Features/SecurityAudit

From FedoraProject

< Features(Difference between revisions)
Jump to: navigation, search
(Comments)
(formatting fixes)
Line 35: Line 35:
 
* have a test result or even diff against previous run mailed to you
 
* have a test result or even diff against previous run mailed to you
 
* the rest pretty much depends on the tests, a few examples on what we currently have:
 
* the rest pretty much depends on the tests, a few examples on what we currently have:
* add '.' to your $PATH, watch it being reported by the path test
+
** add '.' to your $PATH, watch it being reported by the path test
* add a new suid executable, watch it being reported by the suid test
+
** add a new suid executable, watch it being reported by the suid test
* allow remote root login, watch it being repoted by the openssh test
+
** allow remote root login, watch it being repoted by the openssh test
* ..and many more (see list of existing tests below)
+
** ..and many more (see list of existing tests below)
  
 
== User Experience ==
 
== User Experience ==
Line 47: Line 47:
  
 
== Dependencies ==
 
== Dependencies ==
python, gtk(for GUI frontend) + interpreters for languages in which the tests are written - currently bash, python, clisp infrastructure is in place, perl is planned. All these are in Fedora already, so this should be no problem.
+
python, gtk(for GUI frontend) + interpreters for languages in which the tests are written - currently bash, python, clisp, perl. All these are in Fedora already, so this should be no problem.
  
 
== Contingency Plan ==
 
== Contingency Plan ==
Line 54: Line 54:
 
== Documentation ==
 
== Documentation ==
 
* Home page - https://fedorahosted.org/sectool
 
* Home page - https://fedorahosted.org/sectool
* Why sectool is better than other similar tools?
+
* Why sectool is better than other similar tools? - https://fedorahosted.org/sectool/wiki/WhySectool
* https://fedorahosted.org/sectool/wiki/WhySectool
+
 
* Writing new tests
 
* Writing new tests
* https://fedorahosted.org/sectool/wiki/BashTestTutorial
+
** https://fedorahosted.org/sectool/wiki/BashTestTutorial
* https://fedorahosted.org/sectool/wiki/PythonTestTutorial
+
** https://fedorahosted.org/sectool/wiki/PythonTestTutorial
* The list of existing tests
+
* The list of existing tests - https://fedorahosted.org/sectool/wiki/WishList
* https://fedorahosted.org/sectool/wiki/WishList
+
  
 
== Release Notes ==
 
== Release Notes ==

Revision as of 12:14, 10 July 2008

Contents

Feature Review

secTool

Summary

A security audit system and intrusion detection system

Owner

  • Name: PeterVrabec

Current status

Detailed Description

sectool is a security tool that can be used both as a security audit and an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Admins can run selected tests, groups or whole security levels.

Benefit to Fedora

Fedora will include a modern security audit tool.

Scope

Implementing the tool and write tests and documentation, so community can write their own tests.

Test Plan

  • run tests in graphical and textual interface
  • run the tool with increasing 'security levels', watch it reporting more potential problems
  • add a test with a description to the 'test repository', watch it being recognized by sectool
  • have a test result or even diff against previous run mailed to you
  • the rest pretty much depends on the tests, a few examples on what we currently have:
    • add '.' to your $PATH, watch it being reported by the path test
    • add a new suid executable, watch it being reported by the suid test
    • allow remote root login, watch it being repoted by the openssh test
    • ..and many more (see list of existing tests below)

User Experience

Users will have a tool that could check their systems for a security issues. They will also have documentation and libraries that help them write their own tests. Advanced users could benefit from having the text interface that is more easily scriptable and usable from cron.

Dependencies

python, gtk(for GUI frontend) + interpreters for languages in which the tests are written - currently bash, python, clisp, perl. All these are in Fedora already, so this should be no problem.

Contingency Plan

None needed, this is an addition to Fedora.

Documentation

Release Notes

sectool offers an security audit tool, which contains set of tests that scan system for security vulnerabilities.

Comments

  • (notting) Can we see sample reports on a stock Fedora install? It may be good to get automated runs of this...
(msamia) Yes, we watch this with every release (including test releases). The results are at [1].