- Tool to continuously monitor our operating systems.
- Compare and implement different security tools.
- Keep time trending record of the report.
- Identify specific critical rules.
- Report to Nagios.
When executing the program for the first time you can run CopyFiles script to place in the specific directories the needed files to run the assessments. To check if it is working, you can run the cron job file. It is configured to run daily.
bash ./CopyFiles # will copy files in their default directories
/etc/cron.daily/RunBaseScapTest # will execute baseline audit
/etc/cron.daily/RunVulnScapTest # will execute vulnerability audit
yum install perl-XML-Twig perl-XML-LibXML perl-Config-General openscap-scanner scap-security-guide bzip2 wget unzip
zypper install perl-XML-Twig perl-XML-LibXML perl-Config-General openscap-content openscap-utils bzip2 wget
apt-get install xml-twig-tools libxml-twig-perl libxml-libxml-perl libconfig-general-perl libopenscap8 bzip2 wget
apt-get install libconfig-general-perl libxml-twig-perl libxml-libxml-perl libopenscap8 bzip2 wget
Windows can be assessed by CIS-CAT baseline and vulnerabilities features.
These scripts support OpenSCAP and CIS-CAT assessment tools.
The config file includes OpenSCAP as the default assessment tool. If the operating system is not supported by OpenSCAP, the program will die and output the requirements. For running openscap, you can simply execute the cronjob files as stated above, or run the files directly from lib.
/usr/local/lib/scaptest/BaseScapTest.pl # baseline test
/usr/local/lib/scaptest/VulnScapTest.pl # vulnerabilites test
In order to run CIS-CAT you need to download it from their web page and extract it at the /usr/local/lib/scaptest directory. It needs openJDK installed in order to run. The current script is assuming that the jdk package is extracted in the working directory. In order to run this program specify where your java path is located.
At the moment CIS-CAT is set to a full auto assessment. In case you want to specify a specific benchmark file, add a line to the configuration file as it follows:
{operating_system}{version}_XCCDF_cis_file = {cis-cat_xccdf_file}
Example: centos6_XCCDF_cis_file = CIS_CentOS_Linux_6_Benchmark_v2.0.1-xccdf.xml
To download the CIS-CAT bundle you need a licence, however, it can be downloaded from https://community.cisecurity.org/collab/public/. The Oracle JDK package can be downloaded from http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html?ssSourceSiteId=otnes.
The program will produce by default:
- State file - will keep some variables from the system
- Last result file - will keep the last result of the audit
- Trending file - will keep a number of results from previous assessments
- HTML result (turn save_html = true in config file)
- XML result (turn save_html = true in config file)
hostname SCAP WARN - Score 85% (123/145) 2-High 3-Medium 2-Low Crit CCEs: 0-fail # baseline
hostname SCAP CRIT - Score 7 Vulnerabilities 2-High 3-Medium 2-Low Crit CVEs: 0-fail # vulnerabilities
The script WindowsCISAnalyze.py lets the admin summarize scores from CIS-CAT Windows baseline and vulnerabilities assessments. This file is a separate script that needs to be ran manually but it can be scheduled by a cron job. The output file looks like:
Date CIS-CAT Vulnerability Assessment - Last Updated On Wednesday, May 17 2017 00:09:56
Host: SCAPTEST, OS: Windows 8, Score: 867 Vulnerabilities 741-High 102-Medium 17-Low
Host: SCAPTEST, OS: Windows 8, Score: 767 Vulnerabilities 641-High 102-Medium 17-Low
WARN: The number of scores 8 is less than your number of hosts 16
- Perl
- OpenSCAP - assessment tool
- CIS-CAT - assessment tool
- SCAP Security Guide - XML feeds for baseline assessments
- Jordan Alexis Caraballo-Vega - University of Puerto Rico at Humacao
- Graham Mosley - University of Pennsylvania
- SCAP National Institute of Standards and Technology (2009). The Security Content Automation Protocol (SCAP). Retrieved on June, 2016 from https://scap.nist.gov
- NVD Database National Vulnerability Database. Retrieved on June, 2016 from https://nvd.nist.gov/
- OVAL Open Vulnerability and Assessment Language. Retrieved on June, 2016 from http://oval.mitre.org/
- OpenSCAP OpenSCAP. Retreived on June, 2016 from https://www.open-scap.org/
- CIS-CAT Center for Internet Security. Retrieved on June, 2016 from https://benchmarks.cisecurity.org/
- George Rumney
- John E. Jasen
- Bennett Samowich
- Maximiliano Guillen
- Zed Pobre