From Fedora Project Wiki
No edit summary
 
(11 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== Feature Review ==
= secTool =
= secTool =


Line 5: Line 4:


== Summary ==
== Summary ==
A security audit system and intrusion detection system
A security audit system and intrusion detection tool


== Owner ==
== Owner ==
* Name: PeterVrabec
* Name: [[PeterVrabec]]


== Current status ==
== Current status ==
* Targeted release:
* Targeted release: sectool-0.9.0
* Last updated: Feb 29th 2008
* Last updated: Oct 9th 2008
* Percentage of completion: 90%
* Percentage of completion: 100%
* Project homepage: https://fedorahosted.org/sectool
* Project homepage: https://fedorahosted.org/sectool
* Already built in rawhide
* Already built in rawhide


== Detailed Description ==
== Detailed Description ==
sectool is a security tool that can be used both as a security audit and
sectool is a security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels.  
an intrusion detection system. It consists of set of tests, library and
textual/graphical frontend. Tests are sorted into groups and security
levels. Admins can run selected tests, groups or whole security levels.


== Benefit to Fedora ==
== Benefit to Fedora ==
Line 30: Line 26:


== Test Plan ==
== Test Plan ==
* run tests in graphical and textual interface
* perfom sectool engine test via TUI
* run the tool with increasing 'security levels', watch it reporting more potential problems
  * basic options: --help/--version/--list/--info
* add a test with a description to the 'test repository', watch it being recognized by sectool
  * run tests:
* have a test result or even diff against previous run mailed to you
    * run test in default setting (--run testname)
* the rest pretty much depends on the tests, a few examples on what we currently have:
    * run bootloader test in level 5 settings (--level 5 --run bootloader)
* add '.' to your $PATH, watch it being reported by the path test
    * run all test selected for certain level (sectool --level 3)
* add a new suid executable, watch it being reported by the suid test
    * all tests from level 1 + path - integrity (--level 1 --include path --exclude integrity)
* allow remote root login, watch it being repoted by the openssh test
  * more info
* ..and many more (see list of existing tests below)
    * display hints (--hint)
    * display debug info (--debug)
  * create custom configuration in /etc/sectool/sectool.conf and run it (-a)
  * check diff option
    * sectool --run suid; chmod a+s /bin/cp; sectool --run suid --diff; chmod a-s /bin/cp
  * remove results.xml (--clean)
  * check email support
    * sectool --run home_files --mail jhrozek@redhat.com
    * via sectool.conf (SEND_ATTACHMENT=diff, SEND_BODY=full)
  * check /var/log/sectool.log file
  * if properly formated
  * logrotate handles this file
  * check "--refresh" option
  * certain tests(route,suid,selinux,openssh) use persistent data, that could be re-initialized
* check that the tests do what they are supposed to do
* see documentation /usr/share/doc/sectool-0.9.0/tests_documentation.html
* play with sectool-gui
* different switches
* create custom selections of test in your favourite level and see if it persist app. restart
* another sources:
* https://fedorahosted.org/sectool/wiki/NewReleaseTesting
* https://fedorahosted.org/sectool/wiki/UserDocumentation


== User Experience ==
== User Experience ==
Line 47: Line 64:


== Dependencies ==
== Dependencies ==
python, gtk(for GUI frontend) + interpreters for languages in which the tests are written - currently bash, python, clisp infrastructure is in place, perl is planned. All these are in Fedora already, so this should be no problem.
python, gtk(for GUI frontend) + interpreters for languages in which the tests are written - currently bash, python, clisp, perl. All these are in Fedora already, so this should be no problem.


