[logs] Configuration tool
Ron Gula
rgula at tenablesecurity.com
Tue Jan 15 10:34:24 PST 2008
James B Horwath wrote:
> Does any have any tool recommendations for configuration management tools
> for log adherence. This tool would audit configuration settings of a file
> checking for adherence to a standard. Tripwire will not work because I
> need to check variable settings which may be different from host to host.
> Group Policy should work on windows but what about routers, switches,
> Unices, etc. Any suggestions?
>
> Please advise,
> Jim
Nessus can do this when subscribed to the Direct Feed ($1200/year) or
managed by the Security Center. There are a wide variety of policies
available to make sure logging is enabled for many different OSes and
applications. You can also create very fine-grained "setting checkers".
Many of the policies have been certified by CIS as well.
You can see a demo video (does NOT require registration) here:
http://www.nessus.org/demos/ (click on the "CIS Audit")
There are also a bunch of blog entries along these lines here:
http://blog.tenablesecurity.com/2007/02/automated_audit.htm
http://blog.tenablesecurity.com/2006/09/creating_gold_b.html
http://blog.tenablesecurity.com/2007/09/using-nessus-co.html
Nessus does not do this for routers and switches (yet). However, we do
have a few customers that have written audit policies to analyze router,
firewall and switch configurations that have been stored on a UNIX server.
Ron Gula
Tenable Network Security
More information about the LogAnalysis
mailing list