Kaseya Community

Auditing

  • well well,

    it has been a while.

    I was reading over the old posted scripts from the WowBB days, and I reread this thread.



    I wanted to resurrect it.



    Here is the link

    http://community.kaseya.com/xsp/f/28/t/2650.aspx



    Gamer-X

    Legacy Forum Name: Auditing,
    Legacy Posted By Username: gamer-x
  • I am cross posting this thread because after a little bit of play, this tool would definitely work as an auditing mechanism.



    Here is the current thread...http://community.kaseya.com/xsp/f/132/p/6936/34112.aspx#34112



    Here is the link to the site of the tool being discussed. (BTW, there are at least 2 free tools available that do this. The other one is called SSA.)

    Sussen is here: ( the one currently being discussed )

    http://www.lbtechservices.com/projects/sussen/index.html



    SSA is here:

    http://www.security-database.com/ssa.php



    Here is the main link to the test files. This place seems to have it going on!

    http://oval.mitre.org/



    You will notice with a little bit of reading that the OVAL organization offers daily updated XML files, MD5 signed, to test against security, configuration and threat assessment and configurations for all kinds of OS, and hardware.



    Here is a short list:



    hp_ux.10.xml

    2008-05-01 26 KB

    hp_ux.11.xml

    2008-05-01 360 KB

    ibm.aix.5.2.xml

    2008-05-01 42 KB

    ibm.aix.5.3.xml

    2008-05-01 45 KB

    microsoft.windows.2000.xml

    2008-05-01 4.067 MB

    microsoft.windows.95.xml

    2008-05-01 113 KB

    microsoft.windows.98.xml

    2008-05-01 285 KB

    microsoft.windows.me.xml

    2008-05-01 408 KB

    microsoft.windows.nt.xml

    2008-05-01 1.292 MB

    microsoft.windows.server.2003.xml

    2008-05-01 3.127 MB

    microsoft.windows.server.2008.xml

    2008-05-01 127 KB

    microsoft.windows.vista.xml

    2008-05-01 755 KB

    microsoft.windows.xp.xml

    2008-05-01 3.735 MB

    novell.linux.desktop.9.xml

    2008-05-01 239 KB

    opensuse.10.2.xml

    2008-05-01 90 KB

    red.hat.enterprise.linux.3.xml

    2008-05-01 956 KB

    red.hat.enterprise.linux.4.xml

    2008-05-01 37 KB

    red.hat.linux.9.xml

    2008-05-01 1.019 MB

    sun.solaris.10.xml

    2008-05-01 671 KB

    sun.solaris.2.6.xml

    2008-05-01 27 KB

    sun.solaris.7.xml

    2008-05-01 459 KB

    sun.solaris.8.xml

    2008-05-01 915 KB

    sun.solaris.9.xml

    2008-05-01 889 KB

    suse.linux.10.0.xml

    2008-05-01 239 KB

    suse.linux.10.1.xml

    2008-05-01 321 KB

    suse.linux.desktop.1.0.xml

    2008-05-01 239 KB

    suse.linux.enterprise.desktop.10.xml

    2008-05-01 321 KB

    suse.linux.enterprise.server.10.xml

    2008-05-01 90 KB

    suse.linux.professional.9.3.xml

    2008-05-01 239 KB

    vmware.esx.server.3.xml

    2008-05-01 26 KB









    You should also know that several MAJOR security vendors now incorporate OVAL into their tools... Symantec, GFI Languard are just two.

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: gamer-x
  • Quick summary.

    It looks like this tool out of the box, OVAL that is, will allow you to cover 80% of an organization right out of the box.

    The really cool part is that you can customize it pretty easily to cover the other 20%.



    This OVAL standard looks like it is here to stay for a long time, so I submit that we should put our heads together on this an polish this "auditing" tool up for Kaseya.

    I think we should try to get Kaseya to store and update these XML definitions for us in the system as well so that we can access them readily in the scripting tab. We do not have to Have Kaseya build a tool add on, just a repository section.

    They could store, update, and auto MD5 hash check the definitions for us.


    They rest can be done in script.

    What do you guys think...?

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: gamer-x
  • I am not impressed by the Oval Repository. For example the latest vulnerabilities of the Adobe Flash player, Java Engine and HP update tools are not present.

    You can compare the output of the personal version of Secunia (http://www.secunia.com/) with the Oval definition.

    On my test PC i had 10 vulnerabilities with Secunia and only 2 with Oval.

    Paul

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: paul@joheco.nl
  • [QUOTE=gamer-x;28722]I think we should try to get Kaseya to store and update these XML definitions for us in the system as well so that we can access them readily in the scripting tab. We do not have to Have Kaseya build a tool add on, just a repository section.

    They could store, update, and auto MD5 hash check the definitions for us.[/QUOTE]

    I like this idea quite a bit. In addition to the simple static file repository we have now, it would be great to have a "dynamic files repository". Perhaps some basic options might be a few URLs to grab the file from (in case the primary host is down), and how often to check for updates. Then build in the ability to have the scripts reference files from this repository. There are a lot of possibilities for this, especially in the "one-off" scan department.

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: arobar