System Security Checker

Features

System Security Checker guides you through checking the operating system and Apache security settings of the server you have created and setting them to the appropriate values from a security perspective.

Special features

Based on KISA's security setting guide and NAVER's security setting policy, we select and check items that can enhance both convenience and security. It describes what each item checks for and provides guidance on how to make the correct settings if they are vulnerable.

Expected benefits

You can expect to improve the security of your server by checking the security settings through System Security Checker and modifying the settings according to the provided guide. For example, if you set user's password to 8 characters or more and the maximum period of use is 90 days or less, you can prevent a server intrusion from an external attacker's Brute Force Attack. With these relatively simple settings, you can make your service more secure by improving the security of your server.

Before use

Q. What is System Security Checker?

  • System Security Checker checks the operating system security settings of the server you have created and guides you to set the operating system's default settings to the appropriate values from a security perspective.

Q. What permissions do I need to check my server?

  • You need the administrator (root) permission to check your server. Make sure to run an agent with the administrator permission to check some important system files.

Q. What is the scope of the System Security Checker's inspection?

  • Operating system on the server used by the customer (Windows, Linux)
  • Customer leveraged WAS (Apache, Tomcat, Nginx) settings

Q. How do I use System Security Checker?

  • Follow the procedure below to proceed with a check.

    step

  • Connect to the Console and request the service: After connecting to MC Console, from [Security > Security Checker > System Security Checker] menu, click ‘Terms of Service’ to agree with Terms of Service and subscribe to it.

  • Terminal connection to VM to check: Direct terminal connection to the server according to a connection guide
  • Download an agent: Manually download an agent to check
  • Execute the agent: Run the agent to automatically check the server's security settings
  • Check the results: Connect to MC Console and check the results from [Security > Security Checker > System Security Checker] menu

Q. How long does it take to check?

  • Normally, it takes no more than 5 seconds.
  • If the check is not completed normally, it is designed to be forcibly stopped in 60 seconds. It is automatically stopped in 60 seconds by default and can be set in seconds with the -t(--timeout) option.

Q. Once I checked it, I executed it again, and the agent could not be implemented.

  • If you repeatedly check the same object within 5 minutes (300 seconds), the following error message will be displayed.
    • Project Execution Time Interval (linux) : 5 min (over 300 seconds)
  • Please wait a moment, then check it again after 5 minutes.

Q. I canceled the subscription and cannot find the results of the previous check.

  • It is designed to show only the check results after subscription. Please note that you cannot see the results of the previous checks once the subscription is canceled.

How to check

How to check on Linux

Step 1. Connect to Console and request service

  • Connect to MC Console: https://Console.ncloud.com.

  • From left menu 'System Security Checker' click

    • If the product name is not visible in the left menu, add favorites by clicking the left asterisk of the appropriate product name in ' All Product ' as shown below

  • Terms of Service’ to agree with Terms of Service and subscribe to it.

Step 2. Connect to VM to check

Step 3. Download agent

  • Download an agent to be run in VM.
      # wget http://ossc.ncloud.com:10080/download/ncp_secuagent.tar.gz
    

Step 4. Execute agent

You should proceed with the check as root authorization.

  • Unzip the agent.
      # tar xvzf ncp_secuagent.tar.gz
      ncp_secuagent
    
  • Execute the agent.

      # ./ncp_secuagent
      [Project : linux] => Success
    
      When you check Apache, add the following option.
      # ./ncp_secuagent -p apache
      When you check Tomcat, add the following option.
      # ./ncp_secuagent -p tomcat
      When you check Nginx, add the following option.
      # ./ncp_secuagent -p nginx
    
    • When the result shows Success, the check will be completed normally.
  • Available options

    • -h [ --help ] Output Help.
    • -v [ --version ] Output an agent version.
    • -d [ --debug ] Output a message for debugging.
    • -t [ --timeout ] arg (default : 60 sec), It can be set in units of 1 second, and it will be forcibly stopped if the check is not completed within the timeout.
    • -p [ --project ] arg (finance, apache, tomcat, nginx) - Check the security settings of Apache, Tomcat or Nginx.
      • finance : Support checking of Linux OS security settings based on Financial Security Agency

Step 5. Check results

  • Check the results from MC Console [Security > Security Checker > System Security Checker] menu.

    • If you cannot see 'Security Checker' item on the left menu

      1. Select ‘All Products’ from the left menu.
      2. Click ‘Security Checker’ star on Security category.

  • If you want to see only items whose check result is ‘Bad’ in the result report

    • In ‘Detailed Results and Measures’, set ‘Result’ to ‘Bad’ in the red box and click Search button.
    • If you click 'Report' button at the bottom of the screen, only 'Bad' items will be output to the report.

  • If you want to see only items whose severity is 'Critical'

    • In ‘Detailed Results and Measures’, set 'Severity' to ‘Critical’ and click Search button.
    • If you click 'Report' button at the bottom of the screen, only items with 'Critical' severity will be output to the report.

Step 6. Detailed report

  • Click the ' Report ' button to view the detailed reports
  • A detailed report can see the entire checklist, or it can only view items that meet certain conditions, such as Step 5.

How to check on Windows

Step 1. Connect and apply for console

  • Connect MC Console: https://console.ncloud.com
  • Click on the 'System Security Checker' product menu in the left menu area
  • Click 'Apply'

Step 2. Connect to VM to check

Step 3. Agent download and execution

  • Download an agent executed in VM.
  • In your Internet browser, go to the following URL to download it.
      # http://ossc.ncloud.com:10080/download/ncp_secuagent.zip
    
  • Unzip it.

Step 4. Execute the agent

  • In the directory where the ncp_secuagent file is located, press 'shift + right-click'.
  • From the popup menu, click ‘Open Command Window here (W)’.

  • Execute the agent.

      cmd> ncp_secuagent.exe
      [project : windows] => Success
    

  • If the following message was displayed, the check has been completed normally.

      [project : windows] => Success
    
  • Available options

    • -h [ --help ] Output Help.
    • -v [ --version ] Output an agent version.
    • -d [ --debug ] Output a message for debugging.
    • -t [ --timeout ] arg (default : 60 sec), It can be set in units of 1 second, and it will be forcibly stopped if the check is not completed within the timeout.

Step 5. Check results

  • Check the results from MC Console [Security > Security Checker > System Security Checker] menu.

This product is also available in Global Region.

How to Use Global Region

results matching ""

    No results matching ""

    Processing...