Automate vulnerability remediation with scripting (Bash)
This lab demonstrates how to provision a Linux VM in Azure, perform vulnerability scanning using Tenable with DISA STIG compliance, introduce vulnerabilities intentionally, and apply automated remediation using bash scripts.
- π Step 1: Provision a Linux VM in Azure
- π§ Step 2: Configure Network & Access
- π± Step 3: Test Connectivity
- π Step 4: Initial Vulnerability Scan with Tenable
- π§ͺ Step 5: Introduce Vulnerabilities
- π Step 6: Second Vulnerability Scan
- π§° Step 7: Run Remediation Scripts
- π Step 8: Final Scan & Validation
- π§Ή Step 9: Clean Up
- π Summary
- π References
- Select a secure Linux distribution (e.g., Ubuntu 22.04 LTS).
- Avoid using default credentials like
labuser/Cyberlab123!.
-
Configure the VM with:
- Password authentication (for lab only)
- Public IP enabled
- NSG rules allowing SSH (port 22)
- OS Disk type:
Standard HDD
β οΈ Do not leave weak passwords or root access open β past labs have been breached due to exposed cloud VMs.
- Default method is SSH key pair.
- For lab purposes, set a strong password, but remember to delete the VM after testing.
-
In Azure, make sure your Network Security Group (NSG) includes:
- Inbound Rule: SSH (TCP/22)
- Inbound Rule: ICMP (Ping)
- Inbound Rule: Telnet (TCP/23) β temporarily for testing
β οΈ Only open Telnet for lab use and close it immediately after validation.
After VM is deployed and running:
ping <vm-public-ip>
ssh <username>@<vm-public-ip>Make sure:
- VM is reachable
- SSH login is successful
- Log in to cloud.tenable.com
- Create a new authenticated scan (Scan1)
- Use the Linux DISA STIG compliance template
-
Scanner Type:
- Use Internal Engine
-
Set scan target to the internal IP of the VM
-
Provide valid SSH credentials
-
Launch the scan
-
Export results (PDF or CSV)
Login to your VM using SSH, then:
sudo apt update
sudo apt install telnetd -y
sudo systemctl enable inetd.service
sudo systemctl start inetd.service
sudo systemctl status inetd.service
β οΈ Telnet is insecure and should be removed after testing.
sudo grep -q '^PermitRootLogin' /etc/ssh/sshd_config && \
sudo sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config || \
echo 'PermitRootLogin yes' | sudo tee -a /etc/ssh/sshd_config
sudo systemctl restart sshdsudo passwd root
# Enter password: root
β οΈ After enabling root, destroy or disable the VM immediately post-testing. Previous labs were compromised via open root logins.
- Launch a second authenticated scan after introducing vulnerabilities
-
Validate findings:
- Unencrypted Telnet service
- Insecure root credentials
- Export the results
Scan 2 - Vulnerbility Detection
Use provided bash scripts to remediate each finding.
π GitHub Script β Root Password
π GitHub Script β OpenSSL
chmod +x scriptname.sh
sudo ./scriptname.sh
- Reboot the VM:
sudo reboot-
Run a final authenticated scan in Tenable
-
Confirm:
- Telnet is removed
- Root password is changed
- OpenSSL is updated (if applicable)
- Export final scan results
Delete the VM to prevent exposure or costs:
| Stage | Task |
|---|---|
| β | Linux VM provisioned in Azure |
| β | NSG rules configured |
| β | Tenable baseline scan (Scan 1) |
| β | Vulnerabilities introduced |
| β | Second scan performed (Scan 2) |
| β | Remediation scripts executed |
| β | Final scan (Scan 3) and validation |
| β | VM deleted |
- Tenable Documentation
- DISA STIG Benchmarks
- Azure VM Documentation
- Remediation Scripts by Josh Madakor
π This lab simulates an enterprise workflow of provision β assess β harden β validate.