Open source software `` Scout Suite '' review that can audit cloud service security items such as AWS and GCP for free



Cloud services such as AWS, GCP, and Azure have many settings, and it may be difficult to notice security issues from the setting screen. With the free open source software ' Scout Suite ', you can use the API function of each cloud to audit the environment settings built on the cloud for security issues.

GitHub-nccgroup / ScoutSuite: Multi-Cloud Security Auditing Tool

https://github.com/nccgroup/ScoutSuite

The services that Scout Suite officially supports at the time of article creation are AWS, GCP, and Azure services. Experimental support for Alibaba Cloud and Oracle Cloud Infrastructure. This time, I will execute the audit by Scout Suite for the project on GCP.



Since the Scout Suite uses the API published by GCP to the outside, auditing is required, so a client to execute the Scout Suite is also required. This time, run Scout Suite on Ubuntu 18.04.



First, install the Python package manager '

pip ' on the client.

[code] sudo apt install python3 python3-pip [/ code]



Then download the Scout Suite from GitHub and move it to the 'Scout Suite' directory.

[code] git clone https://github.com/nccgroup/ScoutSuite.git && cd ScoutSuite [/ code]



Run the following command to install the packages required to run Scout Suite.

[code] pip3 install -r requirements.txt [/ code]



To use the GCP API, access the GCP page to create a service account key, select the service account, and click 'Create'.



A file with the key will be output, so click 'Save File'.



The PC sets the path of the key file saved earlier in the environment variable 'GOOGLE_APPLICATION_CREDENTIALS'. Now you're ready to run Scout Suite against GCP.

[code] export GOOGLE_APPLICATION_CREDENTIALS = '/ home / [username] / Downloads / [filename] .json [/ code]

'

Immediately, execute the following command in the 'Scout Suite' directory to execute Scout Suite.

[code] python3 scout.py gcp --user-account [/ code]



When executed, a report file was output in the 'scoutsuite-report' directory.



You can check the contents of the report by displaying the HTML in the directory with a browser. 'Service' is the name of the service in the cloud, 'Resources' is the number of detected configuration items, 'Rules' is the number of audit items, 'Findings' is the number of configuration items in which a problem was found, and 'Checks' is the checked configuration. Represents the number of elements in.



Features for which an audit detected a problem have a yellow or red flag on the left. When I click 'Compute Engine', which has been pointed out by the yellow flag, ...



The problematic items are listed.



Click the “+” button on the right to check the details of each item.



When I checked the indication of 'Instance without deletion protection (instance deletion protection function is disabled)' as a trial, the indication that it should be enabled when using

VM as a product was displayed.



As pointed out, if you enable 'Protect from deletion' from the VM settings screen of GCP and run the Scout Suite audit again ...



The 'Instance without deletion protection' item changed to a green flag and the warning disappeared. With Scout Suite, you can perform auditing on the cloud you operate and improve problematic items like this.



You can also check the cloud settings by selecting the function you want to check from the tab at the top.



For example, the firewall settings are displayed as follows. This time, we audited the project where only the computing function is operating, but you can also audit the database and cloud storage.

in Review,   Software, Posted by darkhorse_log