How Can We Help you?

How Can We Help you?

  1. Home
  2. Knowledge Base
  3. Scan & Reports
  4. Set up external and internal scans
  5. Install the Autobahn internal probe

Install the Autobahn internal probe

This user manual will instruct you on how to install the Autobahn internal probe to run internal scans with the Autobahn engine

1. Request the internal probe

Before you begin, you need an installation file. You can get it from your Customer Success Manager. Once you have the file, proceed with the installation on your system.
If you encounter any difficulties during the process, feel free to contact us for further assistance.

2. Whitelisting rules

The Autobahn probe (worker) is deployed via a Docker image. This server hosting the Docker needs to be able to reach the following IP addresses to provide direct (secured) connection between your system and Autobahn:

  • http://hub.docker.com:443
  • auth.docker.io:443
  • registry-1.docker.io:443
  • http://index.docker.io/:443
  • dseasb33srnrn.cloudfront.net:443
  • http://production.cloudflare.docker.com/:443
  • mq.app.autobahn-security.com:443

 3. Install the internal probe

The server hosting the Docker should have: at least 4 CPU cores, 8 GB RAM, 100GB HDD, and Internet access.

 1 - You need to have Docker installed on your system. Use the following command on Ubuntu:

$ sudo apt install docker.io
Ensure your user account has permission to run this command.
For more information, check out Docker: Accelerated, Containerized Application Development. Please note that the Docker installation steps may differ depending on the installed operating system. Please refer to Docker's official site for an installation tutorial based on the operating system (Install Docker Engine). After installing Docker, please follow the post-installation step as described in Linux post-installation steps for Docker Engine.

2 - Next, ensure that your user account can start Docker containers by running these commands:

$ sudo groupadd docker
$ sudo usermod -aG docker ${USER}
At this point, you need to log out and log in again for the group change to be effective. 
$ docker ps
3 - Execute the following command to extract the configuration and installation files, and to install the Autobahn Docker image. 
$ unzip probe_name.zip
Replace probe_name with the name of the zip file that was provided to you by Customer Success Manager. This should be the name of the probe label.
Next, go to the worker. 
$ cd autobahn_worker
4 - Now you need to run the Autobahn worker. This worker needs to run when starting an internal scan, otherwise the scan will not start. Run the worker using the following command. 
$ ./autobahn_probe.sh run
5 - The prompt will notify you that the worker is running. You can only start internal scans by running the worker (given all steps above and below have been completed).

4. Test the probe

If you are unsure whether whitelisting for the internal scan was successful, you can check this with the following command in your command prompt.

./autobahn_probe.sh network-test [target] [optional: ports] [optional: extra params]

where:

  • Target is the asset that you would like to scan

  • Ports are the specified asset ports to be scanned (if any)

  • Extra params are for any other parameters that would like to be added (if any)

Targets can either be a domain, an IP address, or a subnet. If no ports are specified, ports 22, 80, and 443 will be scanned.

Once you run this command, refer to the script output to check whether the selected targets have been whitelisted or not.

Example commands

 ./autobahn_probe.sh network-test '192.168.0.0/24'
--> Commands the system to do network tests to a specific subnet and default ports (22, 80, 443) 
./autobahn_probe.sh network-test '192.168.0.0/24' '22,80,443,3307'
--> Commands the system to do network tests to specific subnets and specific ports 
./autobahn_probe.sh network-test '192.168.0.0/24' '22,80,443,3307' '-6'
--> Commands the system to do network tests to specific subnets, and specific ports, and pass extra arguments to Nmap.

5. Create your internal scan

You have successfully installed the internal probe. You can now start internal scans by logging into your account and creating a scan.

6. Log Autobahn worker data

By default, the Autobahn worker container will send log data to the Autobahn server for diagnostic, debugging, and troubleshooting purposes. If you do not want these logs sent, please run the command: 
$ ./autobahn_probe.sh disable-log-exports
To enable sending logs, run this command: 
$ ./autobahn_probe.sh enable-log-exports
In case further log data is required for troubleshooting, the command below will collect necessary logs and information from the Autobahn worker and compress it to a single file: 
 $ ./autobahn_probe.sh collect-logs
The compressed file will be created in the same directory as the script.

7. Other useful commands

7.1. Upgrade to the latest Autobahn worker version

$ ./autobahn_probe.sh run

7.2. Uninstall the Autobahn worker from Docker:

 $ ./autobahn_probe.sh uninstall

7.3. Perform a network test to check whether a specific domain / subnet is reachable from the server:

 $ ./autobahn_probe.sh network-test

7.4. For more information on each script, run them with

./autobahn_probe.sh help