Features/SecurityAudit

= secTool =

Summary
A security audit system and intrusion detection tool

Owner

 * Name: PeterVrabec

Current status

 * Targeted release: sectool-0.9.0
 * Last updated: Oct 9th 2008
 * Percentage of completion: 100%
 * Project homepage: https://fedorahosted.org/sectool
 * Already built in rawhide

Detailed Description
sectool is a security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels.

Benefit to Fedora
Fedora will include a modern security audit tool.

Scope
Implementing the tool and write tests and documentation, so community can write their own tests.

Test Plan
* basic options: --help/--version/--list/--info * run tests: * run test in default setting (--run testname) * run bootloader test in level 5 settings (--level 5 --run bootloader) * run all test selected for certain level (sectool --level 3) * all tests from level 1 + path - integrity (--level 1 --include path --exclude integrity) * more info * display hints (--hint) * display debug info (--debug) * create custom configuration in /etc/sectool/sectool.conf and run it (-a) * check diff option * sectool --run suid; chmod a+s /bin/cp; sectool --run suid --diff; chmod a-s /bin/cp * remove results.xml (--clean) * check email support * sectool --run home_files --mail jhrozek@redhat.com * via sectool.conf (SEND_ATTACHMENT=diff, SEND_BODY=full) * check /var/log/sectool.log file * if properly formated * logrotate handles this file * check "--refresh" option * certain tests(route,suid,selinux,openssh) use persistent data, that could be re-initialized * see documentation /usr/share/doc/sectool-0.9.0/tests_documentation.html * different switches * create custom selections of test in your favourite level and see if it persist app. restart * https://fedorahosted.org/sectool/wiki/NewReleaseTesting * https://fedorahosted.org/sectool/wiki/UserDocumentation
 * perfom sectool engine test via TUI
 * check that the tests do what they are supposed to do
 * play with sectool-gui
 * another sources:

User Experience
Users will have a tool that could check their systems for a security issues. They will also have documentation and libraries that help them write their own tests. Advanced users could benefit from having the text interface that is more easily scriptable and usable from cron.

Dependencies
python, gtk(for GUI frontend) + interpreters for languages in which the tests are written - currently bash, python, clisp, perl. All these are in Fedora already, so this should be no problem.

Contingency Plan
None needed, this is an addition to Fedora.

Documentation

 * Home page - https://fedorahosted.org/sectool
 * Why sectool is better than other similar tools? - https://fedorahosted.org/sectool/wiki/WhySectool
 * Writing new tests
 * https://fedorahosted.org/sectool/wiki/BashTestTutorial
 * https://fedorahosted.org/sectool/wiki/PythonTestTutorial
 * The list of existing tests - https://fedorahosted.org/sectool/wiki/WishList

Release Notes
sectool offers an security audit tool, which contains set of tests that scan system for security vulnerabilities.

Comments and Discussion
See Talk:Features/SecurityAudit