Open source software “ Scout Suite '' review that can audit cloud service security items such as AWS and GCP for free
Cloud services such as AWS, GCP, and Azure have many settings, and it may be difficult to notice security issues from the setting screen. Free open source softwareScout Suite", You can use the API function of each cloud to audit the environment settings built on the cloud for security issues.
GitHub-nccgroup / ScoutSuite: Multi-Cloud Security Auditing Tool
The services that Scout Suite officially supports at the time of article creation are AWS, GCP, and Azure services. Experimental support for Alibaba Cloud and Oracle Cloud Infrastructure. This time, I will execute the audit by Scout Suite for the project on GCP.
Since the Scout Suite uses the API published by GCP to the outside, auditing is required, so a client to execute the Scout Suite is also required. This time, run Scout Suite on Ubuntu 18.04.
First, the Python package manager "pipIs installed on the client.
sudo apt install python3 python3-pip
Then download the Scout Suite from GitHub and move it to the "Scout Suite" directory.
git clone https://github.com/nccgroup/ScoutSuite.git && cd ScoutSuite
Run the following command to install the packages required to run Scout Suite.
pip3 install -r requirements.txt
Create a service account key to use the GCP APIGCP pageGo to, select the service account and click Create.
A file with the key will be output, so click "Save File".
The PC sets the path of the key file saved earlier in the environment variable "GOOGLE_APPLICATION_CREDENTIALS". Now you're ready to run Scout Suite against GCP.
Immediately, execute the following command in the "Scout Suite" directory to execute Scout Suite.
python3 scout.py gcp --user-account
When executed, a report file was output in the "scoutsuite-report" directory.
You can check the contents of the report by displaying the HTML in the directory with a browser. "Service" is the service name in the cloud, "Resources" is the number of detected configuration items, "Rules" is the number of audit items, "Findings" is the number of configuration items in which a problem was found, and "Checks" is the configuration that was checked Represents the number of elements in.
Features for which an audit detected a problem have a yellow or red flag on the left. When I click "Compute Engine", which has been pointed out by the yellow flag, …
The problematic items are listed.
Click the “+” button on the right to check the details of each item.
If you confirm the content of "Instance without deletion protection (instance deletion protection function is disabled)" as a trial, as a productVMIt was pointed out that it should be enabled when using.
As pointed out, if you enable "Protect from deletion" from the VM settings screen of GCP and run the Scout Suite audit again …
The "Instance without deletion protection" item changed to a green flag and the warning disappeared. With Scout Suite, you can perform auditing on the cloud you operate and improve problematic items like this.
You can also check the cloud settings by selecting the function you want to check from the tab at the top.
For example, the firewall settings are displayed as follows. This time, we audited the project where only the computing function is operating, but you can also audit the database and cloud storage.