這篇文章主要介紹s3tk是一款什么安全審計套件,文中介紹的非常詳細��,具有一定的參考價值�����,感興趣的小伙伴們一定要看完!
十載的翠屏網(wǎng)站建設(shè)經(jīng)驗���,針對設(shè)計����、前端�����、開發(fā)���、售后��、文案�����、推廣等六對一服務(wù)����,響應(yīng)快�����,48小時及時工作處理�。全網(wǎng)整合營銷推廣的優(yōu)勢是能夠根據(jù)用戶設(shè)備顯示端的尺寸不同,自動調(diào)整翠屏建站的顯示方式����,使網(wǎng)站能夠適用不同顯示終端,在瀏覽器中調(diào)整網(wǎng)站的寬度�����,無論在任何一種瀏覽器上瀏覽網(wǎng)站���,都能展現(xiàn)優(yōu)雅布局與設(shè)計���,從而大程度地提升瀏覽體驗。創(chuàng)新互聯(lián)從事“翠屏網(wǎng)站設(shè)計”,“翠屏網(wǎng)站推廣”以來����,每個客戶項目都認(rèn)真落實執(zhí)行。
s3tk是一款針對Amazon S3的安全審計套件����,廣大安全研究人員可以使用s3tk來對Amazon S3 Bucket進行安全測試。
工具安裝
廣大研究人員可以使用pip來完成s3tk的安裝:
pip install s3tk
研究人員可以使用AWS CLI命令行工具來配置AWS憑證:
pip install awscliaws configure
工具使用命令
安全掃描
可掃描的Bucket組件如下:
1、公開ACL
2�����、公開策略
3���、屏蔽的公開訪問
4��、啟用的登錄
5��、版本修改
6����、默認(rèn)加密
s3tk scan
針對特定Bucket運行掃描:
s3tk scan my-bucket my-bucket-2
支持通配符:
s3tk scan "my-bucket*"
跳過日志和默認(rèn)加密:
s3tk scan --skip-logging --skip-versioning --skip-default-encryption
獲取郵件通知(通過SNS):
s3tk scan --sns-topic arn:aws:sns:...
枚舉策略
枚舉Bucket策略:
s3tk list-policy
針對特定Bucket運行掃描:
s3tk list-policy my-bucket my-bucket-2
顯示名稱:
s3tk list-policy --named
設(shè)置策略:
s3tk set-policy my-bucket --no-object-acl
刪除策略:
s3tk delete-policy my-bucket
屏蔽公開訪問:
s3tk block-public-access my-bucket my-bucket-2
啟用默認(rèn)加密
針對所有Bucket啟用默認(rèn)加密:
s3tk enable-default-encryption
僅針對特定Bucket啟用:
s3tk enable-default-encryption my-bucket my-bucket-2
掃描對象ACL
掃描目標(biāo)Bucket中所有對象的ACL:
s3tk scan-object-acl my-bucket
掃描特定對象:
s3tk scan-object-acl my-bucket --only "*.pdf"
排除特定對象:
s3tk scan-object-acl my-bucket --except "*.jpg"
掃描DNS
s3tk scan-dns
憑證
用戶憑證可以在“~/.aws/credentials”中或環(huán)境變量中設(shè)置���,我們可以使用下列命令設(shè)置一個profile:
AWS_PROFILE=your-profile s3tk
IAM策略
下面給出的是每一條命令所需的權(quán)限����,用戶只需要將相應(yīng)權(quán)限在下列代碼中聲明即可:
{"Version": "2012-10-17","Statement": [
{"Sid": "Scan","Effect": "Allow","Action": ["s3:ListAllMyBuckets","s3:GetBucketAcl","s3:GetBucketPolicy","s3:GetBucketPublicAccessBlock","s3:GetBucketLogging","s3:GetBucketVersioning","s3:GetEncryptionConfiguration"],"Resource": "*"},
{"Sid": "ScanDNS","Effect": "Allow","Action": ["s3:ListAllMyBuckets","route53:ListHostedZones","route53:ListResourceRecordSets"],"Resource": "*"},
{"Sid": "ListPolicy","Effect": "Allow","Action": ["s3:ListAllMyBuckets","s3:GetBucketPolicy"],"Resource": "*"},
{"Sid": "SetPolicy","Effect": "Allow","Action": ["s3:PutBucketPolicy"],"Resource": "*"},
{"Sid": "DeletePolicy","Effect": "Allow","Action": ["s3:DeleteBucketPolicy"],"Resource": "*"},
{"Sid": "BlockPublicAccess","Effect": "Allow","Action": ["s3:ListAllMyBuckets","s3:PutBucketPublicAccessBlock"],"Resource": "*"},
{"Sid": "EnableLogging","Effect": "Allow","Action": ["s3:ListAllMyBuckets","s3:PutBucketLogging"],"Resource": "*"},
{"Sid": "EnableVersioning","Effect": "Allow","Action": ["s3:ListAllMyBuckets","s3:PutBucketVersioning"],"Resource": "*"},
{"Sid": "EnableDefaultEncryption","Effect": "Allow","Action": ["s3:ListAllMyBuckets","s3:PutEncryptionConfiguration"],"Resource": "*"},
{"Sid": "ResetObjectAcl","Effect": "Allow","Action": ["s3:ListBucket","s3:GetObjectAcl","s3:PutObjectAcl"],"Resource": ["arn:aws:s3:::my-bucket","arn:aws:s3:::my-bucket/*"]
