DEV Community: Abayomi Ayoola

What is Vulnerability Assessment?

Abayomi Ayoola — Mon, 07 Mar 2022 20:24:07 +0000

A vulnerability assessment is a systematic/periodic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.

It can also be defined as the process defining, identifying, classifying, and prioritizing security weaknesses/vulnerabilities in systems which includes servers, applications and network infrastructures.

It evaluates the exposure of the system to known vulnerabilities and assigns severity levels to those vulnerabilities and recommends remediation or mitigation if and whenever needed.

This can be compared to the periodic health check we as individuals carry out to ascertain the state of the various organs and systems within our body. For instance, a cancerous cell detected in its early stage can easily be dealt with compared to when a stage four cancer cell is detected. The whole essence of health checks.

The main goal of vulnerability assessment is to provide the necessary knowledge, awareness and risk background to an organization to take appropriate actions against threats to its IT enviroment.

Vulnerability assessments can help detect but not limited to the following types of threats:

Escalation of privileges due to faulty authentication mechanisms.
SQL injection, XSS and other code injection attacks.
Insecure defaults – software that ships with insecure settings, such as a guessable admin passwords.

Types of Vulnerability Assessment

Beyond types, vulnerability tools can be categorized under the same heading.

Host assessment – The assessment of critical servers, routers, endpoints which may be vulnerable to attacks if not adequately tested or not generated from a tested machine image.
Network and wireless assessment – The assessment of policies and practices to prevent unauthorized access to private or public networks and network-accessible resources.
Database assessment – The assessment of databases or big data can identify weak points in a database to prevent malicious attacks. We look for vulnerabilities and misconfigurations, identifying rogue databases or insecure dev/test environments.
Application scans – The identifying of security vulnerabilities in web applications and their source code by automated scans on the front-end or static/dynamic analysis of source code.

The Vulnerability Assessment Process

The following are the four steps in carrying out vulnerability assessments:

Vulnerability Identification (Testing) The essence of this step is to make a comprehensive draft of an application’s/environment vulnerabilities/weakness as well as relating vulnerabilities to their threats. Security analysts test the security health of applications, servers or other systems by scanning them with automated tools, or testing and evaluating them manually. Analysts also rely on vulnerability databases, vendor vulnerability announcements, asset management systems and threat intelligence feeds to identify security weaknesses. A vulnerability could be as simple as an unpatched Windows server.
Vulnerability Analysis The objective here is to identify the source and root cause of the vulnerabilities identified in step one. It involves the identification of system components responsible for each vulnerability, and the root cause of the vulnerability. For example, the root cause of a vulnerability could be an old version of an old version of an application running on a server. This provides a clear path for remediation – upgrading the application to a newer version.
Risk assessment This step involves the prioritizing of vulnerabilities. It involves security analysts assigning a rank or severity score to each vulnerability, based on such factors as:

a. Which systems are affected.
b. What data is at risk.
c. Which business functions are at risk.
d. Ease of attack or compromise.
e. Severity of an attack.
f. Potential damage as a result of the vulnerability.

For better understanding, vulnerability found on an organization's web server would definitely have a higher severity score than the one found on an old printer not connected to the organizations network.

Remediation This is where the closing of security gaps takes place. It’s typically a joint effort by security staff, development and operations teams, who determine the most effective path for remediation or mitigation of each vulnerability.

Specific remediation steps might include:

a. Introduction of new security procedures, measures or
tools.
b. The updating of operational or configuration changes.
c. Development and implementation of a vulnerability patch.

Vulnerability assessment cannot be a one-off activity. For it to be effective, organizations must operationalize this process and repeat it at regular intervals. It is also critical to foster cooperation between security, operation and development teams – a process known as DevSecOps.

Vulnerability Assessment Vs Penetration Testing

In the world of information security, these two are almost the same as they are meant to mitigate, prevent or reduce risk.

Unlike penetration testing, vulnerability assessment is passive, non-aggressive scanning as it does not inject malicious software into the network or system or try to bring down a server or application. On the other hand, penetration testing is active and meant to do harm or compromise a system by gaining unathorised access to an internal system. The objective of penetration testing is to test if the organization's security control can be bypassed in order to take security measures before an external party start taking advantage of the loophole.

The Vulnerability Assessment Tools

As earlier stated, vulnerability assessment tools can be categorized based on types of vulnerabilities. They are designed to automatically scan for new and existing threats that can target your application or systems. A few of the popular ones are
Nessus
Nmap
InsightVM/Nexpose
OpenVAS
Nikto2

Customizing your macOS Terminal

Abayomi Ayoola — Mon, 15 Nov 2021 16:59:10 +0000

As a developer or DevOp, you're likely to spend a lot of time in the Terminal, and you've probably already customized its appearance to suit you, but what about the prompt name?

