Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

check_bastille

Rating
0 votes
Favoured:
0
Hits
140805
Files:
FileDescription
check_bastille-1.0.4.tar.gzcheck_bastille-1.0.4.tar.gz
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
Use Bastille Unix to track the level of your server security.
Summary: This plugin runs Bastille Unix in assessment mode, comparing consequtive runs line by line. Lowered scores are critical, other changes generate warnings. An option is available to publish the report. The plugin updates the report with the previous score for your reference.

Details: If the latest assessment scores lower than the last one, or if the latest one scores below the specified critical score, the check will return as critical. If the latest assessment is higher than the last one, or its score is below the specified warning score, the check will return a warning. The old and new reports are also compared line by line for changes, raising a warning if the scores are the same but individual line items have changed.

Response: Any reduction in hardening is reason for concern. A change could also indicate suspicious activity. Changes should be confirmed as quickly as possible. If you recently re-ran Bastille with relaxed answers, or you manually changed system components resulting in a lower score, consider running Bastille again with more aggressive answers. If no changes were authorized, you may have sufferred an intrusion. Contain damage by disconnecting the computer from the network and verifying its integrity by scanning with a product like chkrootkit. See check_chkrootkit for adding this to your regular routine.

Coming Soon: Working on an rpm release and instructions on running this plugin via NSCA.