René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"New Scanner: Implement a SSH Server Scanner","articleBody":"**Is your feature request related to a problem? Please describe.**\r\nAs an user i want to use test my ssh-server (or already found ssh port) based on best practices and given security policies with the secureCodeBox. \r\n\r\nSome Best Practices on the topic **ssh hardening** can be found here:\r\n- https://linux-audit.com/audit-and-harden-your-ssh-configuration/\r\n- https://infosec.mozilla.org/guidelines/openssh\r\n\r\n**Describe the solution you'd like**\r\nThere are already some ssh security scanners like:\r\n- https://github.com/arthepsy/ssh-audit\r\n- https://github.com/mozilla/ssh_scan\r\n\r\nEspecially the **mozilla ssh_scan** seems to be a good candidate to implement.\r\nIt's well documented and has a active community. It supports _JSON output_ and the possibility to add my own _ssh check policy_. \r\n- See here for [example video](https://asciinema.org/a/7pliiw5zqhj7eqvz7q437u6vx)\r\n- See here for [example output](https://github.com/mozilla/ssh_scan/blob/master/examples/192.168.1.1.json)\r\n- See here for [example policies](https://github.com/mozilla/ssh_scan/blob/master/config/policies)\r\n\r\n**Additional context**\r\nA new ssh scanner could be combined with the existing port scanner (nmap) to check found ssh ports.\r\n\r\n## Steps to implement a new scanner\r\nA general guide how to implement a new scanner is documented [here]( https://github.com/secureCodeBox/secureCodeBox/blob/master/docs/developer-guide/README.md#developing-own-processes)\r\n\r\n### Must have\r\n- [x] Create a [new public secureCodeBox repository](https://github.com/organizations/secureCodeBox/repositories/new) for the scanner implementation\r\n- [x] Implement a new scanner microservice an reuse some of the existing stuff, if possible\r\n- [ ] Check if there is a [healthcheck](https://github.com/secureCodeBox/secureCodeBox/blob/master/docs/developer-guide/README.md#healthchecks-for-scanner-microservices) for the microservice implemented\r\n- [x] Implement a [new basic security process](https://github.com/secureCodeBox/secureCodeBox/blob/master/docs/developer-guide/README.md#developing-a-process-model) for the scanner\r\n- [x] Update the [docker-compose](https://github.com/secureCodeBox/secureCodeBox/blob/master/docker-compose.yml) files and integrate your new scanner there\r\n- [ ] Update the [user guide](https://github.com/secureCodeBox/secureCodeBox/tree/master/docs/user-guide) and [developer guide](https://github.com/secureCodeBox/secureCodeBox/tree/master/docs/developer-guide)\r\n- [x] Implement a integration test for the scanner [here](https://github.com/secureCodeBox/secureCodeBox/tree/master/test)\r\n\r\n### Should have\r\n- [ ] Update the [CLI examples](https://github.com/secureCodeBox/secureCodeBox/tree/master/cli)\r\n- [ ] Update the [Jenkins Pipeline](https://github.com/secureCodeBox/integration-pipeline-jenkins-examples) examples\r\n- [x] Update the [OpenShift Container Setup](https://github.com/secureCodeBox/ansible-role-securecodebox-openshift)\r\n","author":{"url":"https://github.com/rfelber","@type":"Person","name":"rfelber"},"datePublished":"2018-10-16T12:07:27.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":1},"url":"https://github.com/54/secureCodeBox/issues/54"}