Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Baseline Config Audit policy creation or modification
From: Jerome Athias <athiasjerome () gmail com>
Date: Sat, 27 Jul 2013 18:34:11 +0400

Hi,

they could (should) be all translated in XCCDF
http://scap.nist.gov/specifications/xccdf/

Now, in these tools, you can use the profiles as is, or use the defined
ones and customize them.

More info on the benchmarks
http://frhack.org/research/xorcism.php


2013/7/26 Albert R. Campa <abcampa () gmail com>

Hello everyone. :)

I am doing some work on baseline/benchmark/compliance/config auditing, and
I would like to get some experience feedback on doing editing/modifcation
of these benchmarks.

As you know there are many standards CIS, DISA, PCI, etc, on many
platforms, MS, Linux, DB, Cisco, etc.

My questions is for anyone who does this are the following:

Do you use default policies from CIS, DISA, etc and run with that?
Do you use a CIS, DISA, etc as a start and then modify to org standards?
Or do you just create a baseline from scratch?

I created a blog post on this, showing my point of view using Nessus and
Nexpose.

http://compusec.org/2013/07/25/configuration-benchmark-auditing-with-nexpose-and-nessus/

I also want to find out from you how useful would a gui be to edit/create
these audit policies? If you read the blog post you will see where I am
coming from, as well as Tenable/Rapid7 point of view. Hopefully we have
some Nexpose users on this list. ;)

Thanks,

Albert Campa

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]