[Fed-Talk] Continuous Monitoring Security Tool for Mac OS X... and the rest of Unix, too!
[Fed-Talk] Continuous Monitoring Security Tool for Mac OS X... and the rest of Unix, too!
- Subject: [Fed-Talk] Continuous Monitoring Security Tool for Mac OS X... and the rest of Unix, too!
- From: David Jaccard <email@hidden>
- Date: Mon, 19 Jul 2010 12:52:39 -0600
Hello,
My name is Dave. This is a general response to Richard Westfield's question about an SCAP Tool for Mac OS X.
I am a contractor for the High Performance Computing Modernization Program (HPCMP), which is DoD. We have written a system that does continuous monitoring for Mac OS X and most other flavors of Unix. It is written in pure Perl and can burn through about 200 checks in 30 seconds. Results are text (for terminal viewing) and XML. The XML is then submitted to a database that keeps track of the history of the system. Users can view the results through a Web GUI front end on the database. It is completely driven on the client side, there are no open ports or remote root access necessary. It can run as a cron job, with no human interaction at all. We even support "sudo" so you don't have to run it as root. It will elevate privileges only when it needs too.
We do not do Windows, but we could. Our community is highly Unix-centric, and other DoD agencies have created tools to help Windows systems, so we did not invest in that area.
We've been running in production for about five years now, and currently do about 26 million checks off over 7,000 systems annually. It has seriously reduced the cost of the yearly assessments we perform for our sites. Our tool collects not just check data, but also other important system information that provide assessment context.
The catch is, our effort sort of predates SCAP, so we're not SCAP compliant today. But we will be soon, we have the funding. All of our check definitions are already in XML, so we're not far off. We'll be able to do OVAL at the check level and XCCDF at the database level, and probably more as we go along. And if OVAL can't express the check, we can write a pure Perl check to cover the difference. When the Defense Information Systems Agency (DISA) begins publishing security checklists in SCAP compliant formats (later this year), we hope to be ready to receive them!
We have a demo that we could give anyone who's interested.
Thanks!
David Jaccard
Contractor
email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden