cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 9
Report Inappropriate Content
Message 1 of 5

Policy Auditor Unix Run Level Check Problem

Hello all.

I'm trying to create a benchmark with a couple of checks. The checks will validate if some services are disabled. For this I'm using the template Unix Run Level Check to validate if sendmail service is disabled in the audited server. The sendmail service was disabled previously by using the chkconfig command.

The parameters follows:

runlevel: pattern matching - type = [3-5]

name: equals - type = sendmail

kill at start up: equals - type = true

However this seems correct, according to the user guide, the checks fails everytime.

The system being audited is a RHCE 5.

Thanks in advance.

RD

4 Replies
Highlighted
Level 9
Report Inappropriate Content
Message 2 of 5

Re: Policy Auditor Unix Run Level Check Problem

Ok, let me rephrase the question (actually into multiple questions):

Is anyone successfully using custom unix checks with PA?

How do you specify the path argument ( /usr/bin or /usr/bin/ )?

Does the following workflow work for you?:

1. create benchmark;

2. create new rule and check (based on a unix template);

3. activate the benchmark;

4. create and run audit;

If this works (i.e. the check passes the audit) for everyone than its really odd, because all my unix checks fail.

My lab setup is (server:W2003, ePO45+P3, PA53 / client: RHCE5, SOLARIS10).

Thanks in advance.

RD

Message was edited by: epo909 on 1/31/11 4:28:58 AM CST
Highlighted

Re: Policy Auditor Unix Run Level Check Problem

Hello,

I am a started in Policy Auditor and I want to deploy a test benchmark (from scratch) that would include all the checks of  one of the windows GPOs I have here. So far, I was creating new Rules from Checks (eg. Account Lockdown Settings, etc). However, I reached a point where few of the checks I want are not included in McAfee Checklists. So, I need to create on my own new Checks from scratch...

Have you found any good resource for such thing showing examples I could follow and adjust them to what I want?

Thank you in advance!

Level 9
Report Inappropriate Content
Message 4 of 5

Re: Policy Auditor Unix Run Level Check Problem

Hello Argyris.

You're more lucky than me if you were able to use some of the built-ins checks. We had code all checks from scratch (near 400!) and import them into our benchmarks. The best advice I can give you is that you should learn the OVAL language, so that you can understand the check and debug any problems. Take a look into the guides from oval.mitre.org and read the schemas (focus on the ones you need): http://oval.mitre.org/language/version5.8

You can also export the mcafee checks that more closely approach what you need and modify them, to meet your needs, then import them back and test them. Anyways you should know OVAL structure, because it will help a lot.

See you around.

RD

Highlighted

Re: Policy Auditor Unix Run Level Check Problem

This issue was resolved in Audit Engine Content 1060/1061. The primitives used to provide the framework for custom checks still used a handful of legacy cpe references. Checks created using the latest content update should no longer cause this issue.

https://kc.mcafee.com/corporate/index?page=content&id=KB72103

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community