Home page logo

nmap-dev logo Nmap Development mailing list archives

[NSE] Auditing MySQL databases against the CIS benchmark
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 31 May 2011 07:43:01 +0200

Hi all,

I've been working on a script that attempts to audit a MySQL database against parts of the CIS MySQL v1.0.2 benchmark.
The engine is written as a standard NSE script that loads a file containing the tests to run against the database.
The tests are small Lua functions that return a result table back to the engine which then interprets the result and 
creates the "report".

Anyway, In case someone want's to check it out, I'm attaching both the engine and audit file.
I'm interested in comments and suggestions as well as test results as I've just done limited testing against a single 
MySQL database.
I think the NSE framework could easily be adapted to work with MS SQL as well, so depending on the enthusiasm and 
feedback I might get started on that to.

In order to run the script do:
nmap -p 3306 --script mysql-audit --script-args 

As usual the script goes into your script directory and the mysql-cis.audit file should go into the nselib/data 

Attachment: mysql-audit.nse

Attachment: mysql-cis.audit

Patrik Karlsson

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]