クラウド時代のパートナー 株式会社 pnop

Azure Marketplace "Tsunami - security scanner" Users manual

Introduction

This is the simplified manual for "[Tsunami - security scanner]" from Azure Marketplace.

What's Tsunami - security scanner

"Tsunami - security scanner" is intended to run Tsunami provided by Google on a single server and perform a security scan.

Main feature of Tsunami - security scanner

  • Installed Tsunami
  • Script installed that can be executed collectively for multiple hosts
  • Ubuntu 20.04 LTS
  • Provided as Azure virtual machine image.

System requirements

  • Virtual machine can connect through TCP/22(SSH).

How to build

Access to "[Create Tsunami - security scanner]" and Create.

Network Security Group (NSG) is applied to the NIC on the Azure virtual machines.

The following rules have been added to the NSG inbound security rules:

  • Allow SSH(TCP/22) from any connection source

You should change this NSG settings to only allow connections from where you need it.

If you have created a Public IP address, you permit these connections from all over the Internet by default.

If you want to perform a security scan on a host with an IPv6 address, you can't deploy from the Azure portal at this time.

You need to deploy the VM image shown below directly using ARM Tempate, Azure CLI, etc.

  • offer : tsunami
  • publisher : pnop
  • sku : xxxx
  • version : latest

Reference page : What is IPv6 for Azure Virtual Network?

How to use

Please connect and operate with SSH.

* "How to use Tsunami" is not included in this document.

Script path: ~/TsunamiMulti.sh
Taunami main program path: ~/tsunami

Add the target host for which you want to perform a security scan to each file under ~/conf in advance.

  • hostname_list.conf
    Name Resolvable host name described with 1 host name per line
  • ipv4_list.conf
    Describe IPv4 format address with 1 address per line
  • ipv6_list.conf
    Describe IPv6 format address with 1 address per line

You can run Tsunami on multiple hosts by running ~/TsunamiMulti.sh

First, compare the installed version of Tsunami with the latest version published on GitHub. If necessary, you can update to the latest version of Tsunami by entering "y" in the "Do you want to update tsunami? (y/N):" question.

[for example]

$ ./TsunamiMulti.sh
Installed Tsunami version: 0.0.2-SNAPSHOT
Current Tsunami version: 0.0.2-SNAPSHOT
Do you want to update tsunami? (y/N):

The detailed result file (json) after executing the security scan is created in the "(Execution date).log" directory under ~/ , and is created for each host described in the .conf file under that directory.

When ~/TsunamiMulti.sh is executed, a summary of security scan results is also displayed.

Otherwise

Update for softwares

For the software version of Ubuntu and Tsunami, the latest version at the time of registration in Marketplace has already been applied.

Please update Ubuntu and software as necessary.

FAQ

  • I want to start Tsunami provided by Google directly

    Execute the following command example under the ~/tsunami directory as a reference.

    $ cd ~/tsunami
    $ java -cp "${JAR_FILENAME}:${WD}/plugins/*" \
        -Dtsunami-config.location=${WD}/tsunami.yaml \
        com.google.tsunami.main.cli.TsunamiCli \
        --ip-v4-target=127.0.0.1 \
        --scan-results-local-output-format=JSON \
        --scan-results-local-output-filename=/tmp/tsunami-output.json
    

Supports

Support is available at a charge.

  • Supported inquiries example
    • The target solution can not be deployed.
    • Virtual machines does not work properly after deployment
  • The following are not supported

If you wish to support, please contact below.