Mongoaudit: Performs security audits on a MongoDB database with this tool
Given the security problems that exist in many services available through the Internet, it is never a bit of help. The developers of Stampery have created a tool called Mongoaudit that allows security audits on MongoDB databases. In addition, detecting errors offers recommendations to end the problem.
The app saw the light two weeks ago. According to the information released by the developers, it is compatible with Windows 10, Linux and MacOS. Although we have not said it yet, it is a tool that lacks a graphical interface. Its operation is based on the command line of the operating systems mentioned above.
The easiest way to install the tool is to install Python and PIP on your computer and write the following:
Pip install mongoaudit
However, for all those who do not have it or do not want to install it, they can do it by writing the following:
Curl -s https://mongoaud.it/install | Bash
If the installation takes place without any problems and all dependencies of other packages are controlled, we can run the application once the process is finished by typing the following in the console:
From here, we are already within the application and we can enjoy the existing functions.
MongoAudit security audits
Most relevant details of Mongoaudit
From the outset, it must be said that there are two types of analysis: basic and advanced.
To run the basics you only need the database address and the port on which you are listening. From here the program will perform a series of checks at the configuration level that will allow you to detect existing problems and thus stop. In addition to this, you will check if there are any known vulnerabilities. The current listing is as follows:
Security bug CVE-2015-7882
Security bug CVE-2015-2705
Security bug CVE-2014-8964
Security bug CVE-2015-1609
Security bug CVE-2014-3971
Security bug CVE-2014-2917
Security bug CVE-2013-4650
Security bug CVE-2013-3969
Security bug CVE-2012-6619
Security bug CVE-2013-1892
Security bug CVE-2013-2132
In the case of choosing the advanced analysis of the database, it will be necessary to provide the connection parameters indicated in the previous type of analysis together with the access credentials of the database to be tested. In addition to the list of checks mentioned above with regard to errors, you have to add two more options:
Users with permissions in a database.
User roles only allow CRUD operations.
As the analyzes are completed, the user will be able to verify the error messages sent by Mongoaudit. At the end of the process a count will be shown with the positively evaluated points and those that need to be improved. The analysis will not last more than a minute, although it must be said that it depends on the capacity of the equipment that owns the database and the level of load of load at that moment.
What is really useful about this tool is that the aspects to be improved are explained in detail, inviting the user to apply certain measures to solve the problem detected.