What is an Amazon Inspector?
- This is an AWS Resource that helps us to scan vulnerability on my EC2 instances automatically.
- This resource has two versions : ‘Classic’ and ‘V2’.
How?
This time, we are going to discuss about the Amazon Inspector ‘Classic’. As usual, this story was written for you to follow along step by step.
As you know, to use Amazon Inspector, you need to have an EC2 instance. So, let’s make the EC2 instance.
Click ‘Launch instances’.
Name it and click ‘Add additional tags’ to create new tag.
Click ‘Add new tag’.
Selecting your EC2 instance’s OS will be the most important thing to do. Because Amazon Inspector Classic doesn’t support Amazon Linux 2023..(I had to try 5 times to test Amazon Inspector Classic because of that..)
And we are going to use t2.micro.
We have to set Key pair. (For who doesn’t know how to make the Key, this story will help u with that : https://medium.com/system-weakness/attack-like-a-red-team-not-using-devops-ep-2-neutral-space-3dbb175a6ff3)
Click ‘Edit’ at Network Settings step.
Make sure ‘Auto-assign public IP’ is enabled.
Click ‘Create security group’.
And check if the ssh port is opened.
Okay, Click ‘Launch instance’ then.
Copy that Public IP of your EC2 instance, and connect to this instance in your terminal.
Since the Amazon Inspector Classic uses an Agent to scan your EC2 Instance, you have to type “curl -O https://inspector-agent.amazonaws.com/linux/latest/install” in your terminal to install the Amazon Inspector Agent.
Then, you can see the ‘install’ Bash Script file.
Execute that file with bash command.
Okay, now we are ready to use the Amazon Inspector Classic. And we are going to install oudated version of tomcat for testing.
And flask with ‘pip3’, python package manager(Keep this in mind).
Then, search ‘Amazon Inspector’ at AWS management console.
If you are using the Amazon Inspector for the first time, this window will welcome you.
And this window will appear.
You need to Switch into Inspector Classic cuz the Inspector Classic is a older version than V2. That button is located at the bottom of the left-side tab.
Click ‘Get started’.
Then you can see this.
On the left-side tab, you can see the ‘Assessment target’. Click it.
We need to set the target EC2 Instance.
Name the target process.
Make sure the checkbox is not marked cuz we don’t need to scan all EC2 instances.
Select the tag we made before.
And make sure this checkbox is unchecked too because we’ve already installed the Agent.
Then, the target will be set successfully.
Next, let’s move onto the ‘Assessment templates’ level because the Amazon Inspector Classic requires a template that specifies what to scan.
Click ‘Create’ button.
Name the template.
Set the target name as the target we set.
Okay, we are going to configure the Amazon Inspector Classic to scan for CVEs only.
And give it 1 hour to scan.
Uncheck this checkbox because we will use it just once.
Create the template then scanning will be executed automatically.
If you go to the ‘Assessment runs’, you can see the Amazon Inspector Classic collecting the data of the target instance.
After 1 hour, the Amazon Inspector Classic will finish the analysis. Click that ‘18'.
This is the result of the Amazon Inspector Classic.
As we predicted, the inspector detected the outdated version of tomcat.
BUT there’s nothing about flask we installed with ‘pip3’. Now, we know that the Amazon Inspector Classic doesn’t support other package manager.
I will be back with the story about Amazon Inspector V2 next time.
Thank you.
