All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Labs icon Lab
  • Cloud
  • Security
Google Cloud Platform icon
Labs

Write an Automated Script to Perform a Vulnerability Scan and Log the Results

When we have multiple instances of an Apache web server, we generally need to run a vulnerability scan for each of our instances on a regular basis. It's best to write an automated script to perform this task to reduce the human error factor and get consistent results running exactly the same sets of tests on each instance. This lab does precisely that and configures the script to generate a log file containing a report. In addition to this, the script should not necessarily scan for just vulnerabilities. It should also report on the operating system, version of the operating system, version of the Apache server, status of SELinux, status of the firewall, firewall rules, etc. Why is this important? Because in addition to figuring out whether or not our system is vulnerable, we might also want to know whether or not the security mechanisms of the system are functional.

Get started Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Advanced
Duration
Clock icon 1h 15m
Last updated
Clock icon Aug 28, 2025

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Define Functions to Retrieve Server Information

    Note: Please provide the lab an extra 1-2 minutes before logging in to make sure the lab is fully provisioned. A local SSH terminal must be used for this lab (This lab cannot use the Instant Terminal). You will find the necessary login credentials on the lab page.

    Create and open a file /home/cloud_user/ourScript.py.

    vim /home/cloud_user/ourScript.py

    Define which interpreter is to be used for the script.

    #!/bin/python3.6

    import subprocess
import socket

    Get Apache web server version.

    def get_apache_version():       
    return subprocess.check_output(['httpd', '-v'], stdin=None, stderr=None, shell=False, universal_newlines=True)

    Get SELinux status.

    def get_selinux_status():
    return subprocess.check_output(['getenforce'], stdin=None, stderr=None, shell=False, universal_newlines=True)

    Get the current firewall configuration for the default zone.

    def get_firewall_rules():
    return subprocess.check_output(['firewall-cmd', '--list-all'], stdin=None, stderr=None, shell=False, universal_newlines=True)

    Create a function to find a line containing a string in a file.

    def find_line_in_file(file_path, str_to_find):
        for line in open(file_path):
                if str_to_find in line:
                        return line

    Get the port number from the ssh configuration file.

    sshd_config = "/etc/ssh/sshd_config"

    def get_ssh_port():
    return find_line_in_file(sshd_config, "Port")

    Get PermitRootLogin.

    def get_root_login():
    return find_line_in_file(sshd_config, "PermitRootLogin")

  2. Challenge

    Write Additional Functions to Retrieve Server Information

    Get the value of PasswordAuthentication.

    def get_ssh_password_config():
    return find_line_in_file(sshd_config, "PasswordAuthentication")

    Get the ports in ssh_port_t.

    def get_selinux_ssh_port_label():
return subprocess.check_output(['sepolicy', 'network', '-t', 'ssh_port_t'], stdin=None, stderr=None, shell=False, universal_newlines=True)

    Get the public IP address of the server.

    def get_server_IP():
    s = socket.socket(socket.AF_INET, 	socket.SOCK_DGRAM)
    s.connect(("8.8.8.8", 80))
    return s.getsockname()[0]

    Save and quit.

    ESC
:wq
ENTER

  3. Challenge

    Write a Function to Perform an Nmap Scan

    Install Nmap.

    sudo yum install nmap

    Change directory to /usr/share/nmap/scripts/.

    cd /usr/share/nmap/scripts/

    Clone https://github.com/vulnersCom/nmap-vulners.git and https://github.com/scipag/vulscan.git

    sudo git clone https://github.com/vulnersCom/nmap-vulners.git

    sudo git clone https://github.com/scipag/vulscan.git

    vim /home/cloud_user/ourScript.py

    def vuln_scan():
    serverIP = get_server_IP() 
    return subprocess.check_output(['nmap', '--script', 'vulscan', '--script-args', 'vulscandb=scipvuldb.csv', '-sV', '-p80', serverIP], stdin=None, stderr=None, shell=False, universal_newlines=True)

  4. Challenge

    Generate a Report Combining All These Functions

    Log file path.

    log_file="/home/cloud_user/ourLog.log"

    def generate_report():
    apache_version = get_apache_version()
    selinux_status = get_selinux_status()
    firewall_rules = get_firewall_rules()
    ssh_port = get_ssh_port()
    permit_root_login = get_root_login()
    permit_pass_auth = get_ssh_password_config() 
    selinux_label = get_selinux_ssh_port_label()
    nmapScan = vuln_scan()
    
    log_record = apache_version + "\n" + selinux_status + "\n" + firewall_rules + "\n" + ssh_port + "\n" + permit_root_login + "\n" + permit_pass_auth + "\n" + selinux_label + "\n" + 
    nmapScan
    
    text_file=open(log_file, "w")
    text_file.write(log_record)
    text_file.close()
    
    print(apache_version)
    print("SELinux Status: " + selinux_status)
    print("Firewall - Default Zone\n " + 	firewall_rules)
    print("SSH Port: " + str(ssh_port))
    print("Password Authentication: " + 	str(permit_pass_auth))
    print("SELinux Label: " + selinux_label)
    print(nmapScan)

    generate_report()

    Save and close.

    ESC
:wq
ENTER

    Change permissions on the file.

    chmod 700 /home/cloud_user/ourScript.py

    sudo ./ourScript.py
Pluralsight Skills - Labs - Pluralsight
Author
Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.
Ready to get started?
View individual plans View team plans