Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
check_bastille
Summary: This plugin runs Bastille Unix in assessment mode, comparing consequtive runs line by line. Lowered scores are critical, other changes generate warnings. An option is available to publish the report. The plugin updates the report with the previous score for your reference.
Details: If the latest assessment scores lower than the last one, or if the latest one scores below the specified critical score, the check will return as critical. If the latest assessment is higher than the last one, or its score is below the specified warning score, the check will return a warning. The old and new reports are also compared line by line for changes, raising a warning if the scores are the same but individual line items have changed.
Response: Any reduction in hardening is reason for concern. A change could also indicate suspicious activity. Changes should be confirmed as quickly as possible. If you recently re-ran Bastille with relaxed answers, or you manually changed system components resulting in a lower score, consider running Bastille again with more aggressive answers. If no changes were authorized, you may have sufferred an intrusion. Contain damage by disconnecting the computer from the network and verifying its integrity by scanning with a product like chkrootkit. See check_chkrootkit for adding this to your regular routine.
Coming Soon: Working on an rpm release and instructions on running this plugin via NSCA.
Details: If the latest assessment scores lower than the last one, or if the latest one scores below the specified critical score, the check will return as critical. If the latest assessment is higher than the last one, or its score is below the specified warning score, the check will return a warning. The old and new reports are also compared line by line for changes, raising a warning if the scores are the same but individual line items have changed.
Response: Any reduction in hardening is reason for concern. A change could also indicate suspicious activity. Changes should be confirmed as quickly as possible. If you recently re-ran Bastille with relaxed answers, or you manually changed system components resulting in a lower score, consider running Bastille again with more aggressive answers. If no changes were authorized, you may have sufferred an intrusion. Contain damage by disconnecting the computer from the network and verifying its integrity by scanning with a product like chkrootkit. See check_chkrootkit for adding this to your regular routine.
Coming Soon: Working on an rpm release and instructions on running this plugin via NSCA.
Reviews (0)
Be the first to review this listing!
