Resize InsightVM/Nexpose Virtual Image Disk Online

Rapid7 offers the best vulnerability management software in the market either with Nexpose ( https://www.rapid7.com/products/nexpose) fully on-prem solution or with cloud-powered on-prem InsightVM (https://www.rapid7.com/products/insightvm ). Cloud powered means some of the features are in the cloud while the Console and if required Scan engines are installed on-prem

While doing so it is offered as very flexible deployment options so either Nexpose or InsightVM can be deployed as

  • On a Windows Server as windows installer package
  • On a Linux Server as a Linux installer package
  • Hardware Appliance
  • Virtual Image (Vmware Image)

Most of the cases you will use Virtual Image is it is already pre-made and pre-hardened for you. While it is a single OVA file it is updated every 2-3 weeks with latest software and vulnerability checks. Generally you will prefer virtual image for your Consoles and Scan Engines.

Installation steps of the Virtual Image of either Nexpose or InsightVM can be found at https://kb.help.rapid7.com/docs/insightvm-and-nexpose-virtual-appliance-guide . All virtual images of Nexpose/InsightVM. Nexpose/InsightVM Console – which contains 1 internal Scan Engine- or Nexpose/InsightVM Engine is Ubuntu 16.04 LTS based (Rapid7 also base images on updated OS like 16.04.5 right now so less effort to update OS)

Sometimes as our ICT infrastructure grows the virtual disk that comes with IVM/Nexpose may no be enough which by default it comes with 100 Gb of 1 virtual Disk Image:

As you can see there is only 1 disk around 100 Gb. On Linux we can verify this as root like issue “fdisk -l /dev/sda” command to see disk and its partitions as root user

There is only 1 disk named sda with device path of /dev/sda and if we want to see how this partitioned we need to use “df -h” command

At above screenshot there is 2 important partition / and /opt. Rapid7 software installed on /opt and other OS files are located at / partition. Also physical disk partitions (like /dev/sda5) are not directly mounted (aside from /dev/sda1 which is mounted on /boot to keep kernel images and Grub loader etc).

The disk device names here are like /dev/mapper/vg00-root and /dev/mapper/vg00-opt on Linux we call them Logical Volumes that are part of a Volume Group. This is called LVM which basically separates physical disk,partitions from mounted directories which allows us to expand Logical Volumes withour rebooting system(OS).

To better visualize what is happening with LVM is:

Image result for lvm redhat

Above picture (taken from Red Hat documentation) shows how physical disk and partitions are put in a Volume Group(VG) in which we create Logical Volumes (LV) from that forms mount points (like /opt or / )

Rapid7 virtual image has one disk that is /dev/sda and it has 2 physical partitions /dev/sda1 ( which is directly mounted at /boot partition as kernel and grub resides here and grub boot loader does not understand from LVM so kernel must reside directly in a supported filesystems which is ext3 filesystems and then we have /dev/sda5 which is a logical partition

/dev/sda2 is an Extended partition in which Logical physical partitions can reside. That is a trick for keeping more than 4 physical partitions in a hard disk so we can have 7 instead of 4 that is one of them is extended and it can hold 4 more Logical Partitions in it. You can see better on below

Since our aim is to extend /opt which Rapid7 software resides in /opt/rapid/nexpose (even for InsightVM) directory.

For this first we need to add a new disk on virtual Image. Also you can extend first hard disk it is more convenient to add a new disk instead of extending an existing disk as it involves more steps and more risky. So our aim is to add Second hard disk on Vmware Virtual Image of Rapid7 software. Size depends on your requirements but for a prod environment it will be good to at least add 100 GB hard disk. In our case we will be adding only 15 Gb to show it .

Open your vmware vsphere web user interface select related Virtual machine and click on “Edit Settings” here you will see following and add new hard disk:

And click on “Add” button

Give it a size (In your case you should at least add 100 Gb to be on the safe side. We are only adding 15GB)

And click “OK” button on the right bottom.

After we go back we will use fdisk -l and will see if our new partition is detected as root user. Below can show you that even we added second hard disk it was not detected by OS as /dev/sdb which is second SCSI/SATA disk.

Here we need to install a package to Ubuntu our Linux server. Package is called “sg3-utils”. You can do this with “apt-get install sg3-utils”. That will only work if you have internet access. You need to b e root to run this command.

