On Tue, May 12, 2015 at 6:57 PM, autodidactic <theoriginalg...@gmail.com> wrote: > Are there any updates to this feature or documentation about it? I see vary > raw documentation in the sample CIS benchark policy audit files, but leaves > me guessing about some of it? I want to write the policy for the newer CIS > benchmarks for EL6 and EL7... any help or pointers to where I can learn more > would be helpful... >
I haven't written anything about it, and I haven't looked into it enough to know the answers. > also, i'm not sure how to implement a permissions check via this system. is > it possible or perhaps it is not? > > > On Thursday, July 10, 2008 at 12:43:36 PM UTC-7, Daniel Cid wrote: >> >> Hi list, >> >> I just posted in my blog about the new support for CIS benchmarks on >> OSSEC and I want to hear >> the feedback anyone may have. >> >> Link: http://www.ossec.net/dcid/?p=137 >> >> >> " >> We just included support in the OSSEC Policy monitor to audit if a >> system is in compliance with the CIS Security Benchmarks >> (as of right now, only RHEL2-5, Fedora 1-5 and Debian/Ubuntu are >> supported - the other versions will be soon). >> >> If you want to try it out manually and provide some feedback to us, >> please follow the instructions bellow to test: >> >> >> First, grab the latest CVS snapshot and compile it (it will be >> included on v1.6 and above): >> >> # wget http://www.ossec.net/files/snapshots/ossec-hids-080710.tar.gz >> # tar -zxvf ossec-hids-080710.tar.gz >> # cd ossec-hids-080710/src/ >> # make clean >> # make libs >> # cd rootcheck >> # make binary >> >> The binary ossec-rootcheck will be created on the current directory >> and we can start using it. A simple scan on my Ubuntu >> box looked like this: (note, that it will do all the normal rootcheck >> tests plus the CIS scans -- just grep for CIS if you don't want to see >> the rest): >> >> # ./ossec-rootcheck >> .. >> >> [INFO]: System Audit: CIS - Testing against the CIS Debian Linux >> Benchmark v1.0. File: /proc/sys/kernel/ostype. Reference: >> http://www.ossec.net/wiki/index.php/CIS_DebianLinux . >> >> [INFO]: System Audit: CIS - Debian Linux 1.4 - Robust partition >> scheme - /tmp is not on its own partition. File: /etc/fstab. >> Reference: http://www.ossec.net/wiki/index.php/CIS_DebianLinux . >> >> [INFO]: System Audit: CIS - Debian Linux 1.4 - Robust partition >> scheme - /var is not on its own partition. File: /etc/fstab. >> Reference: http://www.ossec.net/wiki/index.php/CIS_DebianLinux . >> >> [INFO]: System Audit: CIS - Debian Linux 2.3 - SSH Configuration - >> Root login allowed. File: /etc/ssh/sshd_config. Reference: >> http://www.ossec.net/wiki/index.php/CIS_DebianLinux . >> >> [INFO]: System Audit: CIS - Debian Linux 2.4 - System Accounting - >> Sysstat not enabled. File: /etc/default/sysstat. Reference: >> http://www.ossec.net/wiki/index.php/CIS_DebianLinux . >> >> [INFO]: System Audit: CIS - Debian Linux 4.18 - Disable standard >> boot services - Squid Enabled. File: /etc/init.d/squid. Reference: >> http://www.ossec.net/wiki/index.php/CIS_DebianLinux . >> >> [INFO]: System Audit: CIS - Debian Linux 7.2 - Removable partition >> /media without 'nodev' set. File: /etc/fstab. Reference: >> http://www.ossec.net/wiki/index.php/CIS_DebianLinux . >> >> [INFO]: System Audit: CIS - Debian Linux 7.2 - Removable partition >> /media without 'nosuid' set. File: /etc/fstab. Reference: >> http://www.ossec.net/wiki/index.php/CIS_DebianLinux . >> >> [INFO]: System Audit: CIS - Debian Linux 7.3 - User-mounted >> removable partition /media. File: /etc/fstab. Reference: >> http://www.ossec.net/wiki/index.php/CIS_DebianLinux . >> >> [INFO]: System Audit: CIS - Debian Linux 8.8 - GRUB Password not >> set. File: /boot/grub/menu.lst. Reference: >> http://www.ossec.net/wiki/index.php/CIS_DebianLinux . >> >> .. >> >> >> Anyone here using CIS (or FDCC)? As always, feedback and suggestions >> are welcome. >> " >> >> >> Thanks, >> >> -- >> Daniel B. Cid >> dcid ( at ) ossec.net > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.