I just noticed that nessus client has an audit function for linux os. The
file used (.audit) can also be configured to match specific policy
requirements (i.e. password length, etc.) This reminds me a lot of DoD's
SRR approach but with a little more flexibility. I'm trying to convince
management here to purchase a license but without something to show them
(i.e. a basic nessus scan report vs the audit compliance report) it really
doesn't mean anything. I can take the time to view the videos and all the
pages but mgmt doesn't want to be bothered with all that, they just want a
report.
I'd like to be able to get a small .audit file that I might be able to run
against one of our systems to give them a comparative report. If anyone
has something I can look at I'd appreciate it.
There is another problem. I know that the Nessus Security Center might
not be free so I'm using something different. I use the nessj client. I'm
not exactly sure if it can use a .audit file to check the compliance on a
linux box. There is a variable where you can load or use a file with
compliance checks for a windows box but I haven't seen anything for linux.
If anyone has any experience with these tools or has a .audit file I might
be able to use I'd really appreciate it as would tenable.
Thanks
Frank Kenisky IV, CISSP, CISA, CISM
Information Technical Security Specialist
(210) 301-6433 - (210) 887-6985
file used (.audit) can also be configured to match specific policy
requirements (i.e. password length, etc.) This reminds me a lot of DoD's
SRR approach but with a little more flexibility. I'm trying to convince
management here to purchase a license but without something to show them
(i.e. a basic nessus scan report vs the audit compliance report) it really
doesn't mean anything. I can take the time to view the videos and all the
pages but mgmt doesn't want to be bothered with all that, they just want a
report.
I'd like to be able to get a small .audit file that I might be able to run
against one of our systems to give them a comparative report. If anyone
has something I can look at I'd appreciate it.
There is another problem. I know that the Nessus Security Center might
not be free so I'm using something different. I use the nessj client. I'm
not exactly sure if it can use a .audit file to check the compliance on a
linux box. There is a variable where you can load or use a file with
compliance checks for a windows box but I haven't seen anything for linux.
If anyone has any experience with these tools or has a .audit file I might
be able to use I'd really appreciate it as would tenable.
Thanks
Frank Kenisky IV, CISSP, CISA, CISM
Information Technical Security Specialist
(210) 301-6433 - (210) 887-6985