0 Replies Latest reply on Aug 15, 2012 5:14 PM by jldunn

    Policy/Informational tests/understanding output

      I'm hoping Cathy Grim will see this one.

       

      I'm experimenting with the AIX Security Policy/Options tests; these exist under both the Intrusive and Non-intrusive branches of the vuln. tree; there are also analogous tests for other OS flavors.

       

      I'm having trouble interpreting the output.  For example, 'IBM AIX IP Send Redirects Status' shows up  for the system I tested the scan against.  The description says:

      IBM AIX IP Send Redirects Status    Informational

      Description:
      IBM AIX ipsendredirects in network options does not comply with the given policy.
      Recommendation:
      Ensure that ipsendredirects in network options complies with organizational policy.


      Observation:
      IBM Advanced Interactive eXecutive (AIX) is an enterprise class Unix-like operating system. The ipsendredirects is used to specify if kernel should send redirect signals.

      IBM AIX ipsendredirects in network options does not comply with the given policy.

       

      This doesn't say what value it was looking for, or what value it found.

      By checking the system and looking at the CIS benchmark info for AIX, I have determined that it's looking for

      ipignoreredirects=1

      but found

      ipignoredirects=0

       

      But some of the other detections are even more inscrutable:

       

      IBM AIX Log Rotation Time Period Constraint Existence    Informational

      Description:
      IBM AIX syslogd log rotation period does not comply with the given policy.
      Recommendation:
      Ensure that IBM AIX syslogd log rotation period complies with organizational policy.


      Observation:
      IBM AIX is an enterprise class Unix-like operating system.

      IBM AIX syslogd log rotation period does not comply with the given policy.

       

      What do you suppose it was looking for here, and what do you suppose it found?

      "given policy" must refer to some standard or best practice configurations for AIX (perhaps internal to McAfee?), but I am only aware of the CIS benchmarks.

      I was hoping for some automated policy checking, and it's clear that's what these tests were supposed to do, but I am not sure how to wring enough information from these to make them useful.  I don't really want to go check all the systems by hand.

       

      Message was edited by: jldunn on 8/15/12 5:14:06 PM CDT