Write an Automated Script to Perform a Vulnerability Scan and Log the Results

When we have multiple instances of an Apache web server, we generally need to run a vulnerability scan for each of our instances on a regular basis. It’s best to write an automated script to perform this task to reduce the human error factor and get consistent results running exactly the same sets of tests on each instance. This lab does precisely that and configures the script to generate a log file containing a report. In addition to this, the script should not necessarily scan for just vulnerabilities. It should also report on the operating system, version of the operating system, version of the Apache server, status of SELinux, status of the firewall, firewall rules, etc. Why is this important? Because in addition to figuring out whether or not our system is vulnerable, we might also want to know whether or not the security mechanisms of the system are functional.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Define Functions to Retrieve Server Information

Note: Please provide the lab an extra 1-2 minutes before logging in to make sure the lab is fully provisioned. A local SSH terminal must be used for this lab (This lab cannot use the Instant Terminal). You will find the necessary login credentials on the lab page.

Create and open a file /home/cloud_user/ourScript.py.

vim /home/cloud_user/ourScript.py

Define which interpreter is to be used for the script.

#!/bin/python3.6

import subprocess
import socket

Get Apache web server version.

def get_apache_version():       
    return subprocess.check_output(['httpd', '-v'], stdin=None, stderr=None, shell=False, universal_newlines=True)

Get SELinux status.

def get_selinux_status():
    return subprocess.check_output(['getenforce'], stdin=None, stderr=None, shell=False, universal_newlines=True)

Get the current firewall configuration for the default zone.

def get_firewall_rules():
    return subprocess.check_output(['firewall-cmd', '--list-all'], stdin=None, stderr=None, shell=False, universal_newlines=True)

Create a function to find a line containing a string in a file.

def find_line_in_file(file_path, str_to_find):
        for line in open(file_path):
                if str_to_find in line:
                        return line

Get the port number from the ssh configuration file.

sshd_config = "/etc/ssh/sshd_config"

def get_ssh_port():
    return find_line_in_file(sshd_config, "Port")

Get PermitRootLogin.

def get_root_login():
    return find_line_in_file(sshd_config, "PermitRootLogin")

Write Additional Functions to Retrieve Server Information

Get the value of PasswordAuthentication.

def get_ssh_password_config():
    return find_line_in_file(sshd_config, "PasswordAuthentication")

Get the ports in ssh_port_t.

def get_selinux_ssh_port_label():
return subprocess.check_output(['sepolicy', 'network', '-t', 'ssh_port_t'], stdin=None, stderr=None, shell=False, universal_newlines=True)

Get the public IP address of the server.

def get_server_IP():
    s = socket.socket(socket.AF_INET,   socket.SOCK_DGRAM)
    s.connect(("8.8.8.8", 80))
    return s.getsockname()[0]

Save and quit.

ESC
:wq
ENTER

Write a Function to Perform an Nmap Scan

Install Nmap.

sudo yum install nmap

Change directory to /usr/share/nmap/scripts/.

cd /usr/share/nmap/scripts/

Clone https://github.com/vulnersCom/nmap-vulners.git and https://github.com/scipag/vulscan.git

sudo git clone https://github.com/vulnersCom/nmap-vulners.git

sudo git clone https://github.com/scipag/vulscan.git

vim /home/cloud_user/ourScript.py

def vuln_scan():
    serverIP = get_server_IP() 
    return subprocess.check_output(['nmap', '--script', 'vulscan', '--script-args', 'vulscandb=scipvuldb.csv', '-sV', '-p80', serverIP], stdin=None, stderr=None, shell=False, universal_newlines=True)

Generate a Report Combining All These Functions

Log file path.

log_file="/home/cloud_user/ourLog.log"

def generate_report():
    apache_version = get_apache_version()
    selinux_status = get_selinux_status()
    firewall_rules = get_firewall_rules()
    ssh_port = get_ssh_port()
    permit_root_login = get_root_login()
    permit_pass_auth = get_ssh_password_config() 
    selinux_label = get_selinux_ssh_port_label()
    nmapScan = vuln_scan()

    log_record = apache_version + "n" + selinux_status + "n" + firewall_rules + "n" + ssh_port + "n" + permit_root_login + "n" + permit_pass_auth + "n" + selinux_label + "n" + 
    nmapScan

    text_file=open(log_file, "w")
    text_file.write(log_record)
    text_file.close()

    print(apache_version)
    print("SELinux Status: " + selinux_status)
    print("Firewall - Default Zonen " +     firewall_rules)
    print("SSH Port: " + str(ssh_port))
    print("Password Authentication: " +     str(permit_pass_auth))
    print("SELinux Label: " + selinux_label)
    print(nmapScan)

generate_report()

Save and close.

ESC
:wq
ENTER

Change permissions on the file.

chmod 700 /home/cloud_user/ourScript.py

sudo ./ourScript.py

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Write an Automated Script to Perform a Vulnerability Scan and Log the Results

About this Hands-on Lab

Learning Objectives

Additional Resources

What are Hands-on Labs

Newsletter