Nmap Development mailing list archives
[NSE] Auditing MySQL databases against the CIS benchmark
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 31 May 2011 07:43:01 +0200
Hi all, I've been working on a script that attempts to audit a MySQL database against parts of the CIS MySQL v1.0.2 benchmark. The engine is written as a standard NSE script that loads a file containing the tests to run against the database. The tests are small Lua functions that return a result table back to the engine which then interprets the result and creates the "report". Anyway, In case someone want's to check it out, I'm attaching both the engine and audit file. I'm interested in comments and suggestions as well as test results as I've just done limited testing against a single MySQL database. I think the NSE framework could easily be adapted to work with MS SQL as well, so depending on the enthusiasm and feedback I might get started on that to. In order to run the script do: nmap -p 3306 10.0.200.120 --script mysql-audit --script-args "mysql-audit.filename='nselib/data/mysql-cis.audit',mysql-audit.username='root',mysql-audit.password='foobar'" As usual the script goes into your script directory and the mysql-cis.audit file should go into the nselib/data directory.
Attachment:
mysql-audit.nse
Description:
Attachment:
mysql-cis.audit
Description:
//Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Auditing MySQL databases against the CIS benchmark Patrik Karlsson (May 30)
- <Possible follow-ups>
- Re: [NSE] Auditing MySQL databases against the CIS benchmark Paulino Calderon (May 30)
- Re: [NSE] Auditing MySQL databases against the CIS benchmark Patrik Karlsson (May 31)
- Re: [NSE] Auditing MySQL databases against the CIS benchmark Patrik Karlsson (May 31)
- Re: [NSE] Auditing MySQL databases against the CIS benchmark Vlatko Kosturjak (May 31)
- Re: [NSE] Auditing MySQL databases against the CIS benchmark Patrik Karlsson (Jun 01)
- Re: [NSE] Auditing MySQL databases against the CIS benchmark Patrik Karlsson (Jun 12)
- Re: [NSE] Auditing MySQL databases against the CIS benchmark Patrik Karlsson (Jun 16)