KloudDB_Shield

How to run this tool on my server ?

!! IMPORTANT !! Please refer to https://klouddb.gitbook.io/klouddb_shield for detailed documentation

Currently we check for 94 controls - 40 controls(Postgres) 46 controls(MySQL) and 8 controls(RDS) and we plan to add more checks soon. We tested this tool on CentOS and Ubuntu ( PG 14 and PG13)

NOTE - For some linux commands you might need root/sudo access

You can directly download the package from releases section of repo and install the package (for example - rpm for centos and deb package for Ubuntu etc..) . You also need to edit config file after installing the package(see above mentioned blog post for detailed walkthrough)

# Centos
$ rpm -i <ciscollector file>.rpm

# Debian
$ dpkg -i <ciscollector file>.deb

Usage of ciscollector:
  -r    Run
  -version
        Print version
$ ciscollector -r
Section 1  - Operating system          - 1/6  - 16.67%
Section 2  - Installation and Planning - 4/10 - 40.00%
Section 3  - File Permissions          - 2/9  - 22.22%
Section 4  - General                   - 5/7  - 71.43%
Section 6  - Auditing and Logging      - 2/3  - 66.67%
Section 7  - Authentication            - 4/6  - 66.67%
Section 8  - Network                   - 0/2  - 0.00%
Section 9  - Replication               - 0/2  - 0.00%
Overall Score - 18/45 - 40.00%
secreport.json file generated

How to run locally(without installing a package) ?

Install and run locally the server

$ go build -o ./ciscollector ./cmd/ciscollector
# Edit kshieldconfig.toml at path /etc/klouddbshield/kshieldconfig.toml 
$ ./ciscollector -r

RDS Checks

Make sure you have properly configured your AWS-CLI with a valid Access Key and Region or declare AWS variables properly. NOTE - You need to run this tool from bastion host or from some place where you have access to your RDS instances(It only needs basic aws rds describe priivs and sns read privs )

export AWS_ACCESS_KEY_ID="ASXXXXXXX"
export AWS_SECRET_ACCESS_KEY="XXXXXXXXX"
export AWS_SESSION_TOKEN="XXXXXXXXX"
export AWS_REGION="XXXXXXXXX"

Sample config file

Below is sample file - If you are checking for postgres comment out the mysql section or if you are only checking mysql part , comment out the postgres part. Location of the config file is /etc/klouddbshield

NOTE - In old version you will have label in config file as "[database]" instead of "[mysql]"

[mysql]
host="localhost"
port="3306"
# user="root"
# password="mysql111"
maxIdleConn = 2
maxOpenConn = 2

[postgres]
host="localhost" 
port="5432" 
user="postgres"
dbname="postgres"
password="postgres" 
maxIdleConn = 2
maxOpenConn = 2

[app]
debug = true

Contributing

We welcome PRs and Issue Reports

Help

Please reach us at [email protected]

Name		Name	Last commit message	Last commit date
Latest commit History 54 Commits
.github		.github
cmd/ciscollector		cmd/ciscollector
docker_testing		docker_testing
htmlreport		htmlreport
model		model
mysql		mysql
passwordmanager		passwordmanager
passwords		passwords
pkg		pkg
postgres		postgres
rds		rds
.air.toml		.air.toml
.gitignore		.gitignore
.golangci.yml		.golangci.yml
.goreleaser.yml		.goreleaser.yml
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
go.mod		go.mod
go.sum		go.sum
kshieldconfig_example.toml		kshieldconfig_example.toml

License

klouddb/klouddbshield

Folders and files

Latest commit

History

Repository files navigation

KloudDB_Shield

How to run this tool on my server ?

!! IMPORTANT !! Please refer to https://klouddb.gitbook.io/klouddb_shield for detailed documentation

How to run locally(without installing a package) ?

RDS Checks

Contributing

Help

About

Topics

Resources

License

Stars

Watchers

Forks

Languages