading the OS.

IMPORTANT

Please note that our Virtual Appliances are pre-hardened, and upgrading the OS will break the pre-hardening.

We strongly recommend that you perform a backup before doing any OS upgrades.

The Rapid7 Virtual Appliance runs Ubuntu Server 16.04. You can perform a backup on an existing Virtual Appliance and do a restore on a new Virtual Appliance. Please see Database backup/restore and data retention for instructions on how to move to a new host.