The text that appears before the $ sign is the Terminal prompt name. This, by default is set to.

HOST_NAME:USER_NAME CURRENT_DIRECTORY $

This can take up a lot of valuable real-estate on each line of the Terminal, depending on what you've named your computer. To change the default prompt, you'll need to make a change to your .bash_profile file.

Open up a new Terminal window and type the following command to ensure we're in the home directory

cd ~/

Type ls -la to show the contents of your Home directory and check if a .bash_profile exists.

If it does not exists, go ahead and create one with the command

touch .bash_profile

Changing your Terminal prompt

Edit '.bash_profile' with your default or favourite text editor, in my case it's Vim, with the following command

vi .bash_profile

press i (insert) and enter the following line

export PS1="\u$ "

and save by tapping esc key and type in :wq,(FYI: this is specific to the Vim editor). The \u flag sets the prompt to your username (in my case, Abayomi). Remember to keep a space after the $ symbol to make things easier to read in practice.

Quit Terminal and relaunch to see your new prompt in action.

A little extra

A little extra customization, my line looks like the following

export PS1="\u ~ >> "

and I ended uo with the following prompt

More Options for customising the prompt

The following are a few common flags you can use to customize your Terminal prompt:

\d – Current date
\t – Current time
\h – Host name
# – Command number
\u – User name

Going further

There are several options for customising your Terminal prompt including custom strings, timestamps colours and even emoji

Building a Linux Monitoring Infrastructure II

Abayomi Ayoola — Thu, 24 Sep 2020 09:28:04 +0000

Continued from Building a Monitoring Infrastructure I

Install binaries, init script, sample config files and set permissions on the external command directory.

root@Nagios:~/Downloads/nagios-3.0.5#make install
root@Nagios:~/Downloads/nagios-3.0.5#make install-init
root@Nagios:~/Downloads/nagios-3.0.5#make install-config
root@Nagios:~/Downloads/nagios-3.0.5#make install-commandmode

Customize Configuration Edit the /usr/local/nagios/etc/objects/contacts.cfg config file with your favorite editor and change the email address associated with the nagiosadmin contact definition to the address you’d like to use for receiving alerts.

root@Nagios:~#emacs /usr/local/nagios/etc/objects/contacts.cfg

By the way, emacs is like notepad in Windows and there are other ones that you can use instead. It depends on your expertise on using them. Other such applications include vim, nano, joe, pico etc

Configure the Web Interface Install the Nagios web config file in the Apache conf.d directory. root@Nagios:~/Downloads/nagios-3.0.5# make install-webconf

Create a nagiosadmin account for logging into the Nagios web interface.
root@Nagios:~/Downloads/nagios-3.0.5#make htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Restart Apache to make the new settings take effect.
root@Nagios:~/Downloads/nagios-3.0.5# /etc/init.d/apache2 reload

Compile and Install the Nagios Plugins Extract the Nagios plugins source code tarball. root@Nagios:~#cd Downloads root@Nagios:~#tar xzf nagios-plugins-1.4.11.tar.gz root@Nagios:~#cd nagios-plugins-1.4.11

Compile and install the plugins.
root@Nagios:~/Downloads/nagios-plugins-1.4.11#./configure —with-nagios-user=nagios —with-nagios-group=nagios
root@Nagios:~/Downloads/nagios-plugins-1.4.11#make
root@Nagios:~/Downloads/nagios-plugins-1.4.11#make install

Start Nagios Configure Nagios to automatically start when the system boots. root@Nagios:~/Downloads# ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios

Verify the sample Nagios configuration files.
root@Nagios:~# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios.
root@Nagios:~#/etc/init.d/nagios start

Login to the Web Interface You should now be able to access the Nagios web interface at the URL below. http://localhost/nagios/

NOTIFICATIONS
If you want to receive email notifications for Nagios alerts, you need to install the mailx (Postfix) package.

Any other Mail Transfer Agent (MTA) can be used to send email notifications. Postfix was used here because it’s much more easier to configure for use.

aayoola@Nagios:~$ sudo apt-get install mailx

You’ll have to edit the Nagios email notification commands found in /usr/local/nagios/etc/objects/commands.cfg and change any ‘/bin/mail’ references to ‘/usr/bin/mailx’. Once you do that you’ll need to restart Nagios to make the configuration changes live.

aayoola@Nagios:~$ sudo /etc/init.d/nagios restart

INSTALL & CONFIGURE POSTFIX

To install postfix, run the following command:
aayoola@Nagios:~$ sudo apt-get install postfix

To configure postfix, run the following command:
aayoola@Nagios:~$ sudo dpkg-reconfigure postfix

The file /etc/postfix/main.cf should look like this

myhostname = Nagios.Linuxlab.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = Nagios.Linuxlab.com, localhost.Linuxlab.com, localhost
relayhost = miranda.dc.turkuamk.fi
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4

The relay host was what I changed as the host miranda.dc.turkuamk.fi is a relay server within a known network and so you might want to set up one for yourself in order that notification gets into your inbox.

