クラウド時代のパートナー 株式会社 pnop

Azure Marketplace "Tsunami - security scanner" Users manual

Select a language: [English] [日本語]

Introduction

This is the simplified manual for "Tsunami - security scanner" from Azure Marketplace.

What's Tsunami - security scanner

Tsunami is a general purpose network security scanner for detecting high severity vulnerabilities.

We offer "Tsunami - Security Scanner" to go live Tsunami on Azure.

Main feature of Tsunami - security scanner

  • Installed Tsunami
  • Perform batch scan for multiple target hosts
  • Provided as Azure virtual machine image.

System requirements

  • Allows users to log in to the virtual machine (e.g. ssh)

How to introduction

Access to "Create Tsunami - security scanner" and Create.

Network Security Group (NSG) is applied to the virtual machine NIC.
The following rules have been added to the NSG inbound security rules:

  • Allow ssh(TCP/22) from any source

Recommend that change this NSG settings. (If you want to allow connections only from where you need them.)

If you want to perform a security scan on a host with an IPv6 address, you cannot deploy it from Azure Portal at this time.

How to use

Connect to and operate the deployed virtual machine. (e.g. ssh)

Security checks are performed on multiple hosts

  • Configuration for the security scan target hosts
    Add the list of hosts to be scanned for security to each file in ~/conf, with one line per host.

    • Host name : hostname_list.conf
    • IPv4 address : ipv4_list.conf
    • IPv6 address : ipv6_list.conf

    [Sample]

    • ~/conf/hostname_list.conf
      test-server01.local
      test-server02.local
      
    • ~/conf/ipv4_list.conf
      192.168.1.23
      192.168.2.48
      
    • ~/conf/ipv6_list.conf
      fe80::1:23
      fe80::2:48
      
  • Execute of the Tsunami
    Execute ~/TsunamiMulti.sh to start security checks on multiple hosts.

    $ ./TsunamiMulti.sh
    Start Scanning test-server01.local (List: /home/azureuser/conf/hostname_list.conf)
    Oct 20, 2020 4:51:16 AM com.google.tsunami.main.cli.TsunamiCli main
    INFO: Full classpath scan took 7.236 s
    Oct 20, 2020 4:51:16 AM com.google.tsunami.common.config.ConfigModule configure
    INFO: Found Tsunami config class: com.google.tsunami.plugins.detectors.credentials.ncrack.NcrackWeakCredentialDetectorConfigs
    ...
    Start Scanning 192.168.1.23 (List: /home/azureuser/conf/ipv4_list.conf)
    ...
    

    If an updated version of Tsunami has been released, update it by entering "y" in the "Do you want to update tsunami? (y/N):" question, if necessary.

  • Confirmation of scan results
    The results of the scan and a list of vulnerabilities are output to ~/YYYYmmdd-HHMMSS.log/ directory.

    • Scan result : {host}.json
    • Vulnerabilities detected : ValunerabilitySummary.json

Perform security checks on a single host

In the ~/tsunami directory, execute the following example.

$ cd ~/tsunami
$ java -cp "${JAR_FILENAME}:${WD}/plugins/*" \
    -Dtsunami-config.location=${WD}/tsunami.yaml \
    com.google.tsunami.main.cli.TsunamiCli \
    --ip-v4-target=127.0.0.1 \
    --scan-results-local-output-format=JSON \
    --scan-results-local-output-filename=/tmp/tsunami-output.json

Document of Tsunami

https://github.com/google/tsunami-security-scanner/blob/master/docs/index.md

FAQ

Deployment with PowerShell, Azure CLI, etc

Please use the following VM image.

  • publisher : pnop
  • offer : tsunami
  • sku : standard
  • version : latest

Software update

The latest version of the software at the time of registration on the Azure Marketplace is installed.

Please update it with apt command if necessary.

Supports

Support is available at a charge.

  • Supported inquiries example
    • The target solution can not be deployed.
    • Virtual machines does not work properly after deployment
  • The following are not supported

If you wish to support services, please contact below.