Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
ext
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

pyoocs

alt text

Out of Compliance Scanner for Linux

A customizable and modular security scanner for Linux

Project name pyoocs
Tags Utilities/Security
License GPL v3+
Operating System Linux
Implementation - scan engine Python 2.4+, Python 3
Implementation - front-end Bootstrap, Angular, JavaScript
Implementation - back-end Node.js, Express, Passport, MongoDB 3.2
Current status beta

Overview

This project is at an early stage of development and only a few modules are currently available:

  • environment: checks the root environment
  • filesystem: checks for mandatory filesystems and mount options and for system files permissions
  • kernel: check the kernel runtime configuration
  • packages: make some checks on installed packages and rpm database
  • services: check whether a list of services are running or not
  • sudo: checks for root rights given to users and security issues

The checks are configurable via a JSON file. You can found an example here

In particular three different output formats are supported:

  • console: print the output to the console:
 "oocs-output" : "console",
  • json: print the output to the console, but in json format:
 "oocs-output" : "json",
  • html: run an http server for displaying the result of the scan:
 "oocs-output" : "html",
 "oocs-html-opts": {
     "baseUrl": "http://localhost:8000/",
     "publicDir": "/srv/www-oocs/html/server/public/"
 },

The html mode is intended for debug and testing only. Use the script oocs-htmlviewer.py instead, or the Node.JS viewer coupled with a MongoDB backend.

Screenshot of the Web Interface

PyOOCS also provides a (single page MVC) web application, based on the UI Boostrap and AngularJS technologies, that let you browse the list of the available security reports and select which one to check. The scanning data is stored in a MongoDB database ('oocs').

Here's a screenshot of a detailed server report. Note that this server is tagged in red color because some critical deviations have been detected. Each class of vulnerabilities (critical or warning) can be inspected by selecting the appropriate tab, which also show the number of occurrences that have been detected. By default all the tests are displayed.


alt text

Image 1. Screenshot of the scan view

alt text

Image 2. Screenshot of the scan-detail view

About

Out of Compliance Scanner for Linux

Resources

License

Releases

No releases published

Packages

No packages published