System security is a very broad terminology so there is no one tool that will give you such a report. Bastille is an Xwindow tool that walks you through several dozen checks and suggestions. However, security isn't jst closing ports. It is password rule policies, proper directory and file permissions, security policies in the /etc/default/security file (which may not exist on your system and needs to be created), getting all the security patches installed, setting up Trusted system and policies, etc. Then if your system is exposed to the Internet, you'll need to setup even more security features, following the procedures for making a Bastion host as in:
http://www.windowsecurity.com/whitepaper/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html You also need to develop a sysadmin policy about root logins. The ideal rule is "no root logins allowed, ever". This means you use sudo for all sysadmins and your syslog file is kept on a another server. And for good measure, lock down remote access with the inetd.sec file in /var/adm. Then add the Intrusion Detection package and you should be set. By the way, documenting all the steps to get here becomes your security report. Tools like nessus and nmap just poke around from the outside. Some of your biggest threats will be from users and insiders.
Bill Hassell, sysadmin
