I had this idea about private IaaS cloud environments where your cloud infrastructure administrators might not have root access to the VMs running within their datacenters but they still wanted to provide some level of security audits from the hosting side. Now, we can check for exploits running on these systems with standard tools such as nmap, nessus, metasploit and more but what about checking for malicious files on the filesystems themselves? Rootkits? Viruses? $other? Well, this is where the amazing power of libguestfs introduces itself because we can access these things in read-only mode from the level of the hypervisor (which in the case of KVM is/can be a full featured, full fledged OS as it is a hosted hypervisor) without even an account on the virtual machines.
So what can we do with this? Well, I'm sure there are an endless number of possibilities as there often are with topics of this nature but I decided to write a fun proof of concept bash script (there's some awk and coreutils in there, but I generally just lump the family of *nix utils together with "bash" script claims) that will run rkhunter against libvirt guest domains and create a report with a report ID that can be called later to view the report. Now, I'll admit this is not the most elegant implementation of a reporting mechanism because I'm essentially tagging the beginning and ending of a report entry in a text file and running awk across it to produce some basic information about the run but its a proof of concept and its functional! :)
I also wrote a man page and a nice little ncurses (dialog) UI for it, here's some screenshots for kicks:
I titled it gaudit which stands for "Guest Audit" but if someone ever decided to write a tool and wanted the name you're more than welcome to it. I don't plan to have this go anywhere beyond what its done thus far, it was just a lot of fun and I thought I'd share my exploration. Oh, and here's some code. I rolled a rpm as well, SRPM available also.. :)
Source(browse): http://maxamillion.fedorapeople.org/gaudit-0.1/
Source(tar.gz): http://maxamillion.fedorapeople.org/gaudit-0.1.tar.gz
SRPM: http://maxamillion.fedorapeople.org/gaudit-0.1-1.fc16.src.rpm
RPM(noarch): http://maxamillion.fedorapeople.org/gaudit-0.1-1.fc16.noarch.rpm
Like I said, its just a proof of concept but it was a lot of fun to hack on, I hope someone somewhere might find it interesting and maybe ignite an idea to take the general concept further to build a really cool utility! :)
Happy Hacking,
-AdamM
4 comments:
Thank you for the info. It sounds pretty user friendly. I guess I’ll pick one up for fun. thank u
Compliance Software
The Kindle Hearth High definition, meanwhile, will probably be extra restricted when it comes to everything you can actually do, as it truly is major objective should be to enable you to obtain textbooks, motion pictures and various electronic goodies from Amazon.
Dell d620 Battery
Dell d610 Battery
It can be realistic to count on nothing additional from the tablet, but when you wish to embark on any ambitious technical tinkering, then you definately may possibly desire inspiron 1300 battery to store in other places.
Acer AS07A31 Battery
Acer AS07A32 Battery
Acer AS07A41 Battery
Acer AS07A42 Battery
Acer AS07A51 Battery
Acer AS07A71 Battery
Acer AS07A75 Battery
Acer AS07B31 Battery
Acer AS07B41 Battery
Acer AS07B51 Battery
Acer AS07B61 Battery
Acer AS07B71 Battery
Acer AS09D51 Battery
Acer AS09D70 Battery
Acer AS10D31 Battery
Acer AS10D61 Battery
Acer AS10D71 Battery
Acer Aspire 5732Z Adapter
Acer Aspire 4730Z Adapter
Aspire One D255E Adapter
I am really really impressed with your writing skills as well as with the layout on your blog.
uniraj bcom 1st year result 2021-22 name wise
Post a Comment