After that now there is a script comes with this package called “rescan-scsi-bus.sh -a ” . This script will scan all your IO devices and add corresponding /dev entry so we can see /dev/sdb as our new hard disk. You need to run this command as root.

Now you can run fdisk -l again to see if /dev/sdb was added

If you don’t have internet access you can manually download sg3-utils package from https://packages.ubuntu.com/xenial/admin/sg3-utils and upload it and use “dpkg install *.deb” to install package but also you can use following command to scan SCSI BUS to rescan available devices again as root (this can eliminate requirement for sg3-utils package)
 

# echo "- – -" > /sys/class/scsi_host/host0/scan

Before going further you should snapshot your virtual image as things from now on (if you don’t be careful enough can damage your filesystems which all your data you may lose). We do NOT accept ANY responsibility but these steps are done in our lab step-by-step without any issues. For this go to virtual machine on Vmware go to “Snapshots” and click on “Take Snapshots”

On new menu write a description and click “OK”

Wait until snapshot finishes and go on.

After taking snapshot (As a precaution) new need to create a LVM type partition on /dev/sdb (which basically will create /dev/sdb1 of type Linux LVM). Commands we typed are shown bold

root@ivm:~# fdisk /dev/sdb

Welcome to fdisk (util-linux 2.27.1).

Changes will remain in memory only, until you decide to write them.

Be careful before using the write command.

Device does not contain a recognized partition table.

Created a new DOS disklabel with disk identifier 0xa7be7d80.

Command (m for help): n <HIT_ENTER>

Partition type

p primary (0 primary, 0 extended, 4 free)

e extended (container for logical partitions)

Select (default p): p <HIT_ENTER>

Partition number (1-4, default 1): 1 <This is default only HIT_ENTER>

First sector (2048-31457279, default 2048): <This is default only HIT_ENTER>

Last sector, +sectors or +size{K,M,G,T,P} (2048-31457279, default 31457279): <This is default only HIT_ENTER>

Created a new partition 1 of type 'Linux' and of size 15 GiB.

Command (m for help): t <HIT_ENTER>

Selected partition 1

Partition type (type L to list all types): 8e <HIT_ENTER>

Changed type of partition 'Linux' to 'Linux LVM'.

Command (m for help): p <HIT_ENTER>

Disk /dev/sdb: 15 GiB, 16106127360 bytes, 31457280 sectors

Units: sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes

Disklabel type: dos

Disk identifier: 0xa7be7d80

Device Boot Start End Sectors Size Id Type

/dev/sdb1 2048 31457279 31455232 15G 8e Linux LVM

Command (m for help): w <HIT_ENTER>

The partition table has been altered.

Calling ioctl() to re-read partition table.

Syncing disks.

So a sample session would be

Now since we have written changes on disk lets verify it with “fdisk -l /dev/sdb” command. Sample out must be like this:

Now the LVM part comes in. So we need to make this /dev/sdb1 as usable in LVM. We as root user will issue

# pvcreate /dev/sdb1

After this step we need to add this /dev/sdb1 LVM partition to our Volume Group (VG) named vg00 so we can extend Logical Volume (LV) named opt . So first lets add it to vg00 VG

# vgextend vg00 /dev/sdb1

Volume group "vg00" successfully extended

A sample will be like

Now we extend opt LV by the size of /dev/sdb1
 

# lvextend /dev/vg00/opt /dev/sdb1

A sample one would be

And let we check the size of /opt partition
 

# df -h |grep opt

/dev/mapper/vg00-opt 76G 25G 48G 35% /opt

As you can see it is still not resized. There is two more step we need to use first to detect partition type of /opt (filesystem that is used for opt)

Folowing command shows it is ext4 filesystem so we can use command to extend ext4 filesystem.

# mount |grep opt

/dev/mapper/vg00-opt on /opt type ext4 (rw,relatime,data=ordered)

Now for ext4 (or ext filesystem) we use “resize2fs” command like:
 

# resize2fs /dev/vg00/opt

resize2fs 1.42.13 (17-May-2015)

Filesystem at /dev/vg00/opt is mounted on /opt; on-line resizing required

old_desc_blocks = 5, new_desc_blocks = 6

The filesystem on /dev/vg00/opt is now 24156160 (4k) blocks long

As you can see it is resized and lets check it with df -h command like:
 

# df -h |grep opt

/dev/mapper/vg00-opt 91G 25G 62G 29% /opt

We have resized our /opt partition by 15 GB so before it was like

now it is like:

space