Now the postfix initial configuration is complete. Run the following command to start postfix daemon:

aayoola@Nagios:~$ sudo /etc/init.d/postfix start

Object Configuration Overview
Objects are all the elements that are involved in the monitoring and notification logic and can be found in /usr/local/nagios/etc/objects.

Types of objects include:
Services
Service Groups
Hosts
Host Groups
Contacts
Contact Groups
Commands
Time Periods
Notification Escalations
Notification and Execution Dependencies

Main Configuration File
At installation a sample main configuration file /usr/local/nagios/etc/nagios.cfg is installed. The main configuration file is usually named nagios.cfg and located in the /usr/local/nagios/etc/ directory.

Building a Linux Monitoring Infrastructure I

Abayomi Ayoola — Wed, 23 Sep 2020 12:40:05 +0000

This post describes the installation and configuration of a systems monitoring infrastructure on Nagios, an open source network monitoring application. This is the first in two series. Enjoy!

Nagios is an open source infrastructure system and enterprise network monitoring application. It monitors hosts and services, alerting users when things go wrong and again when they get better. It was originally created under the name Netsaint, was written and is currently maintained by Ethan Galstad, along with a group of developers actively maintaining both official and unofficial plugins.

It was originally designed to run under Linux, but also runs well on other Unix variants and nowadays on Windows Operating Systems. It is a free software licensed under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.

FUNCTIONS
Some of the functions performed by Nagios include

Monitoring of network services (SMTP, POP3, HTTP, SSH)
Monitoring of host resources (processesor load, disk usage, system logs) on a majority of Network Operating System, including Microsoft Windows with the NRPE_NT plugins.
Remote monitoring supported through SSH or SSL encrypted tunnels.
Simple plugin design that allows users to easily develop their own service checks depending on needs, by using the tools of choice (Bash, C++, Perl, Ruby, Python, PHP, C#, etc.)
Contact notifications when service or host problems occur and get resolved (via e-mail, pager, SMS, or any user-defined method through plugin system)
Automatic log file rotation
Support for implementing redundant monitoring hosts
Optional web-interface for viewing current network status, notifications, problem history, log files, etc

INSTALLATION

This particular deployment was carried out on Ubuntu Server 8.04. By default, Nagios would be installed underneath /usr/local/nagios and would be configured to monitor a few aspects of our local system (CPU load, disk usage, etc.). The Nagios web interface would be accessible at http://localhost/nagios/

Package Requirements
For the proper functioning of our installation, the following software packages are require:

Apache 2
GCC compiler and development libraries
GD development libraries

And in order to install them, just issue the following commands
aayoola@Nagios:~$ sudo apt-get install apache2
aayoola@Nagios:~$ sudo apt-get install build-essential
aayoola@Nagios:~$ sudo apt-get install libgd2-xpm-dev

For starters, I would like to explain the above. aayoola is the username on the server, which you would have given during or after the OS installation.

Create Account Information
Become the root user.
aayoola@Nagios:~$ sudo -s
Create a new nagios user account and give it a password.
root@Nagios:~#/usr/sbin/useradd -m nagios passwd nagios

On Ubuntu server edition (6.01 and possible newer versions), you will need to also add a nagios group. You should be able to skip this step on desktop editions of Ubuntu.
root@Nagios:~#/usr/sbin/groupadd nagios
root@Nagios:~#/usr/sbin/usermod -G nagios nagios

Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.
root@Nagios:~# /usr/sbin/groupadd nagcmd
root@Nagios:~# /usr/sbin/usermod -a -G nagcmd nagios
root@Nagios:~#/usr/sbin/usermod -a -G nagcmd www-data

Download Nagios and the Plugins Create a directory for storing the downloads. root@Nagios:~#mkdir downloads

Enter the created folder
root@Nagios:~#cd downloads

Download Nagios as follow
root@Nagios:~/Downloads#wget http://osdn.dl.sourceforge.net/sourceforge/nagios/nagios-3.0.5.tar.gz

root@Nagios:~/Downloads# wget http://osdn.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz

Be sure to confirm the links are still valid.

Compile and Install Nagios Extract the Nagios source code tarball root@Nagios:~/Downloads# tar xzf nagios-3.0.5.tar.gz cd nagios-3.0.5

Enter Nagios folder
root@Nagios:~/Downloads# cd nagios-3.0.5

Run the Nagios configure script, parsing the name of the group you created earlier like this:
root@Nagios:~/Downloads/nagios-3.0.5# ./configure —with-command-group=nagcmd

Compile the Nagios source code.

root@Nagios:~/Downloads/nagios-3.0.5# make all

You can find the second part here