Tenable IO Scan Scripts v3 – Get ’em here.

First things first, I need to learn how to properly use GitHub to version my stuff. This being the first project that I am working on where someone outside of me may use it, I need to get better at this. I commit commented 3/4 of my repo with the same message.

My comments…

The message though is a small step to a larger plan. I have added two new additions to the repo.

I have added a few canned filters in the ioFiles/ folder. We’ve needed to find out why some scans aren’t running all plugins, so a list of those was created. Why not share that and others? The files are broken up by the type and what is in them. More will be added.

Scans can now call the plugin family to get data.

This is where the small things create big changes. Our biggest headache is that there is no 3rd party that can robustly take in compliance data from TenableIO (including Tenable’s own Security Center) so we need to pull it and parse it.

To add to that, a fun project we are going to need to embark on is to write our own audit files to check for middleware since IO won’t be accepting custom .nasl files anytime soon.

This call will get all compliance data from a scan (which includes custom audit files):

python ioSearchDownloadScans.py -scan ScanNametoSearch -o csv -q pluginfamily -f ioFiles/pluginfamilyCompliance

We can now work to incorporate the Nessus Parser into the scripts, or port the functionality from Perl to python.

That, plus many possibilities are now available from a few small changes. Now, to learn to use GitHub a bit better.

This year I was able to attend Edge, the User’s Conference for Tenable, the product I use most at work. I didn’t really know what to expect – and to be honest, I hid from all vendor sponsored sales talks. I think this may be why I had such a great time. It may be why I learned so much in my three days in Atlanta.

I got some real good technical information from the talk, but more than that I got excellent people information. This post is tech lite (okay, non existent).

Team Mates

First up, my team mates. When you work 100% remote it’s kinda exciting and scary to meet the people you work with face to face. Spending time with them I got to learn about them more as people, as well and long conversations to work the technical issues we all work – but together. There really is a lot to be said for face to face time.

Vendors

Face time. It’s important. I understand it costs money and every vendor is there to make money, but the face time with people is important and can save that time that so many people think they are saving with emails and support tickets.

We sat in a room for an hour. The vendors and a few of my teammates. We hashed out issues, talked about moving forward, and then when we saw each other later – we talked about it more. We talked about expectations – from all sides and it may just be the after show glow, but it seems a lot can be done when sitting down with someone, or getting on the phone (like we finally got support to do while I was at the airport).

We have a relationship moving forward.

Networking

I am an introvert with verbal diarrhea when people start asking me questions. I am very aware of it, and work to curb the flow because I become more and more uncomfortable as I speak.

But while there I had to meet people. I had to meet those who are doing what we are doing. People where there from far and wide, from different industries and I was able to learn a lot from them. The people in my home/work town and I will be getting together to work on issues we all come across, also to come to the vendor as a united front on things that are needed to make out lives easier.

I was able to meet the developers and talk. It’s an important thing to be able to do. Speaking with those and just hearing about their decisions, and sharing what’s happening sets up a lot understanding. It leaves a lot to think about.

The Airport

Finally the conference ended. There were a lot of Minnesota goodbyes. I then got lucky. I got to the airport with a lot of time to spare. I walked the way through to my gate, checking out all the art at the Atlanta airport. I was hungry. I made the decision to eat sushi in an airport and I was not disappointed.

The sushi was good, but the real cool thing was meeting up with Krista. See, I had just spent three days with one of our brilliant techs, who happens to be a woman in our field – and she is really needed here. At the end of the conference we spoke about leadership and being a woman in our field/organization. Me, being a white male can’t ever relate to what she will experience, but that doesn’t mean I can’t advocate.

Krista is/was having a much tougher time in the field then the tech I spent the week with. This was where I put my stuff to the side. My uncomfortable feelings when someone is telling me things and wanting to talk to fix it. Instead I listened (something my wife told me is a good thing). I listened until she asked me a question. I only asked her one question at the end. “How can I make the new woman on my team feel welcome, and not like you are feeling?”

She told me to listen. She told me to acknowledge the work that’s done. She told me not to try to intimidate, but to reason.

I wish her the best of luck in her new adventures. I think what I learned in the end from all of the experiences I had at the conference, was we all really need to listen, acknowledge the work when it’s done, and reason with people – not intimidate.

I wonder if things will be the same when at Defcon?

One of the thing I like about Linux tools is many of them don’t try to be the kitchen sink. They do one thing and do it well.

Me, as a human I stink at multi-tasking. Many people say they can do it. Because my world revolves around me and I can’t, I don’t believe them.

Today I again proved to myself that I should do one thing at a time and focus on all the steps, otherwise we break production. Lucky for me, production was this web site, and not a production system at my job (we’ve all borked production at the job, right?).

It started simple enough – with an email.

Time to test that the job to update my certs is working. Follow directions for a dry run.

sudo certbot renew --dry-run

After a few errors, I remembered that some things need to be changed with CloudFlare.

I had to turn on Development Mode under Caching and my errors went away. CloudFlare is great. I just need to remember to read the documentation.

After that I thought it would be good to write a short blog post on it (a bit longer than above).

Logging into WordPress I see that an update is available.

The squirrel ran by and I decided to pick this up instead of writing about how I worked though the issues on updating my certificates.

I can’t run the auto update for this due to my server configuration (I’m not letting FTP through on my secret lair for the sever). That’s okay. I can read the instructions on how to do it manually.

To be fair, it does not say ‘backup your files’. But really, I’ve been doing this long enough that I should back up my files. Of course I didn’t back up my files.

I copied over the right files. I did what I was supposed to do (except backing up my files). I still got me a 500 Error when looking at the site.

What did I do wrong? Did I mess up permissions because I used FTP when I usually copy and mv over?

I checked the permissions, updated them and still a 500. I tried the tried and true – re-upload the files after deleting the wrong files. Still get me a 500.

Did I check the error logs? No. Why am I forgetting to do all these things I should normally do?

I check the error logs:

logs logs logs

What do I see here? An uncaught error:

Uncaught Error: Call to undefined function wp_recovery_mode()

Google being my friend with people asking about it 5 days ago, shows the best bet right now is to downgrade back to 5.1 and backup next time I am going to do my upgrade.

My friend Google

I shall wait for a not so nice day out to do that.

Ah, spring is here