IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Core-Content-SSLServerAudit 1.2

From Tanium Knowledge Base
Jump to navigation Jump to search


Introduction: Core Content - SSL/TLS Server Audit

SSLServerAudit provides the tools to help audit SSL/TLS Network Services and Presented Digital Certificates

Release Notes

Release notes are at Release Notes Core Content - TLS SSL Server Audit (Version 1.2)

Download Location

This content is available on the Solution manifest of supported platforms

Usage

Overview

SSLServerAudit provides the tools to help audit SSL/TLS Network Services running on the local system. It will

  • enumerate all interfaces
  • identify all listening services
  • interrogate all listening services for SSL/TLS
  • record the Key Exchange
  • record the Cipher Suites
  • record the Certificate Exchange

All items are recorded in a local SQL DB, which is queried by a series of sensors.

Pre-Requisites

This content is written, predominantly, in Python.

  • Windows, Linux, Mac : Please deploy IC-Python targeting
    • Get Python - Tools Version from all machines
  • Solaris and AIX: Please install Python 2.7
    • Python 2.6 is typically installed, but is insufficient

Setup

  1. Temporary create a file "ports.txt" with a list of ports for SOLARIS to interrogate
    • all other OS discover the ports themselves.
  2. Import Content
  3. Upload "ports.txt" in the import window (one port number per line)
  4. Create an Action Group as a limiter for for the Scheduled Actions, if one does not exist
  5. Move the following disabled Scheduled Actions into the Action Group identified/defined above
    • Deploy SSL Server Audit Tools - Non Windows
    • Deploy SSL Server Audit Tools - Windows
    • Run SSL Server Audit - Non Windows
    • Run SSL Server Audit - Windows
  6. Inspect and configure the above Actions, and Enable when ready
  7. Setup any trends boards


Dashboard Groups

SSL Server Audit

Dashboards:

Dashboards

SSL Server Audit - Informational

Saved questions:

SSL Server Audit - Installation

Saved questions:

SSL Server Audit - Vulnerability

Saved questions:

Questions

SSL Server Audit Tools Install State

Get SSL Server Audit Tools Required matches "^((Not )?Installed|Required|Version|Unavail|Tanium).*$" from all machines

SSL Server Audit Tools Install State - Non-Windows

Get SSL Server Audit Tools Required matches "^((Not )?Installed|Required|Version|Unavail|Tanium).*$" from all machines with Is Windows equals false
Packages:

SSL Server Audit Tools Install State - Windows

Get SSL Server Audit Tools Required matches "^((Not )?Installed|Required|Version|Unavail|Tanium).*$" from all machines with Is Windows equals true
Packages:

SSL Server Certificate Details

Get SSL Server Certificate Details from all machines with SSL Server Certificate Details matches "^[0-9].*"

SSL Server Certificate Expiry

Get SSL Server Certificate Expiry from all machines with SSL Server Certificate Expiry matches "^[0-9].*"

SSL Server Certificate Extended Key Usage

Get SSL Server Certificate Extended Key Usage from all machines with SSL Server Certificate Extended Key Usage matches "^[0-9].*"

SSL Server Certificate Key Usage

Get SSL Server Certificate Key Usage from all machines with SSL Server Certificate Key Usage matches "^[0-9].*"

SSL Server Certificate Public Key Details

Get SSL Server Certificate Public Key Details from all machines with SSL Server Certificate Public Key Details matches "^[0-9].*"

SSL Server Certificate Signature Algorithm Details

Get SSL Server Certificate Signature Algorithm Details from all machines with SSL Server Certificate Signature Algorithm Details matches "^[0-9].*"

SSL Server Cipher Suite

Get SSL Server Cipher Suite matches "^(SSL [2,3].0|TLS 1.[0-2]).*$" from all machines with SSL Server Cipher Suite matches "^(SSL [2,3].0|TLS 1.[0-2]).*$"

SSL Server Key Exchange

Get SSL Server Key Exchange matches "^(SSL [2,3].0|TLS 1.[0-2]).*$" from all machines with SSL Server Key Exchange matches "^(SSL [2,3].0|TLS 1.[0-2]).*$"

SSL Server Protocols

Get SSL Server Protocols matches "^(SSL [2,3].0|TLS 1.[0-2])$" from all machines with SSL Server Protocols matches "^(SSL [2,3].0|TLS 1.[0-2])$"

SSL Server Root Certificate Authority

Get SSL Server Root Certificate Authority from all machines with SSL Server Root Certificate Authority matches "^[0-9].*"

SSL Servers Vulnerable to BEAST attack (2011)

Get SSL Server Cipher Suite matches ^TLS 1.0.* from all machines with SSL Server Cipher Suite matches ^TLS 1.0.*

SSL Servers Vulnerable to Logjam attack (May 2015)

Get SSL Server Cipher Suite matches .*TLS_DHE_.*EXPORT.* from all machines with SSL Server Cipher Suite matches .*TLS_DHE_.*EXPORT.*

SSL Servers Vulnerable to POODLE attack against SSL (October 2014)

Get SSL Server Cipher Suite matches ^SSL 3.0.* from all machines with SSL Server Cipher Suite matches ^SSL 3.0.*

SSL Servers Vulnerable to ROBOT (December 2017)

Get SSL Server Cipher Suite contains TLS_RSA from all machines with SSL Server Cipher Suite contains TLS_RSA

SSL Servers Vulnerable to TLS CRIME Attack (2012)

Get SSL Server Cipher Suite contains deflate from all machines with SSL Server Cipher Suite contains deflate

SSL Servers Vulnerable to Vulnerable to TLS DROWN attack (2016)

Get SSL Server Cipher Suite matches .*SSL 2.0.* from all machines with SSL Server Cipher Suite matches .*SSL 2.0.*

Actions

Deploy SSL Server Audit Tools - Windows


Packages:

Deploy SSL Server Audit Tools - non Windows


Packages:

Run SSL Server Audit - Windows


Packages:

Run SSL Server Audit - non Windows


Packages:

Packages

SSL Server Audit - Windows

This package contains 0 files and 0 sensors.

Properties:

Property Value
Command Line cmd /c ..\..\Tools\tantls\bin\runsslaudit.bat "$1" "$2"
Command Timeout 60

Parameters:

Name Description Type Default Value
timeout (sec) Numeric 45
log_level 0=None, 10=Debug, 20=Info, 30=Warning, 40=Error, 50=Critical Numeric 20

SSL Server Audit - non Windows

This package contains 0 files and 0 sensors.

Properties:

Property Value
Command Line /bin/sh ../../Tools/tantls/bin/runsslaudit.sh "$1" "$2"
Command Timeout 60

Parameters:

Name Description Type Default Value
timeout (sec) Numeric 45
log_level 0=None, 10=Debug, 20=Info, 30=Warning, 40=Error, 50=Critical Numeric 20

SSL Server Audit Deploy - Windows

This package contains 6 files and 0 sensors.

Properties:

Property Value
Command Line cmd /c deploytools.bat "tantls\bin" "$1" "$2" "$3"
Command Timeout 60

Parameters:

Name Description Type Default Value
Run After Deploy select this to have the SSL Audit performed Checkbox UnChecked
timeout (sec) Numeric 45
log_level 0=None, 10=Debug, 20=Info, 30=Warning, 40=Error, 50=Critical Numeric 20

Files:

Name
deploytools.bat
runsslaudit.bat
auditpackage.py
auditpackageversion.bat
files.zip
unzip.py

SSL Server Audit Deploy - non Windows

This package contains 6 files and 0 sensors.

Properties:

Property Value
Command Line /bin/sh deploytools.sh "tantls/bin" "$1" "$2" "$3"
Command Timeout 60

Parameters:

Name Description Type Default Value
Run After Deploy select this to have the SSL Audit performed Checkbox UnChecked
timeout (sec) Numeric 45
log_level 0=None, 10=Debug, 20=Info, 30=Warning, 40=Error, 50=Critical Numeric 20

Files:

Name
deploytools.sh
runsslaudit.sh
auditpackage.py
auditpackageversion.sh
files.zip
unzip.py

SSL Server Audit Drop Tables - Windows

This package contains 1 files and 0 sensors.

Properties:

Property Value
Command Line cmd /c ..\..\python27\TPython.exe dropsslserverauditdatabasetablespackage.py
Command Timeout 60


Files:

Name
dropsslserverauditdatabasetablespackage.py

SSL Server Audit Drop Tables - non Windows

This package contains 1 files and 0 sensors.

Properties:

Property Value
Command Line /bin/sh ../../python27/python dropsslserverauditdatabasetablespackage.py
Command Timeout 60


Files:

Name
dropsslserverauditdatabasetablespackage.py

SSL Server Audit Deploy Python - Solaris x86

This package contains 2 files and 0 sensors.

Properties:

Property Value
Command Line /bin/sh deploypython.sh "tantls/bin"
Command Timeout 60

Files:

Name
deploypython.sh
Python-2.7.15-solaris-10-x86.tar.gz

SSL Server Audit Deploy Python - Solaris sparc

This package contains 2 files and 0 sensors.

Properties:

Property Value
Command Line /bin/sh deploypython.sh "tantls/bin"
Command Timeout 60

Files:

Name
deploypython.sh
Python-2.7.15-solaris-10-sparc.tar.gz

SSL Server Audit Deploy Python - AIX

This package contains 2 files and 0 sensors.

Properties:

Property Value
Command Line /bin/sh deploypython.sh "tantls/bin"
Command Timeout 60

Files:

Name
deploypython.sh
Python-2.7.15-aix.tar.gz

Sensors

SSL Server Audit Tools Required

SSL Server Audit tools - can be used to target installs/updates

 Not Installed: not been deployed or pieces missing
Version Incorrect: was previously deployed, but an older version
Required: either Not Installed OR Incorrect Version
Unavailable: not available for the OS
Installed: already deployed

Supported Platforms:

Platform Query Type
Windows VBScript
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Certificate Details



Columns:

Name Description Type Hidden
port Numeric
not before Text
not after Text
subject Text
issuer Text
authorisation status Text
root authority subject name Text
root authority subject key identifier Text

Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Certificate Expiry



Columns:

Name Description Type Hidden
port Numeric
days to expiry Text


Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Certificate Extended Key Usage



Columns:

Name Description Type Hidden
port Numeric
extended key usage Text

Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Certificate Issuer



Parameters:

Name Help Type Default Value
port port Numeric 443

Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Certificate Key Usage



Columns:

Name Description Type Hidden
port Integer
key usage Text

Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Certificate Public Key Details



Columns:

Name Description Type Hidden
port Numeric
algorithm Text
size Numeric

Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Certificate Signature Algorithm Details



Columns:

Name Description Type Hidden
port Text
signature algorithm Text
hash algorithm Text

Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Certificate Subject



Parameters:

Name Help Type Default Value
port port Numeric 443

Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Cipher Suite



Columns:

Name Description Type Hidden
protocol Text
cipher suite Text
compression method Text
client certificate requested Text
port Numeric


Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Enhanced Certificate Details



Columns:

Name Description Type Hidden
port Numeric
not before Text
not after Text
public key algorithm Text
public key bit size Numeric
signature algorithm Text
signature hash algorithm Text
subject Text
issuer Text
authorisation status Text
root authority subject name Text
root authority subject key identifier Text
serial number Text
sha1 fingerprint Text

Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Key Exchange



Columns:

Name Description Type Hidden
protocol Text
cipher suite Text
key length Numeric
port Numeric


Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Protocols



Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell

SSL Server Root Certificate Authority



Columns:

Name Description Type Hidden
port Numeric
subject key identifier Text

Supported Platforms:

Platform Query Type
Windows Python
Linux Shell
Mac Shell
Solaris Shell
AIX Shell