OS and WAS Inspection
    • PDF

    OS and WAS Inspection

    • PDF

    Article Summary

    Available in Classic and VPC

    How to inspect the security setting of newly created server operating system(OS) and Web Application Server(WAS) in the NAVER Cloud Platform is explained. Find the inspection method for each server operating system.

    Note

    You can view the inspection result on the NAVER Cloud Platform console. For further information, see OS Security Checker or WAS Security Checker.

    Linux Server Inspection

    To inspect the OS or WAS security setting of a Linux server, please proceed with the following steps.
    1. Access the server for inspection
    2. Download the agent
    3. Run the agent

    1. Access the server for inspection

    Access the server you wish to inspect with an account with root authority.
    For more information about how to access the server, see Access Server (VPC) or Access Server (Classic).

    2. Download the agent

    The following is how to download the agent that will run in the server.

    1. Run the following commands to download the agent file.
      # wget http://ossc.ncloud.com/download/sscAgent
      
    2. Run the following commands to grant execute permissions to the downloaded file.
      # chmod 755 sscAgent
      

    3. Run the agent

    Run the agent to inspect the server's security setting. Run the suitable command for the inspection target.

    Caution

    In order to inspect a server, you need an admin(root) authority. To check some important system files you need the admin authority. You must run the agent with the admin authority.

    • OS / WAS inspection

      # ./sscAgent
       ---- [System Security Checker] User Guide ----
      System checks require root permissions.
      
      #1. Introduction of inspection targets and criteria
        + OS - Linux (CSAP): check 36 items of Cloud Security Assurance Program (CSAP) authentication criteria
        + OS - Linux (KISA): check 72 items of the detailed guide of the technical vulnerability analysis and evaluation method for major information and communications infrastructures
        + OS  - Linux (Finance): check 89 items of the security vulnerability evaluation criteria for electronic financial infrastructures
        + WAS - Apache httpd (CSAP): check 7 items of CSAP authentication examination criteria
        + WAS - Apache Tomcat (CSAP): check 9 items of CSAP authentication examination criteria
        + WAS - Nginx (CSAP): check 7 items of CSAP authentication examination criteria
      
      #2. Inspection cost
        + OS (CSAP) - KRW 100 per case (KRW 80 per case after 100 cases per month)
        + OS (KISA / Finance) - KRW 500 per case (KRW 400 per case after 100 cases per month)
        + WAS (httpd / Tomcat / Nginx) - KRW 20,000 per case (One free re-inspection on the same server and process)
      
      [System Security Checker] Select the targets you want to check.
      
    • When you run the agent, you can use the following options:

      • -h: show Help(--help)
      • --update: show the information for agent updates
      • --debug: show the information for debugging in the terminal
    • If the inspection is finished successfully, Success will appear.

      • <example> If a Linux inspection was successfully completed
        [Complete] System Security Checker inspection is complete.
            You can view the inspection results in the NCP Console.
        

    Windows Server Inspection

    To inspect the OS or WAS security setting for Windows server, please proceed with the following steps.
    1. Access the server for inspection
    2. Download the agent
    3. Run the agent

    1. Access the server for inspection

    Access the server you wish to inspect with an account with root authority.
    For more information about how to access the server, see Access Server (VPC) or Access Server (Classic).

    2. Download the agent

    The following is how to download the agent that will run in the server.

    1. Open an Internet browser and access the following URL to download the agent file.

      • Agent file download URL: http://ossc.ncloud.com/download/ncp_secuagent.zip
       cmd> curl http://ossc.ncloud.com/download/ncp_secuagent.zip -o ssc_agent.zip
      
    2. Decompress the downloaded file.

    3. Run the agent

    The following is how to inspect the security setting by running the agent.

    1. Press the [Shift] key and right-click in the directory with ncp_secuagent.exe.

    2. In the pop-up menu, click Open command window here.

    3. Run the following commands to inspect the OS’s security setting.

      cmd> ncp_secuagent.exe
      
      • When you run the agent, you can use the following options:
        • -h: Show Help(--help)
        • -v: The version of the agent(--version)
        • -d: Show the information for debugging in the terminal(--debug)
        • -t number: If the inspection is not completed within the entered time, it force-quits. You can set by seconds (--timeout, basic value: 60 sec)
      • If the inspection is finished successfully, Success will appear.
        [Project : windows] => Success
        

    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.