Chapter 20. Tool: Software Inventory
Understanding what software is installed across your enterprise is a key step in maintaining the security of your network. This information not only gives you better situational awareness, but also can be used to implement more-advanced security controls such as application whitelisting. Once you have identified the software running across your enterprise, you can make a determination as to what should be allowed, and add it to a whitelist. Anything not on the whitelist, such as malware, will not be able to execute.
Tip
For more information on application whitelisting for Windows, see Microsoft’s documentation.
For Linux, see Security Enhanced Linux.
In this chapter, we develop the script softinv.sh to obtain a list of software installed on a particular system for later aggregation and analysis. Here are the requirements:
-
Detect the operating system in use.
-
Run the appropriate commands to list installed software.
-
Save the list of installed software to a text file.
-
The file will be named using the format hostname_softinv.txt, where hostname is the name of the system on which the script was run.
Commands in Use
We introduce apt, dpkg, wmic, and yum to query what software is installed on a system. Which tool you use will depend on whether you are running on Linux or Windows, and even which distribution (distro) of Linux you are using (e.g., Ubuntu versus RedHat).
apt
The Advanced Packaging Tool (APT) allows you to install and manage ...
Get Cybersecurity Ops with bash now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
