Skip to main content

Write an Automated Script to Perform a Vulnerability Scan and Log the Results

Hands-On Lab

 

Photo of Ermin Kreponic

Ermin Kreponic

Training Architect

Length

01:15:00

Difficulty

Advanced

When we have multiple instances of an Apache web server, we generally need to run a vulnerability scan for each of our instances on a regular basis. It's best to write an automated script to perform this task to reduce the human error factor and get consistent results running exactly the same sets of tests on each instance. This lab does precisely that and configures the script to generate a log file containing a report. In addition to this, the script should not necessarily scan for just vulnerabilities. It should also report on the operating system, version of the operating system, version of the Apache server, status of SELinux, status of the firewall, firewall rules, etc. Why is this important? Because in addition to figuring out whether or not our system is vulnerable, we might also want to know whether or not the security mechanisms of the system are functional.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Write an Automated Script to Perform a Vulnerability Scan and Log the Results

Introduction

When dealing with more than one Apache web server instance, it's a very good idea to implement a certain degree of automation for configuration and vulnerability scans. Why? Because if we have a hundred instances, weu want to make sure we're being consistent with security checks across the board. This helps ensure consistent results. In this lab, we write a script that makes use of Nmap and vulnerability databases to report on the security status of our server. Furthermore, the same script fetches information such as SELinux status, firewall configuration, Apache version, and so on.

Please feel free to expand the script and write a unique version! Do not forget to share!

Github links:

Connecting to the Lab

  1. Begin by logging in to the lab server using the credentials provided on the hands-on lab page.

    ssh cloud_user@PUBLIC_IP_ADDRESS

Define Functions to Retrieve Server Information

  1. Create and open the script file for editing.

    vim /home/cloud_user/ourScript.py
  2. Add the following to the script.

    #!/bin/python36
    
    import subprocess
    import socket
    
    def get_apache_version():       
        return subprocess.check_output(['httpd', '-v'], stdin=None, stderr=None, shell=False, universal_newlines=True)
    
    def get_selinux_status():
        return subprocess.check_output(['getenforce'], stdin=None, stderr=None, shell=False, universal_newlines=True)
    
    def get_firewall_rules():
        return subprocess.check_output(['firewall-cmd', '--list-all'], stdin=None, stderr=None, shell=False, universal_newlines=True)
    
    def find_line_in_file(file_path, str_to_find):
            for line in open(file_path):
                    if str_to_find in line:
                            return line
    
    sshd_config = "/etc/ssh/sshd_config"
    
    def get_ssh_port():
        return find_line_in_file(sshd_config, "Port")
    
    def get_root_login():
        return find_line_in_file(sshd_config, "PermitRootLogin")
    
    def get_ssh_password_config():
        return find_line_in_file(sshd_config, "PasswordAuthentication")
    
    def get_selinux_ssh_port_label():
    return subprocess.check_output(['sepolicy', 'network', '-t', 'ssh_port_t'], stdin=None, stderr=None, shell=False, universal_newlines=True)
    
    def get_server_IP():
        s = socket.socket(socket.AF_INET,   socket.SOCK_DGRAM)
        s.connect(("8.8.8.8", 80))
        return s.getsockname()[0]
  3. Save the changes and exit the editor.

Write a Function to Perform an Nmap Scan

  1. Install Nmap.

    sudo yum install nmap
  2. Change directories.

    cd /usr/share/nmap/scripts/
  3. Clone the necessary GitHub repositories.

    git clone https://github.com/vulnersCom/nmap-vulners.git
    git clone https://github.com/scipag/vulscan.git
  4. Open the script file.

    vim /home/cloud_user/ourScript.py
  5. Add the following code to the bottom of the script file.

    def vuln_scan():
        serverIP = get_server_IP() 
        return subprocess.check_output(['nmap', '--script', 'nmap-vulners,vulscan', '--script-args', 'vulscandb=scipvuldb.csv', '-sV', '-p80', serverIP], stdin=None, stderr=None, shell=False, universal_newlines=True)

Generate a Report Combining All These Functions

  1. Add the following to the bottom of the script file.

    
    log_file="/home/cloud_user/ourLog.log"
    
    def generate_report():
        apache_version = get_apache_version()
        selinux_status = get_selinux_status()
        firewall_rules = get_firewall_rules()
        ssh_port = get_ssh_port()
        permit_root_login = get_root_login()
        permit_pass_auth = get_ssh_password_config() 
        selinux_label = get_selinux_ssh_port_label()
        nmapScan = vuln_scan()
    
        log_record = apache_version + "n" + selinux_status + "n" + firewall_rules + "n" + ssh_port + "n" + permit_root_login + "n" + permit_pass_auth + "n" + selinux_label + "n" + 
        nmapScan
    
        text_file=open(log_file, "w")
        text_file.write(log_record)
        text_file.close()
    
        print(apache_version)
        print("SELinux Status: " + selinux_status)
        print("Firewall - Default Zonen " +   firewall_rules)
        print("SSH Port: " + str(ssh_port))
        print("Password Authentication: " +   str(permit_pass_auth))
        print("SELinux Label: " + selinux_label)
        print(nmapScan)
  2. Save the changes and exit the editor.

  3. Change the permissions on the file.

    sudo chmod 700 /home/cloud_user/ourScript.py
  4. Run the script.

    /home/cloud_user/ourScript.py
  5. Wait for the script to finish and verify the results are displayed.

  6. Verify the log file.

    cat ourLog.log

Conclusion

Congratulations, you've completed this hands-on lab!