na0AaooQ/example-lambda-amazon-inspector-assessment.js

## example-lambda-amazon-inspector-assessment.js
'use strict';

// http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Inspector.html#startAssessmentRun-property
var AWS = require('aws-sdk')
  , inspector = new AWS.Inspector({ apiVersion: '2016-02-16' })
  ;

exports.handler = (event, context) => {

  console.log('Start Amazon Inspector AssessmentRun');

  // Add timedate to description
  var date = new Date();
  var year = date.getFullYear();
  var month = date.getMonth() + 1;
  var day = date.getDate();
  var hour = date.getHours();
  var minutes = date.getMinutes();
  if ( day < 10 ) {
    day = '0' + day;
  }
  // UTC to JST
  hour += 9;
  if ( hour < 10 ) {
    hour = '0' + hour;
  }
  if ( minutes < 10 ) {
    minutes = '0' + minutes;
  }
  var assessmentRunDate = '-' + year.toString() + month.toString() + day.toString() + '-' + hour.toString() + minutes.toString();

  var params = {
    assessmentTemplateArn: 'arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX',
    assessmentRunName: 'example-server' + assessmentRunDate
  };

  inspector.startAssessmentRun(params, function(err, data) {
    if (err) context.done(err, err.stack);
    else context.done(null, data);
  });

};

## file0.txt
[ec2-user@example-server ~]$ vi /home/ec2-user/start_amazon_inspector.sh
#!/bin/bash

date

/usr/bin/aws inspector start-assessment-run --region ap-northeast-1 --assessment-template-arn "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX" --assessment-run-name "`/bin/hostname`-`/bin/date '+%Y%m%d-%H%M%S'`"

date

## file1.txt
[ec2-user@example-server ~]$ cat /home/ec2-user/start_amazon_inspector.sh
#!/bin/bash

date

/usr/bin/aws inspector start-assessment-run --region ap-northeast-1 --assessment-template-arn "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX" --assessment-run-name "`/bin/hostname`-`/bin/date '+%Y%m%d-%H%M%S'`"

date
[ec2-user@example-server ~]$

## file2.txt
[ec2-user@example-server ~]$ sh -n /home/ec2-user/start_amazon_inspector.sh
[ec2-user@example-server ~]$

## file3.txt
[ec2-user@example-server ~]$ chmod 755 /home/ec2-user/start_amazon_inspector.sh
[ec2-user@example-server ~]$

## file4.txt
[ec2-user@example-server ~]$ crontab -l
MAILTO=example@example.com

## Amazon Inspectorによるセキュリティ脆弱性評価を自動実行する(毎日20:10に脆弱性評価を自動実行する)
10 20 * * * /home/ec2-user/start_amazon_inspector.sh > /tmp/AmazonInspector.log 2>&1
[ec2-user@example-server ~]$

## file5.txt
[ec2-user@example-server ~]$ cat /tmp/AmazonInspector.log
Mon Nov 21 20:06:00 JST 2016
{
    "assessmentRunArn": "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX/run/0-XXXXXXXX"
}
Mon Nov 21 20:06:01 JST 2016
[ec2-user@example-server ~]$
	'use strict';

	// http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Inspector.html#startAssessmentRun-property
	var AWS = require('aws-sdk')
	, inspector = new AWS.Inspector({ apiVersion: '2016-02-16' })
	;

	exports.handler = (event, context) => {

	console.log('Start Amazon Inspector AssessmentRun');

	// Add timedate to description
	var date = new Date();
	var year = date.getFullYear();
	var month = date.getMonth() + 1;
	var day = date.getDate();
	var hour = date.getHours();
	var minutes = date.getMinutes();
	if ( day < 10 ) {
	day = '0' + day;
	}
	// UTC to JST
	hour += 9;
	if ( hour < 10 ) {
	hour = '0' + hour;
	}
	if ( minutes < 10 ) {
	minutes = '0' + minutes;
	}
	var assessmentRunDate = '-' + year.toString() + month.toString() + day.toString() + '-' + hour.toString() + minutes.toString();

	var params = {
	assessmentTemplateArn: 'arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX',
	assessmentRunName: 'example-server' + assessmentRunDate
	};

	inspector.startAssessmentRun(params, function(err, data) {
	if (err) context.done(err, err.stack);
	else context.done(null, data);
	});

	};
	[ec2-user@example-server ~]$ vi /home/ec2-user/start_amazon_inspector.sh
	#!/bin/bash

	date

	/usr/bin/aws inspector start-assessment-run --region ap-northeast-1 --assessment-template-arn "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX" --assessment-run-name "`/bin/hostname`-`/bin/date '+%Y%m%d-%H%M%S'`"

	date
	[ec2-user@example-server ~]$ cat /home/ec2-user/start_amazon_inspector.sh
	#!/bin/bash

	date

	/usr/bin/aws inspector start-assessment-run --region ap-northeast-1 --assessment-template-arn "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX" --assessment-run-name "`/bin/hostname`-`/bin/date '+%Y%m%d-%H%M%S'`"

	date
	[ec2-user@example-server ~]$
	[ec2-user@example-server ~]$ sh -n /home/ec2-user/start_amazon_inspector.sh
	[ec2-user@example-server ~]$
	[ec2-user@example-server ~]$ chmod 755 /home/ec2-user/start_amazon_inspector.sh
	[ec2-user@example-server ~]$
	[ec2-user@example-server ~]$ crontab -l
	MAILTO=example@example.com

	## Amazon Inspectorによるセキュリティ脆弱性評価を自動実行する(毎日20:10に脆弱性評価を自動実行する)
	10 20 * * * /home/ec2-user/start_amazon_inspector.sh > /tmp/AmazonInspector.log 2>&1
	[ec2-user@example-server ~]$
	[ec2-user@example-server ~]$ cat /tmp/AmazonInspector.log
	Mon Nov 21 20:06:00 JST 2016
	{
	"assessmentRunArn": "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX/run/0-XXXXXXXX"
	}
	Mon Nov 21 20:06:01 JST 2016
	[ec2-user@example-server ~]$