Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon
Labs

Write an Automated Script to Perform a Vulnerability Scan and Log the Results

When we have multiple instances of an Apache web server, we generally need to run a vulnerability scan for each of our instances on a regular basis. It's best to write an automated script to perform this task to reduce the human error factor and get consistent results running exactly the same sets of tests on each instance. This lab does precisely that and configures the script to generate a log file containing a report. In addition to this, the script should not necessarily scan for just vulnerabilities. It should also report on the operating system, version of the operating system, version of the Apache server, status of SELinux, status of the firewall, firewall rules, etc. Why is this important? Because in addition to figuring out whether or not our system is vulnerable, we might also want to know whether or not the security mechanisms of the system are functional.

Try for free Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Advanced
Duration
Clock icon 1h 15m
Published
Clock icon Oct 18, 2019

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Define Functions to Retrieve Server Information

    Note: Please provide the lab an extra 1-2 minutes before logging in to make sure the lab is fully provisioned. A local SSH terminal must be used for this lab (This lab cannot use the Instant Terminal). You will find the necessary login credentials on the lab page.

    Create and open a file /home/cloud_user/ourScript.py.

    vim /home/cloud_user/ourScript.py

    Define which interpreter is to be used for the script.

    #!/bin/python3.6

    import subprocess
import socket

    Get Apache web server version.

    def get_apache_version():       
    return subprocess.check_output(['httpd', '-v'], stdin=None, stderr=None, shell=False, universal_newlines=True)

    Get SELinux status.

    def get_selinux_status():
    return subprocess.check_output(['getenforce'], stdin=None, stderr=None, shell=False, universal_newlines=True)

    Get the current firewall configuration for the default zone.

    def get_firewall_rules():
    return subprocess.check_output(['firewall-cmd', '--list-all'], stdin=None, stderr=None, shell=False, universal_newlines=True)

    Create a function to find a line containing a string in a file.

    def find_line_in_file(file_path, str_to_find):
        for line in open(file_path):
                if str_to_find in line:
                        return line

    Get the port number from the ssh configuration file.

    sshd_config = "/etc/ssh/sshd_config"

    def get_ssh_port():
    return find_line_in_file(sshd_config, "Port")

    Get PermitRootLogin.

    def get_root_login():
    return find_line_in_file(sshd_config, "PermitRootLogin")

  2. Challenge

    Write Additional Functions to Retrieve Server Information

    Get the value of PasswordAuthentication.

    def get_ssh_password_config():
    return find_line_in_file(sshd_config, "PasswordAuthentication")

    Get the ports in ssh_port_t.

    def get_selinux_ssh_port_label():
return subprocess.check_output(['sepolicy', 'network', '-t', 'ssh_port_t'], stdin=None, stderr=None, shell=False, universal_newlines=True)

    Get the public IP address of the server.

    def get_server_IP():
    s = socket.socket(socket.AF_INET, 	socket.SOCK_DGRAM)
    s.connect(("8.8.8.8", 80))
    return s.getsockname()[0]

    Save and quit.

    ESC
:wq
ENTER

  3. Challenge

    Write a Function to Perform an Nmap Scan

    Install Nmap.

    sudo yum install nmap

    Change directory to /usr/share/nmap/scripts/.

    cd /usr/share/nmap/scripts/

    Clone https://github.com/vulnersCom/nmap-vulners.git and https://github.com/scipag/vulscan.git

    sudo git clone https://github.com/vulnersCom/nmap-vulners.git

    sudo git clone https://github.com/scipag/vulscan.git

    vim /home/cloud_user/ourScript.py

    def vuln_scan():
    serverIP = get_server_IP() 
    return subprocess.check_output(['nmap', '--script', 'vulscan', '--script-args', 'vulscandb=scipvuldb.csv', '-sV', '-p80', serverIP], stdin=None, stderr=None, shell=False, universal_newlines=True)

  4. Challenge

    Generate a Report Combining All These Functions

    Log file path.

    log_file="/home/cloud_user/ourLog.log"

    def generate_report():
    apache_version = get_apache_version()
    selinux_status = get_selinux_status()
    firewall_rules = get_firewall_rules()
    ssh_port = get_ssh_port()
    permit_root_login = get_root_login()
    permit_pass_auth = get_ssh_password_config() 
    selinux_label = get_selinux_ssh_port_label()
    nmapScan = vuln_scan()
    
    log_record = apache_version + "\n" + selinux_status + "\n" + firewall_rules + "\n" + ssh_port + "\n" + permit_root_login + "\n" + permit_pass_auth + "\n" + selinux_label + "\n" + 
    nmapScan
    
    text_file=open(log_file, "w")
    text_file.write(log_record)
    text_file.close()
    
    print(apache_version)
    print("SELinux Status: " + selinux_status)
    print("Firewall - Default Zone\n " + 	firewall_rules)
    print("SSH Port: " + str(ssh_port))
    print("Password Authentication: " + 	str(permit_pass_auth))
    print("SELinux Label: " + selinux_label)
    print(nmapScan)

    generate_report()

    Save and close.

    ESC
:wq
ENTER

    Change permissions on the file.

    chmod 700 /home/cloud_user/ourScript.py

    sudo ./ourScript.py
A Cloud Guru - Labs - Write an Automated Script to Perform a Vulnerability Scan and Log the Results
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans