Core-Content-SSLServerAudit 1.2
Introduction: Core Content - SSL/TLS Server Audit
SSLServerAudit provides the tools to help audit SSL/TLS Network Services and Presented Digital Certificates
Release Notes
Release notes are at Release Notes Core Content - TLS SSL Server Audit (Version 1.2)
Download Location
This content is available on the Solution manifest of supported platforms
Usage
Overview
SSLServerAudit provides the tools to help audit SSL/TLS Network Services running on the local system. It will
- enumerate all interfaces
- identify all listening services
- interrogate all listening services for SSL/TLS
- record the Key Exchange
- record the Cipher Suites
- record the Certificate Exchange
All items are recorded in a local SQL DB, which is queried by a series of sensors.
Pre-Requisites
This content is written, predominantly, in Python.
- Windows, Linux, Mac : Please deploy IC-Python targeting
Get Python - Tools Version from all machines
- Solaris and AIX: Please install Python 2.7
- Python 2.6 is typically installed, but is insufficient
Setup
- Temporary create a file "ports.txt" with a list of ports for SOLARIS to interrogate
- all other OS discover the ports themselves.
- Import Content
- Upload "ports.txt" in the import window (one port number per line)
- Create an Action Group as a limiter for for the Scheduled Actions, if one does not exist
- Move the following disabled Scheduled Actions into the Action Group identified/defined above
- Deploy SSL Server Audit Tools - Non Windows
- Deploy SSL Server Audit Tools - Windows
- Run SSL Server Audit - Non Windows
- Run SSL Server Audit - Windows
- Inspect and configure the above Actions, and Enable when ready
- Setup any trends boards
- Trends Importable File Download
Dashboard Groups
SSL Server Audit
Dashboards:
Dashboards
SSL Server Audit - Informational
Saved questions:
- SSL Server Certificate Details
- SSL Server Certificate Expiry
- SSL Server Certificate Public Key Details
- SSL Server Certificate Signature Algorithm Details
- SSL Server Cipher Suite
- SSL Server Key Exchange
- SSL Server Protocols
- SSL Server Root Certificate Authority
- SSL Server Certificate Key Usage
- SSL Server Certificate Extended Key Usage
SSL Server Audit - Installation
Saved questions:
- SSL Server Audit Tools Install State
- SSL Server Audit Tools Install State - Non-Windows
- SSL Server Audit Tools Install State - Windows
SSL Server Audit - Vulnerability
Saved questions:
- SSL Servers Vulnerable to BEAST attack (2011)
- SSL Servers Vulnerable to Logjam attack (May 2015)
- SSL Servers Vulnerable to POODLE attack against SSL (October 2014)
- SSL Servers Vulnerable to ROBOT (December 2017)
- SSL Servers Vulnerable to TLS CRIME Attack (2012)
- SSL Servers Vulnerable to Vulnerable to TLS DROWN attack (2016)
Questions
SSL Server Audit Tools Install State
Get SSL Server Audit Tools Required matches "^((Not )?Installed|Required|Version|Unavail|Tanium).*$" from all machines
SSL Server Audit Tools Install State - Non-Windows
Get SSL Server Audit Tools Required matches "^((Not )?Installed|Required|Version|Unavail|Tanium).*$" from all machines with Is Windows equals false
Packages:
SSL Server Audit Tools Install State - Windows
Get SSL Server Audit Tools Required matches "^((Not )?Installed|Required|Version|Unavail|Tanium).*$" from all machines with Is Windows equals true
Packages:
SSL Server Certificate Details
Get SSL Server Certificate Details from all machines with SSL Server Certificate Details matches "^[0-9].*"
SSL Server Certificate Expiry
Get SSL Server Certificate Expiry from all machines with SSL Server Certificate Expiry matches "^[0-9].*"
SSL Server Certificate Extended Key Usage
Get SSL Server Certificate Extended Key Usage from all machines with SSL Server Certificate Extended Key Usage matches "^[0-9].*"
SSL Server Certificate Key Usage
Get SSL Server Certificate Key Usage from all machines with SSL Server Certificate Key Usage matches "^[0-9].*"
SSL Server Certificate Public Key Details
Get SSL Server Certificate Public Key Details from all machines with SSL Server Certificate Public Key Details matches "^[0-9].*"
SSL Server Certificate Signature Algorithm Details
Get SSL Server Certificate Signature Algorithm Details from all machines with SSL Server Certificate Signature Algorithm Details matches "^[0-9].*"
SSL Server Cipher Suite
Get SSL Server Cipher Suite matches "^(SSL [2,3].0|TLS 1.[0-2]).*$" from all machines with SSL Server Cipher Suite matches "^(SSL [2,3].0|TLS 1.[0-2]).*$"
SSL Server Key Exchange
Get SSL Server Key Exchange matches "^(SSL [2,3].0|TLS 1.[0-2]).*$" from all machines with SSL Server Key Exchange matches "^(SSL [2,3].0|TLS 1.[0-2]).*$"
SSL Server Protocols
Get SSL Server Protocols matches "^(SSL [2,3].0|TLS 1.[0-2])$" from all machines with SSL Server Protocols matches "^(SSL [2,3].0|TLS 1.[0-2])$"
SSL Server Root Certificate Authority
Get SSL Server Root Certificate Authority from all machines with SSL Server Root Certificate Authority matches "^[0-9].*"
SSL Servers Vulnerable to BEAST attack (2011)
Get SSL Server Cipher Suite matches ^TLS 1.0.* from all machines with SSL Server Cipher Suite matches ^TLS 1.0.*
SSL Servers Vulnerable to Logjam attack (May 2015)
Get SSL Server Cipher Suite matches .*TLS_DHE_.*EXPORT.* from all machines with SSL Server Cipher Suite matches .*TLS_DHE_.*EXPORT.*
SSL Servers Vulnerable to POODLE attack against SSL (October 2014)
Get SSL Server Cipher Suite matches ^SSL 3.0.* from all machines with SSL Server Cipher Suite matches ^SSL 3.0.*
SSL Servers Vulnerable to ROBOT (December 2017)
Get SSL Server Cipher Suite contains TLS_RSA from all machines with SSL Server Cipher Suite contains TLS_RSA
SSL Servers Vulnerable to TLS CRIME Attack (2012)
Get SSL Server Cipher Suite contains deflate from all machines with SSL Server Cipher Suite contains deflate
SSL Servers Vulnerable to Vulnerable to TLS DROWN attack (2016)
Get SSL Server Cipher Suite matches .*SSL 2.0.* from all machines with SSL Server Cipher Suite matches .*SSL 2.0.*
Actions
Deploy SSL Server Audit Tools - Windows
Packages:
Deploy SSL Server Audit Tools - non Windows
Packages:
Run SSL Server Audit - Windows
Packages:
Run SSL Server Audit - non Windows
Packages:
Packages
SSL Server Audit - Windows
This package contains 0 files and 0 sensors.
Properties:
Property Value Command Line cmd /c ..\..\Tools\tantls\bin\runsslaudit.bat "$1" "$2" Command Timeout 60
Parameters:
Name Description Type Default Value timeout (sec) Numeric 45 log_level 0=None, 10=Debug, 20=Info, 30=Warning, 40=Error, 50=Critical Numeric 20
SSL Server Audit - non Windows
This package contains 0 files and 0 sensors.
Properties:
Property Value Command Line /bin/sh ../../Tools/tantls/bin/runsslaudit.sh "$1" "$2" Command Timeout 60
Parameters:
Name Description Type Default Value timeout (sec) Numeric 45 log_level 0=None, 10=Debug, 20=Info, 30=Warning, 40=Error, 50=Critical Numeric 20
SSL Server Audit Deploy - Windows
This package contains 6 files and 0 sensors.
Properties:
Property Value Command Line cmd /c deploytools.bat "tantls\bin" "$1" "$2" "$3" Command Timeout 60
Parameters:
Name Description Type Default Value Run After Deploy select this to have the SSL Audit performed Checkbox UnChecked timeout (sec) Numeric 45 log_level 0=None, 10=Debug, 20=Info, 30=Warning, 40=Error, 50=Critical Numeric 20
Files:
Name deploytools.bat runsslaudit.bat auditpackage.py auditpackageversion.bat files.zip unzip.py
SSL Server Audit Deploy - non Windows
This package contains 6 files and 0 sensors.
