cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 10
Report Inappropriate Content
Message 1 of 1

Policy/Informational tests/understanding output

I'm hoping Cathy Grim will see this one.

I'm experimenting with the AIX Security Policy/Options tests; these exist under both the Intrusive and Non-intrusive branches of the vuln. tree; there are also analogous tests for other OS flavors.

I'm having trouble interpreting the output.  For example, 'IBM AIX IP Send Redirects Status' shows up  for the system I tested the scan against.  The description says:

IBM AIX IP Send Redirects Status    Informational

Description:
IBM AIX ipsendredirects in network options does not comply with the given policy.
Recommendation:
Ensure that ipsendredirects in network options complies with organizational policy.


Observation:
IBM Advanced Interactive eXecutive (AIX) is an enterprise class Unix-like operating system. The ipsendredirects is used to specify if kernel should send redirect signals.

IBM AIX ipsendredirects in network options does not comply with the given policy.

This doesn't say what value it was looking for, or what value it found.

By checking the system and looking at the CIS benchmark info for AIX, I have determined that it's looking for

ipignoreredirects=1

but found

ipignoredirects=0

But some of the other detections are even more inscrutable:

IBM AIX Log Rotation Time Period Constraint Existence    Informational

Description:
IBM AIX syslogd log rotation period does not comply with the given policy.
Recommendation:
Ensure that IBM AIX syslogd log rotation period complies with organizational policy.


Observation:
IBM AIX is an enterprise class Unix-like operating system.

IBM AIX syslogd log rotation period does not comply with the given policy.

What do you suppose it was looking for here, and what do you suppose it found?

"given policy" must refer to some standard or best practice configurations for AIX (perhaps internal to McAfee?), but I am only aware of the CIS benchmarks.

I was hoping for some automated policy checking, and it's clear that's what these tests were supposed to do, but I am not sure how to wring enough information from these to make them useful.  I don't really want to go check all the systems by hand.

Message was edited by: jldunn on 8/15/12 5:14:06 PM CDT
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community