Scan your EC2 instance to find its vulnerabilities using Vuls (https://vuls.io/en/).
Audit your EC2 instance to find security misconfigurations using Lynis (https://cisofy.com/solutions/#lynis).
Scan your EC2 instance for signs of a rootkit using Chkrootkit (http://www.chkrootkit.org/).
Actions details:
Required action premission | Why it is required |
---|---|
"AttachVolume" | Enables attaching the volume with the taken snapshot to the EC2 instance that is being used for the vulnerabilities scan. |
"AuthorizeSecurityGroupIngress" | Enables attaching security group to the EC2 instance. Contains IP premmisions to ssh port and a random port generated for the scan UI access. |
"DescribeInstances" | Enables access to the clients EC2 instances details. |
"CreateKeyPair" | Enables the creation of a key pair that is being used as the key of the EC2 instance. |
"CreateTags" | Enabled the creation of Tags on the Volume and Snapshot. |
"DescribeRegions" | Enables access to the clients active regions to enable the user select the relevant one for the scan. |
"RunInstances" | Enables the creation of an EC2 instance under the users client. |
"ReportInstanceStatus" | Enables getting the current status of the created EC2 instance to make sure it is running. |
"DescribeSnapshots" | Enables getting the current status of the taken snapshot to make sure it is available. |
"DescribeImages" | Enables querying AMI's to get the latest Ubuntu AMI. |
"DescribeVolumeStatus" | Enables getting the current status of the volume being created. |
"DescribeVolumes" | Enables getting details about a volume. |
"CreateVolume" | Enables the creation of a volume, in order to attach it the taken snapshot and attach it to the EC2 instance used for the vulnerabilities scan. |
"DescribeAvailabilityZones" | Enables access to the clients active availability zones to select one for the created volume that is being attach to the EC2 instance. |
"DescribeVpcs" | Enables getting the clients default vpc. Used for the EC2s security group generation. |
"CreateSecurityGroup" | Enables the creation of a security group that is being attached to the EC2 instance. |
"CreateSnapshot" | Enables taking a snapshot. Used to take a snapshot of the chosen EC2 instance. |
"DeleteSnapshot" | Enables deleting the stale snapshot was created during the process |
sudo git clone https://github.com/lightspin-tech/red-detector.git
pip3 install -r requirements.txt
python3 main.py
usage: main.py [-h] [--region REGION] [--instance-id INSTANCE_ID] [--keypair KEYPAIR] [--log-level LOG_LEVEL]
optional arguments:
-h, --help show this help message and exit
--region REGION region name
--instance-id INSTANCE_ID EC2 instance id
--keypair KEYPAIR existing key pair name
--log-level LOG_LEVEL log level
python3 main.py --log-level DEBUG
ssh ubuntu@PUBLICIP -i KEYPAIR.pem
tail /var/log/user-data.log
Scan your EC2 instance to find its vulnerabilities using Vuls (https://vuls.io/en/).
Audit your EC2 instance to find security misconfigurations using Lynis (https://cisofy.com/solutions/#lynis).
Scan your EC2 instance for signs of a rootkit using Chkrootkit (http://www.chkrootkit.org/).
Requirements
Actions details:
Required action premission | Why it is required |
---|---|
“AttachVolume” | Enables attaching the volume with the taken snapshot to the EC2 instance that is being used for the vulnerabilities scan. |
“AuthorizeSecurityGroupIngress” | Enables attaching security group to the EC2 instance. Contains IP premmisions to ssh port and a random port generated for the scan UI access. |
“DescribeInstances” | Enables access to the clients EC2 instances details. |
“CreateKeyPair” | Enables the creation of a key pair that is being used as the key of the EC2 instance. |
“CreateTags” | Enabled the creation of Tags on the Volume and Snapshot. |
“DescribeRegions” | Enables access to the clients active regions to enable the user select the relevant one for the scan. |
“RunInstances” | Enables the creation of an EC2 instance under the users client. |
“ReportInstanceStatus” | Enables getting the current status of the created EC2 instance to make sure it is running. |
“DescribeSnapshots” | Enables getting the current status of the taken snapshot to make sure it is available. |
“DescribeImages” | Enables querying AMI’s to get the latest Ubuntu AMI. |
“DescribeVolumeStatus” | Enables getting the current status of the volume being created. |
“DescribeVolumes” | Enables getting details about a volume. |
“CreateVolume” | Enables the creation of a volume, in order to attach it the taken snapshot and attach it to the EC2 instance used for the vulnerabilities scan. |
“DescribeAvailabilityZones” | Enables access to the clients active availability zones to select one for the created volume that is being attach to the EC2 instance. |
“DescribeVpcs” | Enables getting the clients default vpc. Used for the EC2s security group generation. |
“CreateSecurityGroup” | Enables the creation of a security group that is being attached to the EC2 instance. |
“CreateSnapshot” | Enables taking a snapshot. Used to take a snapshot of the chosen EC2 instance. |
“DeleteSnapshot” | Enables deleting the stale snapshot was created during the process |
Installation
sudo git clone https://github.com/lightspin-tech/red-detector.git
pip3 install -r requirements.txt
Usage
Interactive
python3 main.py
Command arguments
usage: main.py [-h] [--region REGION] [--instance-id INSTANCE_ID] [--keypair KEYPAIR] [--log-level LOG_LEVEL]
optional arguments:
-h, --help show this help message and exit
--region REGION region name
--instance-id INSTANCE_ID EC2 instance id
--keypair KEYPAIR existing key pair name
--log-level LOG_LEVEL log level
Flow
Troubleshooting
verbouse logging
python3 main.py --log-level DEBUG
scanners databases update process
ssh ubuntu@PUBLICIP -i KEYPAIR.pem
tail /var/log/user-data.log
Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More
AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More
UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More
How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More
The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More
A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More
Leave a Comment