UPDATE 02/2015 : see there for the procedure on Fedora 21
As I started to use Fedora 20 at work – by the way, a solid distro with all security features enabled, I had the bad surprise to get similar issues to those on OS X.
Again, we will have to face the joy of dependencies! Fedora provides Ruby 2.0 by default, so firing msfconsole would fail with many openssl warnings, ending with:
/usr/share/ruby/openssl/cipher.rb:61:in `': superclass mismatch for class Cipher (TypeError) from /usr/share/ruby/openssl/cipher.rb:22:in `' from /usr/share/ruby/openssl/cipher.rb:21:in `' from /usr/share/ruby/openssl.rb:20:in `require' from /usr/share/ruby/openssl.rb:20:in `' from /opt/pentest/exploit/msf/lib/msf/ui/console/driver.rb:144:in `require' from /opt/pentest/exploit/msf/lib/msf/ui/console/driver.rb:144:in `initialize' from ./msfconsole:148:in `new' from ./msfconsole:148:in `'
While the installation steps are globally the same than on Mac, there are some specific issues with rbenv and Postgresql.
Preparing Postgresql
Install:
yum -y install postgresql-server postgresql-devel
Initiate a new “cluster” and connect to the sql client through the postgres user:
# as root: postgresql-setup initdb systemctl restart postgresql.service su postgres psql
Inside the psql console, create the new Metasploit user and its database:
create user msf; alter user msf with encrypted password 'super password'; create database msfdb; grant all privileges on database msfdb to msf; \q
Then, we will tell to Postgres how to accept local connections. ident necessitates an system account, trust means no password for any local account and md5 stands for a classic password authentication, which we will prefer.
Add this line inside /var/lib/pgsql/data/pg_hba.conf and beware that the order is important:
# IPv4 local connections:
host msfdb msf 127.0.0.1/32 md5
host all all 127.0.0.1/32 ident
Then we can restart the service and check with psql that the credentials are working:
systemctl restart postgresql.service psql -U msf msfdb -h localhost \q
Setting Ruby
Metasploit runs well with Ruby 1.9.3, so we will install this version and switch to it using rbenv.
rbenv does a nice job at managing several version of ruby next to each other, installing dependancies (as OpenSSL) and setting PATH:
# as root: # download and install rbenv \curl -sSL https://get.rvm.io | bash rvm install ruby-1.9.3 --autolibs=packages rvm use ruby-1.9.3 # checking, should obviously return ruby 1.9.3 ruby --version
Getting and running Metasploit
Install:
# as root in e.g. /opt git clone https://github.com/rapid7/metasploit-framework.git msf cd msf yum -y install rubygem-bundler libpcap-devel bundle install
Configure the database creating config/database.yml:
production:
adapter: postgresql
database: msfdb
username: msf
password:
host: 127.0.0.1
port: 5432
pool: 75
timeout: 5
Launch it and have fun :
ln -s /opt/msf/msf* /usr/local/bin sudo -i msfconsole# as root ./msfconsole # check connection to the database db_status
Note that the -i option of sudo is mandatory, as it resets the environment for security purposes. That way it will get the environment of the target user, root, which should be just fine if you set rbenv with that user.
UPDATE 02/27/2014: I had some issues starting Metasploit with sudo and I actually failed to find a satisfying solution. I am now just launching it as root and in its work directory.
It is recommended to add a cron entry in /etc/crontab for regular updates:
# msfupdate every 2 hours 0 */2 * * * root /opt/msf/msfupdate 2>&1