},
{"Sid": "Encrypt","Effect": "Allow","Action": ["s3:ListBucket","s3:GetObject","s3:PutObject"],"Resource": ["arn:aws:s3:::my-bucket","arn:aws:s3:::my-bucket/*"]
},
{"Sid": "DeleteUnencryptedVersions","Effect": "Allow","Action": ["s3:ListBucketVersions","s3:GetObjectVersion","s3:DeleteObjectVersion"],"Resource": ["arn:aws:s3:::my-bucket","arn:aws:s3:::my-bucket/*"]
}
]
}訪問日志
Amazon Athena適用于查詢S3日志�����,創(chuàng)建下列表:
CREATE EXTERNAL TABLE my_bucket (
bucket_owner string,
bucket string,time string,
remote_ip string,
requester string,
request_id string,
operation string,
key string,
request_verb string,
request_url string,
request_proto string,
status_code string,
error_code string,
bytes_sent string,
object_size string,
total_time string,
turn_around_time string,
referrer string,
user_agent string,
version_id string
)
ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.RegexSerDe'WITH SERDEPROPERTIES ('serialization.format' = '1','input.regex' = '([^ ]*) ([^ ]*) \\[(.*?)\\] ([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*) \\\"([^ ]*) ([^ ]*) (- |[^ ]*)\\\" (-|[0-9]*) ([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*) (\"[^\"]*\\") ([^ ]*)$') LOCATION 's3://my-s3-logs/my-bucket/';修改最后一行代碼�����,并指向你的日志Bucket:
SELECTdate_parse(time, '%d/%b/%Y:%H:%i:%S +0000') AS time,
request_url,
remote_ip,
user_agentFROMmy_bucketWHERErequester = '-'AND status_code LIKE '2%'AND request_url LIKE '/some-keys%'ORDER BY 1
CloudTrail日志
Amazon Athena同樣可以用于查詢CloudTrail日志���,創(chuàng)建一個表:
CREATE EXTERNAL TABLE cloudtrail_logs (
eventversion STRING,
userIdentity STRUCT,
sessionIssuer:STRUCT>>,
eventTime STRING,
eventSource STRING,
eventName STRING,
awsRegion STRING,
sourceIpAddress STRING,
userAgent STRING,
errorCode STRING,
errorMessage STRING,
requestId STRING,
eventId STRING,
resources ARRAY>,
eventType STRING,
apiVersion STRING,
readOnly BOOLEAN,
recipientAccountId STRING,
sharedEventID STRING,
vpcEndpointId STRING,
requestParameters STRING,
responseElements STRING,
additionalEventData STRING,
serviceEventDetails STRING
)
ROW FORMAT SERDE 'com.amazon.emr.hive.serde.CloudTrailSerde'STORED AS INPUTFORMAT 'com.amazon.emr.cloudtrail.CloudTrailInputFormat'OUTPUTFORMAT 'org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat'LOCATION 's3://my-cloudtrail-logs/'
修改最后一行代碼����,并指向你的CloudTrail日志Bucket:
SELECTeventTime,
eventName,userIdentity.userName,
requestParametersFROMcloudtrail_logsWHEREeventName LIKE '%Bucket%'ORDER BY 1
Bucket策略
{"Version": "2012-10-17","Statement": [
{"Effect": "Deny","Principal": "*","Action": "s3:PutObjectAcl","Resource": "arn:aws:s3:::my-bucket/*"}
]
}工具更新
運行下列命令:
pip install s3tk --upgrade
使用Master�,可運行下列命令:
pip install git+https://github.com/ankane/s3tk.git --upgrade
Docker運行
運行下列命令:
docker run -it ankane/s3tk aws configure
提交你的憑證:
docker commit $(docker ps -l -q) my-s3tk
接下來,運行下列命令:
docker run -it my-s3tk s3tk scan
工具運行截圖
以上是“s3tk是一款什么安全審計套件”這篇文章的所有內(nèi)容��,感謝各位的閱讀����!希望分享的內(nèi)容對大家有幫助,更多相關(guān)知識��,歡迎關(guān)注創(chuàng)新互聯(lián)行業(yè)資訊頻道�����!
當(dāng)前標(biāo)題:s3tk是一款什么安全審計套件
轉(zhuǎn)載來源:
http://weahome.cn/article/peophg.html
重慶分公司
重慶分公司