Properties:
Property Value Command Line /bin/sh deploytools.sh "tantls/bin" "$1" "$2" "$3" Command Timeout 60
Parameters:
Name Description Type Default Value Run After Deploy select this to have the SSL Audit performed Checkbox UnChecked timeout (sec) Numeric 45 log_level 0=None, 10=Debug, 20=Info, 30=Warning, 40=Error, 50=Critical Numeric 20
Files:
Name deploytools.sh runsslaudit.sh auditpackage.py auditpackageversion.sh files.zip unzip.py
SSL Server Audit Drop Tables - Windows
This package contains 1 files and 0 sensors.
Properties:
Property Value Command Line cmd /c ..\..\python27\TPython.exe dropsslserverauditdatabasetablespackage.py Command Timeout 60
Files:
Name dropsslserverauditdatabasetablespackage.py
SSL Server Audit Drop Tables - non Windows
This package contains 1 files and 0 sensors.
Properties:
Property Value Command Line /bin/sh ../../python27/python dropsslserverauditdatabasetablespackage.py Command Timeout 60
Files:
Name dropsslserverauditdatabasetablespackage.py
SSL Server Audit Deploy Python - Solaris x86
This package contains 2 files and 0 sensors.
Properties:
Property Value Command Line /bin/sh deploypython.sh "tantls/bin" Command Timeout 60
Files:
Name deploypython.sh Python-2.7.15-solaris-10-x86.tar.gz
SSL Server Audit Deploy Python - Solaris sparc
This package contains 2 files and 0 sensors.
Properties:
Property Value Command Line /bin/sh deploypython.sh "tantls/bin" Command Timeout 60
Files:
Name deploypython.sh Python-2.7.15-solaris-10-sparc.tar.gz
SSL Server Audit Deploy Python - AIX
This package contains 2 files and 0 sensors.
Properties:
Property Value Command Line /bin/sh deploypython.sh "tantls/bin" Command Timeout 60
Files:
Name deploypython.sh Python-2.7.15-aix.tar.gz
Sensors
SSL Server Audit Tools Required
SSL Server Audit tools - can be used to target installs/updates
Not Installed: not been deployed or pieces missing
Version Incorrect: was previously deployed, but an older version
Required: either Not Installed OR Incorrect Version
Unavailable: not available for the OS
Installed: already deployed
Supported Platforms:
Platform Query Type Windows VBScript Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Certificate Details
Columns:
Name Description Type Hidden port Numeric not before Text not after Text subject Text issuer Text authorisation status Text root authority subject name Text root authority subject key identifier Text
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Certificate Expiry
Columns:
Name Description Type Hidden port Numeric days to expiry Text
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Certificate Extended Key Usage
Columns:
Name Description Type Hidden port Numeric extended key usage Text
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Certificate Issuer
Parameters:
Name Help Type Default Value port port Numeric 443
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Certificate Key Usage
Columns:
Name Description Type Hidden port Integer key usage Text
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Certificate Public Key Details
Columns:
Name Description Type Hidden port Numeric algorithm Text size Numeric
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Certificate Signature Algorithm Details
Columns:
Name Description Type Hidden port Text signature algorithm Text hash algorithm Text
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Certificate Subject
Parameters:
Name Help Type Default Value port port Numeric 443
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Cipher Suite
Columns:
Name Description Type Hidden protocol Text cipher suite Text compression method Text client certificate requested Text port Numeric
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Enhanced Certificate Details
Columns:
Name Description Type Hidden port Numeric not before Text not after Text public key algorithm Text public key bit size Numeric signature algorithm Text signature hash algorithm Text subject Text issuer Text authorisation status Text root authority subject name Text root authority subject key identifier Text serial number Text sha1 fingerprint Text
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Key Exchange
Columns:
Name Description Type Hidden protocol Text cipher suite Text key length Numeric port Numeric
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Protocols
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell
SSL Server Root Certificate Authority
Columns:
Name Description Type Hidden port Numeric subject key identifier Text
Supported Platforms:
Platform Query Type Windows Python Linux Shell Mac Shell Solaris Shell AIX Shell