🔒 Setting Up Vulnerability Scanning: Simple Guide

I’ll show you how to set up vulnerability scanning on Alpine Linux! This helps you find security weaknesses before the bad guys do. Essential for keeping your system safe!

🤔 What is Vulnerability Scanning?

Vulnerability scanning automatically checks your system for security problems. It’s like having a security expert test your locks, windows, and doors. The scanner finds weak spots so you can fix them!

Why scan for vulnerabilities?

• Find security holes early
• Check for outdated software
• Detect misconfigurations
• Meet compliance requirements
• Prevent breaches

🎯 What You Need

Before starting, you’ll need:

• Alpine Linux running
• Root or sudo access
• Internet connection
• At least 1GB free space
• About 20 minutes

📋 Step 1: Install Scanning Tools

Let’s install essential security scanners:

# Update packages
apk update

# Install basic scanning tools
apk add nmap nikto lynis

# Install dependencies
apk add perl perl-net-ssleay

# Install additional tools
apk add openssl curl wget git

# For building tools from source
apk add gcc g++ make linux-headers

Verify installations:

# Check tools
nmap --version
nikto -Version
lynis --version

📋 Step 2: System Security Audit

Start with Lynis for system scanning:

# Run basic audit
lynis audit system

# Run with suggestions
lynis audit system --quick

# Save report
lynis audit system --report-file /tmp/lynis-report.txt

# Check specific areas
lynis show groups
lynis audit system --tests-from-group firewall

Create audit script:

# System audit script
cat > /usr/local/bin/security-audit << 'EOF'
#!/bin/sh
# Security Audit Script

REPORT_DIR="/var/log/security-audits"
mkdir -p "$REPORT_DIR"
DATE=$(date +%Y%m%d_%H%M%S)

echo "🔍 Starting Security Audit..."
echo "=============================="

# Run Lynis
echo "Running system audit..."
lynis audit system --quiet --report-file "$REPORT_DIR/lynis_$DATE.txt"

# Extract warnings
echo ""
echo "⚠️  Security Warnings:"
grep -E "warning\[\]|suggestion\[\]" "$REPORT_DIR/lynis_$DATE.txt" | head -10

echo ""
echo "📊 Audit complete! Report saved to: $REPORT_DIR/lynis_$DATE.txt"
EOF

chmod +x /usr/local/bin/security-audit

📋 Step 3: Network Vulnerability Scanning

Use Nmap for network scanning:

# Basic vulnerability scan
nmap -sV --script vuln localhost

# Scan common vulnerabilities
nmap --script vuln,exploit localhost

# Scan specific services
nmap -p 80,443 --script http-vuln* localhost

# Full scan (careful - intensive)
nmap -sV -sC -O -A localhost

Create network scanner:

# Network vulnerability scanner
cat > /usr/local/bin/net-vuln-scan << 'EOF'
#!/bin/sh
# Network Vulnerability Scanner

TARGET="${1:-localhost}"
OUTPUT_DIR="/var/log/network-scans"
mkdir -p "$OUTPUT_DIR"

echo "🌐 Scanning network vulnerabilities on: $TARGET"
echo "==========================================="

# Quick scan
echo "Running quick vulnerability scan..."
nmap -sV --script vuln "$TARGET" -oN "$OUTPUT_DIR/quick-scan.txt"

# Service detection
echo "Detecting services..."
nmap -sV -p- "$TARGET" -oN "$OUTPUT_DIR/services.txt"

# Show results
echo ""
echo "📋 Scan Results:"
grep -E "open|vulnerable" "$OUTPUT_DIR/quick-scan.txt" | head -20

echo ""
echo "✅ Scan complete! Full results in: $OUTPUT_DIR/"
EOF

chmod +x /usr/local/bin/net-vuln-scan

📋 Step 4: Web Application Scanning

Set up web vulnerability scanning:

# Configure Nikto
cat > ~/.nikto.conf << 'EOF'
UPDATES=auto
PROMPTS=no
REPORT_DIR=/var/log/nikto
EOF

# Create web scanner
cat > /usr/local/bin/web-scan << 'EOF'
#!/bin/sh
# Web Application Scanner

URL="${1:-http://localhost}"
REPORT_DIR="/var/log/web-scans"
mkdir -p "$REPORT_DIR"
DATE=$(date +%Y%m%d_%H%M%S)

echo "🌐 Scanning web application: $URL"
echo "===================================="

# Run Nikto scan
nikto -h "$URL" -output "$REPORT_DIR/nikto_$DATE.txt"

# Check for common issues
echo ""
echo "🔍 Checking common vulnerabilities..."

# Check headers
curl -I -s "$URL" > "$REPORT_DIR/headers_$DATE.txt"
echo "Security Headers:"
grep -E "X-Frame-Options|X-Content-Type|Strict-Transport" "$REPORT_DIR/headers_$DATE.txt" || echo "⚠️  Missing security headers!"

# Check SSL/TLS
if [[ "$URL" == https://* ]]; then
    echo ""
    echo "🔒 Checking SSL/TLS..."
    echo | openssl s_client -connect "${URL#https://}:443" 2>/dev/null | grep -E "Protocol|Cipher"
fi

echo ""
echo "📊 Scan complete! Reports in: $REPORT_DIR/"
EOF

chmod +x /usr/local/bin/web-scan

📋 Step 5: Automated Scanning

Set up automated vulnerability scanning:

# Create master scanner
cat > /usr/local/bin/vuln-scan-all << 'EOF'
#!/bin/sh
# Comprehensive Vulnerability Scanner

LOG_DIR="/var/log/vulnerability-scans"
REPORT_FILE="$LOG_DIR/report_$(date +%Y%m%d).txt"
mkdir -p "$LOG_DIR"

{
    echo "🛡️ Comprehensive Vulnerability Scan"
    echo "=================================="
    echo "Date: $(date)"
    echo ""
    
    # System scan
    echo "1. System Security Audit"
    echo "------------------------"
    lynis audit system --quiet | grep -E "warning|suggestion" | head -10
    echo ""
    
    # Network scan
    echo "2. Network Vulnerabilities"
    echo "-------------------------"
    nmap -sV --script vuln localhost | grep -E "VULNERABLE|open" | head -10
    echo ""
    
    # Package audit
    echo "3. Package Vulnerabilities"
    echo "-------------------------"
    apk version -v | grep -E "<" | head -10
    echo ""
    
    # Configuration check
    echo "4. Security Configuration"
    echo "------------------------"
    # Check important files
    [ -f /etc/ssh/sshd_config ] && {
        echo -n "SSH Root Login: "
        grep -E "^PermitRootLogin" /etc/ssh/sshd_config || echo "Not configured"
    }
    
    echo ""
    echo "✅ Scan completed at $(date)"
    
} | tee "$REPORT_FILE"

# Send alert if critical issues
grep -q "VULNERABLE\|critical" "$REPORT_FILE" && {
    echo "⚠️  CRITICAL VULNERABILITIES FOUND!"
    echo "Check report: $REPORT_FILE"
}
EOF

chmod +x /usr/local/bin/vuln-scan-all

# Add to cron for weekly scans
echo "0 2 * * 0 /usr/local/bin/vuln-scan-all" | crontab -

📋 Step 6: Fix Common Vulnerabilities

Create remediation helper:

# Vulnerability fixer
cat > /usr/local/bin/fix-vulns << 'EOF'
#!/bin/sh
# Common Vulnerability Fixes

echo "🔧 Applying Security Fixes..."
echo "============================"

# Update all packages
echo "Updating packages..."
apk update && apk upgrade

# Fix SSH configuration
echo "Securing SSH..."
sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config

# Set secure permissions
echo "Setting secure permissions..."
chmod 600 /etc/ssh/sshd_config
chmod 644 /etc/passwd
chmod 600 /etc/shadow

# Remove unnecessary services
echo "Removing unnecessary services..."
rc-update del telnet 2>/dev/null

echo ""
echo "✅ Basic security fixes applied!"
echo "⚠️  Remember to review and test changes!"
EOF

chmod +x /usr/local/bin/fix-vulns

🎮 Practice Exercise

Try scanning your system:

1. Run system audit
2. Scan network services
3. Check web server
4. Review results

# Full security check
security-audit

# Network scan
net-vuln-scan localhost

# If running web server
web-scan http://localhost

# Comprehensive scan
vuln-scan-all

🚨 Troubleshooting Common Issues

Scan Takes Too Long

Speed up scans:

# Limit port range
nmap -p 1-1000 localhost

# Quick scan mode
lynis audit system --quick

# Skip slow tests
nikto -h localhost -Tuning 123456789

Permission Denied

Fix permission issues:

# Run as root
sudo vuln-scan-all

# Fix tool permissions
chmod +x /usr/local/bin/*scan*

# Check user access
groups

False Positives

Handle false alarms:

# Create exceptions file
cat > /etc/lynis/custom.prf << EOF
# Skip false positive tests
skip-test=FILE-6310
skip-test=NETW-3032
EOF

# Verify findings manually
nmap -sV -p [port] localhost

💡 Pro Tips

Tip 1: Scan Scheduling

Optimize scan timing:

# Off-peak scanning
echo "0 3 * * * /usr/local/bin/vuln-scan-all" | crontab -

# Quick daily, full weekly
echo "0 1 * * * lynis audit system --quick" | crontab -
echo "0 3 * * 0 /usr/local/bin/vuln-scan-all" | crontab -

Tip 2: Custom Checks

Add your own checks:

# Custom security checks
cat >> /usr/local/bin/custom-checks << 'EOF'
#!/bin/sh
# Check for default passwords
grep -E "admin:admin|root:root" /etc/passwd && echo "WARNING: Default passwords!"

# Check for world-writable files
find / -perm -002 -type f 2>/dev/null | head -10
EOF

Tip 3: Report Dashboard

Create summary dashboard:

# Vulnerability dashboard
cat > /usr/local/bin/vuln-dashboard << 'EOF'
#!/bin/sh
clear
echo "🛡️ Security Dashboard"
echo "===================="
echo "Last scan: $(ls -t /var/log/vulnerability-scans/report_*.txt | head -1)"
echo ""
echo "Open ports: $(nmap -p- localhost | grep -c open)"
echo "Outdated packages: $(apk version -v | grep -c "<")"
echo "Security warnings: $(grep -c warning /var/log/security-audits/lynis_*.txt | tail -1)"
echo ""
EOF

chmod +x /usr/local/bin/vuln-dashboard

✅ Verification Steps

Verify scanning works properly:

# Check all scanners
which lynis nmap nikto

# Run test scans
lynis show version
nmap --script-help vuln
nikto -Help

# Check reports
ls -la /var/log/*scan*/

# Verify automation
crontab -l | grep scan

🏆 What You Learned

Excellent work! You can now:

• ✅ Install vulnerability scanners
• ✅ Scan system security
• ✅ Check network vulnerabilities
• ✅ Automate scanning
• ✅ Fix common issues

Your system is much more secure!

🎯 What’s Next?

Now that you can scan for vulnerabilities, explore:

• Setting up intrusion detection
• Implementing security monitoring
• Creating incident response plans
• Advanced penetration testing

Remember, regular scanning catches problems early. I scan my systems weekly and always before major changes. Stay ahead of the threats!

Keep scanning, stay secure! 🛡️