List Info

Thread: looking to test the audit function
looking to test the audit function
user name
 2007-05-23 08:23:32 

  


  

    

I just noticed that nessus client has
an audit function for linux os.  The file used (.audit) can also be
configured to match specific policy requirements (i.e. password length,
etc.) This reminds me a lot of DoD's SRR approach but with a little more
flexibility.  I'm trying to convince management here to purchase a
license but without something to show them (i.e. a basic nessus scan report
vs the audit compliance report) it really doesn't mean anything.  I
can take the time to view the videos and all the pages but mgmt doesn't
want to be bothered with all that, they just want a report.



I'd like to be able to get a small .audit
file that I might be able to run against one of our systems to give them
a comparative report.  If anyone has something I can look at I'd appreciate
it.



There is another problem.  I know
that the Nessus Security Center might not be free so I'm using something

different.  I use the nessj client.  I'm not exactly sure if
it can use a .audit file to check the compliance on a linux box.  There
is a variable where you can load or use a file with compliance checks for
a windows box but I haven't seen anything for linux.



If anyone has any experience with these
tools or has a .audit file I might be able to use I'd really appreciate
it as would tenable.




Thanks



Frank Kenisky IV, CISSP, CISA, CISM

Information Technical Security Specialist

(210) 301-6433 - (210) 887-6985


  

  
  
   
     
    

  

    Re:  looking to test the audit function
  


  

     user name

     2007-05-24 10:32:33
  


  

    
On 05/23/07 09:23, Frank_Keniskypsc.uscourts.gov wrote:

> I'm trying to convince 
> management here to purchase a license but without
something to show them 
> (i.e. a basic nessus scan report vs the audit
compliance report) it 
> really doesn't mean anything.  

We've just added a section on the Tenable website with
several example 
reports:

   ht
tp://www.tenablesecurity.com/demos/reports.shtml

> I use the nessj client. 
> I'm not exactly sure if it can use a .audit file to
check the 
> compliance on a linux box.  There is a variable where
you can load or 
> use a file with compliance checks for a windows box but
I haven't seen 
> anything for linux.

I don't have any experience with nessj, but the NessusClient
GUI client 
offers support for compliance checks under the Prefs section
(eg, look 
for "Unix Compliance Checks") provided the Nessus
server itself supports 
them. [You'll need to be running Nessus 3.x and have a
direct feed to 
see them.]

George
-- 
thealltenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writerslist.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers



  


  

    
  

  
  
   
     
    






 [1-2]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )