Sectool

Summary

The security audit tool and part of an intrusion detection system.

Owner

• Name: Peter Vrabec Maros Barabas
• email: pvrabec AT redhat DOT com, mbarabas AT redhat DOT com

Current status

• Targeted release: Fedora 12
• Last updated: (Aug 24 2009)
• Percentage of completion: 99,9%

Detailed Description

The security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels.

Benefit to Fedora

Lower the attack surface by finding possible vulnerabilities, audit the system to find common problems to improve security and performance of scanning system. Encourage users to use Fedora on server and support other distributions based on Fedora like Red Hat Enterprise Linux or CentOS

Scope

Already done:

• Split the current program to backend mechanism and frontend pieces to separate user part and administrator part of application.
• Dbus communication interface for backend
• opotion for not using dbus
• switch communication between backend and frontend to dbus and unix sockets
• PolicyKit integration
• Define policies for PolicyKit

Further plans:

• Improve GUI
• Better user authentication system

How To Test

There is no need for special hardware to test this feature.

install sectool and sectool-gui

$ yum install sectool*

Sanity testing

Test the most basic functions to make sure sectool is able to start, etc.

  sectool --help
  sectool --version

make sure that the version string is correct

  sectool --list

check that the level numbers are sane test globbing: sectool --list \*home\*

  sectool --info <test> 

User Experience

Users will have option to audit their system to improve security and performance. Users can choose between command line testing through dbus (or without dbus) and GUI testing tool. The whole system will be less vulnerable to attack.

Dependencies

• sectool-gui

Contingency Plan

This feature is not critical. Revert to previous release in case that could not be complete by the final feature freeze.

Documentation

• [1]

Filed Bugs

• Switch to using PolicyKit https://bugzilla.redhat.com/show_bug.cgi?id=502733
• Sectool and file capabilities https://bugzilla.redhat.com/show_bug.cgi?id=449990
• Arch dependent files in /usr/share https://bugzilla.redhat.com/show_bug.cgi?id=501825
• Bug in netserv test https://bugzilla.redhat.com/show_bug.cgi?id=503207
• Spurious warnings in filesystem test in mock chroots https://bugzilla.redhat.com/show_bug.cgi?id=503209
• FTBFS sectool-0.9.3-1.fc12 https://bugzilla.redhat.com/show_bug.cgi?id=511473

Release Notes

• Sectool is a security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels.
• Sectool is now using PolicyKit and dbus for better security in authentication actions.

Comments and Discussion

• See Talk:Features/Sectool
• See [2]