Security/Audit/Sectool/Brief
Aller à la navigation
Aller à la recherche
Introduction
sectool est un logiciel de sécurité qui peut être employé comme audit de sécurité et de système de détection d'intrusion. Il se compose d'un ensemble de tests, de bibliothèques et même d'une interface graphique graphique. Les tests sont classés par groupes et par niveaux de sécurité.
Les administrateurs peuvent lancer un ou plusieurs tests, un groupe ou un niveau de sécurité entiers.
Configuration
Le contenu du fichier de configuration <path>/etc/sectool/sectool.conf</path> est par défaut bien renseigné.
[OUTPUT]
# number of messages per test we'd like to limit.
# Set this to 0 to have unlimited amount of messages
MSG_LIMIT=100
[ACTION]
# which security level we run
# 1 - Naive - pretty basic and short set of tests,
# 2 - Desktop - set of tests prepared to run on box not connected to internet,
# 3 - Network - standard client machine connected to internet,
# 4 - Server - network server,
# 5 - Paranoid - bunch of tests for paranoid admins.
LEVEL=3
# It is also possible to include/exclude tests from their defined levels
# with +test or -test - semantics is the same as with --include/--exlude
[PATHS]
# paths to desciption files
DSC_DIR=/etc/sectool/tests
# paths to tests
TESTS_DIRS=/usr/libexec/sectool/tests
# place for persistant data
TDATA_DIR_BASE=/var/lib/sectool
# place for temporary data
TEMP_DIR=/tmp
[RESULTS]
# this file is usually used to generate diffs against the previous run.
RESULT_FILE=results.xml
[ENVIRONMENT]
# this is used to pass environment variables to all tests
PATH=/sbin:/bin:/usr/sbin:/usr/bin
[MAIL]
# what's in the mail body
# SEND_BODY=(full | diff | none)
SEND_BODY=diff
# what's in the mail attachment
# SEND_ATTACHMENT = (full | diff | none)
SEND_ATTACHMENT = full
# do we use smtp or local sendmail for sending the mail
# TARGET=(local | smtp)
TARGET=local
# username or None for no authentication
# SMTP_USER = (username | None)
# password or None for no authentication
# SMTP_PASSWD = ( password | None )
# smtp server to send emails via
# SMTP_SERVER = localhost
Exemple d’exécution
- niveau paranoïaque
- demande de rapport final
sectool -L 5 --report
group ->
group: REUSSIR
passwd ->
passwd: REUSSIR
shadow ->
shadow: REUSSIR
home_dirs ->
home_dirs: REUSSIR
home_files ->
home_files: REUSSIR
root_dirs ->
root_dirs: REUSSIR
filesystem ->
filesystem: REUSSIR
path ->
path: REUSSIR
firewall ->
firewall: REUSSIR
netserv ->
netserv: REUSSIR
openssh ->
Attention: ClientAliveCountMax is set to 0 (no limit)
openssh: ATTENTION
openvpn ->
Attention: Test openvpn tests package openvpn which is not installed, cannot run the test
openvpn: INVALIDE
removedlibs ->
removedlibs: REUSSIR
xinetd ->
Attention: Test xinetd tests package xinetd which is not installed, cannot run the test
xinetd: INVALIDE
suid ->
suid: REUSSIR
logfiles ->
logfiles: REUSSIR
pam ->
Attention: Account lockout after repetitive failed login attempts is not configured.
pam: ATTENTION
permissions ->
permissions: REUSSIR
exec-shield ->
exec-shield: REUSSIR
selinux ->
selinux: REUSSIR
mountopt ->
mountopt: REUSSIR
aliases ->
aliases: REUSSIR
cron ->
cron: REUSSIR
vsftpd ->
Attention: Test vsftpd tests package vsftpd which is not installed, cannot run the test
vsftpd: INVALIDE
nfs ->
Attention: Test nfs tests package nfs-utils which is not installed, cannot run the test
nfs: INVALIDE
tcp_wrappers ->
tcp_wrappers: REUSSIR
routing ->
routing: REUSSIR
----- Lancer un rapport -----
Total des tests lancés : 27
Réussi : 21
Avertissements : 2
Erreurs : 0
Invalid runs : 4
Echecs : 0
Erreurs fatales : 0