Inspect OS and WAS

Available in Classic and VPC

This page describes how to inspect the security settings of newly created server operating system (OS) and Web Application Server (WAS) in NAVER Cloud Platform. View the inspection method for each server operating system.

Note

You can view the inspection result on the NAVER Cloud Platform console. For more information, see OS Security Checker or WAS Security Checker.

Linux server inspection

To inspect the OS or WAS security setting of a Linux server, follow these steps in order:
1. Access the server for inspection
2. Download the agent
3. Run the agent

1. Access the server for inspection

Access the server you want to inspect with an account with root authority.
For more information on how to access the server, see Access Server (VPC) or Access Server (Classic).

2. Download the agent

To download the agent that will run on the server, follow these steps:

Run the following commands to download the agent file.
```
wget http://ossc.ncloud.com/download/sscAgent
```
Run the following commands to grant the run permissions to the downloaded file.
```
chmod 755 sscAgent
```

3. Run the agent

Run the agent to inspect the server's security settings. Run the suitable commands for the inspection target.

Caution

To inspect a server, you need an admin (root) authority. To view some important system files you need the admin authority. You must run the agent with the admin authority.

OS / WAS inspection

#  ./sscAgent
 ---- [System Security Checker] user guide ----
System inspection requires root permissions.

#1. Introduction of inspection targets and criteria
  + OS  - Linux (CSAP): check 36 items of Cloud Security Assurance Program (CSAP) authentication criteria
  + OS  - Linux (KISA): check 72 items of the detailed guide of the technical vulnerability analysis and evaluation method for major information and communications infrastructures
  + OS  - Linux (Finance): check 89 items of the security vulnerability evaluation criteria for electronic financial infrastructures
  + WAS - Apache httpd  (CSAP): check 7 items of CSAP authentication examination criteria
  + WAS - Apache Tomcat (CSAP): check 9 items of CSAP authentication examination criteria
  + WAS - Nginx         (CSAP): check 7 items of CSAP authentication examination criteria

#2. Inspection cost
  + OS (CSAP)           - 100 KRW  per 1 case (80 KRW per 1 case after 100 cases per 1 month)
  + OS (KISA / Finance) - 500 KRW per 1 case (400 KRW per 1 case after 100 cases per 1 month)
  + WAS (httpd / Tomcat / Nginx) - 20,000 KRW per case (1 free re-inspection on the same server and process)

[System Security Checker] Select the targets you want to check.

When you run the agent, you can use the following options:
- -h: show help (--help)
- --update: show the information for agent updates
- --debug: show the information for debugging in the terminal
If the inspection is finished successfully, Complete will appear.
- <example> If a Linux inspection was successfully completed
```
[Complete] System Security Checker inspection is complete.
    You can view the inspection results in the NCP Console.
```

Windows server inspection

To inspect the OS security setting for a Windows server, follow these steps in order:
1. Access the server for inspection
2. Download the agent
3. Run the agent

1. Access the server for inspection

Access the server you want to inspect with an account with root authority.
For more information on how to access the server, see Access Server (VPC) or Access Server (Classic).

2. Download the agent

To download the agent that will run on the server, follow these steps:

Run the following commands to download the agent file.
```
wget http://ossc.ncloud.com/download/sscAgent.zip
```
Unzip the downloaded file.

3. Run the agent

To inspect the security setting by running the agent, follow these steps:

Press the [Shift] key and right-click in the directory with sscAgent.exe file.
In the popup menu, click Open command window here.
Run the following commands to inspect the OS’s security setting.
```
sscAgent.exe
```

When you run the agent, you can use the following options:
- -h: show help (--help)
- --update: show the information for agent updates
- --debug: show the information for debugging in the terminal
If the inspection is finished successfully, Complete will appear.
- <example> If a Linux inspection was successfully completed
```
[Complete] System Security Checker inspection is complete.
    You can view the inspection results in the NCP Console.
```