Tenable Compliance Scanning (MySQL DB, Credit Card Data, etc)
Tenable Vulnerability Management can perform vulnerability scans of network services as well as log in to servers to discover any missing patches.
However, a lack of vulnerabilities does not mean the servers are configured correctly or are “compliant” with a particular standard.
You can use Tenable Vulnerability Management to perform vulnerability scans and compliance audits to obtain all of this data at one time. If you know how a server is configured, how it is patched, and what vulnerabilities are present, you can determine measures to mitigate risk.
When configuring a scan or policy, you can include one or more compliance checks, also known as audits. Each compliance check requires specific credentials.
Some compliance checks are preconfigured by Tenable, but you can also create and upload custom audits.
For more information on compliance checks and creating custom audits, see the Compliance Checks Reference.
Credit Card Data Scanning
- Click New Scan button.
- Click Policy Compliance Auditing template.
- Fill out Settings and Credentials for what target you want to scan.
- Click on Compliance tab.
- Filter the categories on Unix File Contents or Windows File Contents based on what your target is.
- Find the TNS File Analysis - Credit Card Number entry and click on it to add to the right pane.
- Save or Launch your scan.
Using American Express as an example... the check has the following rules in it.
- file_extension : "pdf" | "doc" | "xls" | "xlsx" | "xlsm" | "xlsb" | "xml" | "xltx" | "xltm" | "docx" | "docm" | "dotx" | "dot" | "txt"
- regex : "([^0-9-]|^)(3[47][0-9]{2}( |-|)[0-9]{6}( |-|)[0-9]{5})([^0-9-]|$)"
- expect : "American Express" | "CCAX" | "amex" | "credit" | "AMEX" | "CCN"
- max_size : "50K"
- It must be a file with the listed file_extension
- Content somewhere in the file must match the regex.
- One of the expect keywords must also exist in the file.
- All of these must exist in the first 50k bytes of the file.
I have a text file which contain the following data
CCN# 1122-3344-5566-7788
CCN 1122-3344-5566-7788
American Express 1133-2244-5566-7788
American Express 3714-4963-5398-431
American Express 371449635398431
and audit file have the following configuration
<item>
type : FILE_CONTENT_CHECK
description : "PII - Determine if a file contains a valid American Express credit card number."
file_extension : "pdf" | "doc" | "xls" | "xlsx" | "xlsm" | "xlsb" | "xml" | "xltx" | "xltm" | "docx" | "docm" | "dotx" | "dot" | "txt"
regex : "([^0-9-]|^)(3[47][0-9]{2}( |-|)[0-9]{6}( |-|)[0-9]{5})([^0-9-]|$)"
regex_replace : "/3"
expect : "American Express" | "CCAX" | "amex" | "credit" | "AMEX" | "CCN"
max_size : "50K"
only_show : "4"
</item>
<check_type:"WindowsFiles">
<item>
type : FILE_CONTENT_CHECK
description : "Text File that Contains the word Nessus"
file_extension : "txt"
expect : "Nessus"
include_paths : "D:/"
</item>
</check_type>
MySQL DB Compliance Scan
1 Create a New Scan Using Advanced Scan Template
2 Add your target(s) using fqdn or ip
3 Customize Port Scan Range if your MySQL DB is using a custom port
In this screenshot, I am using port 30334 as an example for this MySQL DB
4 Create database credential
5 Add Latest Download MYSQL Comliance Audit File
6 Save then launch scan
The CIS benchmark that was published was specified for MySQL Enterprise, and did not contain any recommendations for community versions.
The audit has 2 checks to see if it is relevant for the target you are scanning:
- MySQL 8.0 is installed - runs `show variables like 'version' ;` and looks for '"version", regex:"8/..*"'
- MySQL 8.0 Enterprise Edition is installed - runs `show variables like 'license' ;` and looks for '"license", "Commercial"'
That 2nd check is most likely blocking the audit from running on your system, assuming you do not have a licensed version.
If you would like to attempt running the audits on that target, you can do the following:
- download the audit files from https://www.tenable.com/audits/CIS_MySQL_8.0_Enterprise_Benchmark_v1.2.0_Level_1_DB and https://www.tenable.com/audits/CIS_MySQL_8.0_Enterprise_Benchmark_v1.2.0_Level_2_DB
- find the `<custom_item>` that has a "description" of "MySQL 8.0 Enterprise Edition is installed" and comment it out by placing "#" in front of all lines starting with `<custom_item>` and ending with `</custom_item>`.
- upload the audit files to your scan policy as "custom uploads"
- launch a scan with your custom audits.
Troubleshooting
Testing MySQL Port :
PS C:/Users/NETSEC> Test-NetConnection -port 30334 -Computername "dbprovider.us-east-1.clawcloudrun.com" ComputerName : dbprovider.us-east-1.claw.com RemoteAddress : 47.91.114.12 RemotePort : 30334 InterfaceAlias : Ethernet SourceAddress : 10.0.0.9 TcpTestSucceeded : True
MySQL JS > /connect [email protected] Creating a session to '[email protected]' Please provide the password for '[email protected]': **************** Save password for '[email protected]'? [Y]es/[N]o/Ne[v]er (default No): yes Fetching schema names for auto-completion... Press ^C to stop. Your MySQL connection id is 10060431 Server version: 8.0.40-azure Source distribution No default schema selected; type /use <schema> to set one. MySQL mysql-test.mysql.database.azure.com:3306 ssl JS >
Videos
共有 0 条评论