TOC & Recently Viewed

Recently Viewed Topics

OpenStack Syntax

The syntax for this plugin and an audit are as follows:

<custom_item>

description: "Arbitrary text"

info: "Arbitrary text"

solution: "Arbitrary text"

reference: "REF|ID1,REF|ID2"

service: 'service to audit' # compute,network or identity

request: 'rest query'

json_transform: '' (optional) # json transform to perform on the query output

expect: "" # expected value

severity: LOW MEDIUM OR HIGH

</custom_item>

Example Queries

<custom_item>

description: "OpenStack Servers and their details"

info: "The Servers and their current state will determine what services are available."

solution: "Review the list of Servers. If any are unknown or not in the expected state they should be investigated."

reference: "CCM-3|IVS-07,HIPAA|164.308(a)(2)(D),800-53|CM-2,800-53|CM-6,800-53|CM-8,800-53|PM-7,PCI-DSS|2.2"

service: 'compute'

request: 'servers/detail'

json_transform: '.servers[]|

"\n\nName: " + .name

+ "\nID: " + .id

+ "\nStatus: " + .status

+ "\nUser_ID: " + .user_id

+ "\nCreated: " + .created

+ "\nUpdated: " + .updated

+ "\nHost_ID: " + .hostId

+ "\nTenant_ID: " + .tenant_id

+ "\n- addresses: - " + ([.addresses.[].[].addr] | join("\n - "))

'

expect: ""

severity: LOW

</custom_item>

<custom_item>

description: "OpenStack Deployment Snapshot"

info: "The OpenStack resources and their current state will determine what services are available."

solution: "Review the list of OpenStack resources. If any are unknown they should be investigated."

reference: "CCM-3|IVS-07,HIPAA|164.308(a)(2)(D),800-53|CM-2,800-53|CM-6,800-53|CM-8,800-53|PM-7,PCI-DSS|2.2"

see_also: "http://docs.openstack.org//"

service: 'compute'

request: 'limits'

json_transform: 'openstack_data|

" Users: \(.users | length)\n"

+ ([.users[] | " \(.id) - \(.username)\n"] | sort | join(""))

+ " Servers: \(.servers | length)\n"

+ ([.servers[] | " \(.id) - \(.name)\n"] | sort | join(""))

+ " Networks: \(.networks | length)\n"

+ ([.networks|.networks[] | " \(.id) - \(.name)\n"] | sort | join(""))

+ " Ports: \(.networks |.ports | length)\n"

+ ([.networks |.ports[] | " \(.id)\n"] | sort | join(""))

+ " Subnets: \(.networks |.subnets | length)\n"

+ ([.networks |.subnets[] | " \(.id) - \(.name)\n"] | sort | join(""))

+ " Images: \(.images | length)\n"

+ ([.images[] | " \(.id) - \(.name)\n"] | sort | join(""))

'

expect: ""

severity: LOW

</custom_item>

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.