== Contingency Plan ==
== Contingency Plan ==
Line 54: Line 71:
== Documentation ==
== Documentation ==
* Home page - https://fedorahosted.org/sectool
* Home page - https://fedorahosted.org/sectool
* Why sectool is better than other similar tools?
* Why sectool is better than other similar tools? - https://fedorahosted.org/sectool/wiki/WhySectool
* https://fedorahosted.org/sectool/wiki/WhySectool
* Writing new tests
* Writing new tests
* https://fedorahosted.org/sectool/wiki/BashTestTutorial
** https://fedorahosted.org/sectool/wiki/BashTestTutorial
* https://fedorahosted.org/sectool/wiki/PythonTestTutorial
** https://fedorahosted.org/sectool/wiki/PythonTestTutorial
* The list of existing tests
* The list of existing tests - https://fedorahosted.org/sectool/wiki/WishList
* https://fedorahosted.org/sectool/wiki/WishList


== Release Notes ==
== Release Notes ==
sectool offers an security audit tool, which contains set of tests that scan system for security vulnerabilities.
sectool offers an security audit tool, which contains set of tests that scan system for security vulnerabilities.


== Comments ==
== Comments and Discussion ==
* (notting) Can we see sample reports on a stock Fedora install? It may be good to get automated runs of this...
 
: (msamia) Yes, we watch this with every release (including test releases). The results are at [https://fedorahosted.org/sectool/wiki/FedoraCompatibilityIssues].
See [[Talk:Features/SecurityAudit]]


----
----


[[Category:ProposedFeature]]
[[Category:FeatureAcceptedF10]]

Latest revision as of 11:04, 9 October 2008

secTool

Summary

A security audit system and intrusion detection tool

Owner

Current status

  • Targeted release: sectool-0.9.0
  • Last updated: Oct 9th 2008
  • Percentage of completion: 100%
  • Project homepage: https://fedorahosted.org/sectool
  • Already built in rawhide

Detailed Description

sectool is a security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels.

Benefit to Fedora

Fedora will include a modern security audit tool.

Scope

Implementing the tool and write tests and documentation, so community can write their own tests.

Test Plan

  • perfom sectool engine test via TUI
 * basic options: --help/--version/--list/--info
 * run tests:
   * run test in default setting (--run testname)
   * run bootloader test in level 5 settings (--level 5 --run bootloader)
   * run all test selected for certain level (sectool --level 3)
   * all tests from level 1 + path - integrity (--level 1 --include path --exclude integrity)
 * more info 
   * display hints (--hint)
   * display debug info (--debug)
 * create custom configuration in /etc/sectool/sectool.conf and run it (-a)
 * check diff option
   * sectool --run suid; chmod a+s /bin/cp; sectool --run suid --diff; chmod a-s /bin/cp
 * remove results.xml (--clean)
 * check email support
   * sectool --run home_files --mail jhrozek@redhat.com
   * via sectool.conf (SEND_ATTACHMENT=diff, SEND_BODY=full)
 * check /var/log/sectool.log file
  * if properly formated
  * logrotate handles this file
 * check "--refresh" option
  * certain tests(route,suid,selinux,openssh) use persistent data, that could be re-initialized
  • check that the tests do what they are supposed to do
* see documentation /usr/share/doc/sectool-0.9.0/tests_documentation.html
  • play with sectool-gui
* different switches
* create custom selections of test in your favourite level and see if it persist app. restart
  • another sources:
* https://fedorahosted.org/sectool/wiki/NewReleaseTesting
* https://fedorahosted.org/sectool/wiki/UserDocumentation

User Experience

Users will have a tool that could check their systems for a security issues. They will also have documentation and libraries that help them write their own tests. Advanced users could benefit from having the text interface that is more easily scriptable and usable from cron.

Dependencies

python, gtk(for GUI frontend) + interpreters for languages in which the tests are written - currently bash, python, clisp, perl. All these are in Fedora already, so this should be no problem.

Contingency Plan

None needed, this is an addition to Fedora.

Documentation

Release Notes

sectool offers an security audit tool, which contains set of tests that scan system for security vulnerabilities.

Comments and Discussion

See Talk:Features/SecurityAudit