HPE Community
Operating System - HP-UX
1819684 Members
3393 Online
109605 Solutions
New Discussion юеВ

Security Audit Tools

 
swtw
Occasional Contributor

тАО11-01-2008 02:49 PM

тАО11-01-2008 02:49 PM

Security Audit Tools

Hi all,

I would like to find out from the experts, beside Bastille, what other security tools are recommended to be used in auditing a HPUX 11i system?

TIA.
0 Kudos
Reply
7 REPLIES 7
VK2COT
Honored Contributor

тАО11-02-2008 03:32 PM

тАО11-02-2008 03:32 PM

Re: Security Audit Tools

Hello,

Bastille is not much of an auditing tool.
It is more for tightening security.

It seems you are asking about tools to
audit the setup of an HP-UX server.

There are many. For example, you could easily
build a Linux-based server with
literally hundreds of tools:

http://backtrack.unixheads.org/

Boot off this image and all the tools are there.

If you want to learn more about the best
tools just go to:

http://sectools.org/

Regards,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Reply
Emil Velez
Honored Contributor

тАО11-02-2008 06:51 PM

тАО11-02-2008 06:51 PM

Re: Security Audit Tools


You can turn on auditing and use the audsys to audit either users, systemcalls.

the audsys command is used to specify what to audit and the auddisp command is used to display audit records.

Auditing on 11.23 does not require conversion to trusted systems if you have Trusted Migration and SMSE security loaded.
0 Kudos
Reply
swtw
Occasional Contributor

тАО11-03-2008 12:32 AM

тАО11-03-2008 12:32 AM

Re: Security Audit Tools

Thanks for the response.

I am actually looking for security tools that can scan UX security-related settings.

I have use Bastille and it does perform a list of test. Does UX has any other tools beside Bastille that can perform a more comprehensive sets of test?
0 Kudos
Reply
Robert Fritz
Regular Advisor

тАО11-03-2008 09:57 AM

тАО11-03-2008 09:57 AM

Re: Security Audit Tools

Hi there,

Ever since Bastille 3.0, where we added auditing to Bastille, I think Bastille is the most comprehensive tool I've seen for host-based HP-UX security auditing (with respect to hardening policy). Other general engines include cis-cat from CIS and Medusa, though those are less comprehensive, and more error prone. SWA (Software Assistant, configured by Bastille), audits security-patch-level.

Of course there's always off-host tools to check for vulnerabilities (vs. hardening policy) like Nessus, though the false-positive rate on those can be annoying.


If you want real-time monitoring, some others mentioned that there are some included monitoring tools like kernel-level monitoring (audsys, configured by Bastille). Also there's log modes for IPFilter, and you'll also find that HIDS does some decent logging.

Is there a concern with Bastille, or were you just trying to get a sense of the "field?" Note that Bastille's audit and lock-down scope will be significantly expanded in the next release.

Hope that helps,
Robert
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
0 Kudos
Reply
VK2COT
Honored Contributor

тАО11-03-2008 01:49 PM

тАО11-03-2008 01:49 PM

Re: Security Audit Tools

Hello,

You got some additional good recommendations
in the responses.

Note that "Security is NOT A PRODUCT BUT
A PROCESS".

If you are looking at a single product to
resolve all your security issues, than you
have lost the battle already.

For some mission-critical customers, I have
asked to install Symantec Enterprise Security Manager. Works fine. Costs money.

I have also used Tripwire Enterprise.
Good product too.

There are many other commercial products.

When you test and audit any server (in this
case HP-UX), you "attack" it from several
places:

Internal networks
DMZ
External (Internet)

As everyone is aware, most of security
breaches happen inside the companies
(unhappy users, revenge, staff working for competitors, weird people who destroy
things for the sake of fun and thrill).
The problem is that no-one likes to talk
about it. And the media likes hacking
from external sources. That sells better
and looks more "powerful"...

Cheers,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Reply
Autocross.US
Trusted Contributor

тАО11-06-2008 09:58 AM

тАО11-06-2008 09:58 AM

Re: Security Audit Tools

In addition to Bastille, we use the CIS benchmark tool:

http://www.cisecurity.org/bench_hpux.html

and the DISA Security Readiness Review (SRR) Evaluation Scripts:

http://iase.disa.mil/stigs/SRR/unix.html

Both take several hours to run and can be resource intensive (find commands).

Hope this helps,
I drive way too fast to worry about calories.
0 Kudos
Reply
Olivier Masse
Honored Contributor

тАО11-06-2008 10:56 AM

тАО11-06-2008 10:56 AM

Re: Security Audit Tools

I wrote a tool many years ago to help our internal auditors find setuid and 777 files on a system. It's easier to use than a standard find (in my opinion). As a bonus, it still works. :). Available here:
http://www.mayoxide.com/ncops/

Checking for file permissions is good in an environment where you have many shell users you don't trust, such as a university, but if you just have a few system administrators, it's a pretty annoying security measure.

One thing you can do, that gives a lot of return on your time investiment, is to run nessus against a system. It will find out many remotely exploitable holes.

Good luck
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.