Seccheck is a feature rich, modular, host-level security checker for Solaris 10.
On reviewing the excellent security benchmarks available over at CI Security, I wanted to automate the security checks of my Solaris 10 servers and produce a highly detailed report listing all security warnings, together with recommendations for their resolution. The solution was seccheck - a modular host-security scanning utility. Easily expandable and feature rich, although at the moment only available for Solaris 10.
This doesn't cover 100% of the checks recommended by CI Security, but has 99% of them - the ones that I consider important. For example, I don't check X configuration because I always ensure my servers don't run X.
Installation
The source distribution should be unpacked to a suitable location. I suggest doing something like the following:
# mkdir /usr/local/seccheck
# chown root:root /usr/local/seccheck
# chmod 700 /usr/local/seccheck
# cd /usr/local/seccheck
# mkdir bin output
# cd /wherever/you/downloaded/seccheck
# gzip -dc ./seccheck-0.7.1.tar.gz | tar xf -
# cd seccheck-0.7.1
# mv modules.d seccheck.sh /usr/local/seccheck/bin
Everything is implemented as bash shell scripts, so there are no really strict installation guidelines, place the files wherever you wish. You can specify an alternate location for the modules directory with the -m option anyway.
Using seccheck
By default, seccheck.sh will search for a modules.d directory in the same directory in which the seccheck.sh script is located. If your modules are not located there, you can use the -m option to specify an alternate module location, for example:
# ./seccheck.sh -m /security/seccheck/mymodules
seccheck will then scan through the modules.d for valid seccheck modules (determined by filename). A seccheck module filename should be of the following format:
seccheck_nn_somename.sh
Where nn is a two digit integer that determines the order in which modules should be executed. For example, included with the current seccheck distribution you'll find the following files in modules.d:
# ls -1 modules.d
seccheck_00_services.sh
seccheck_01_users.sh
seccheck_03_kernelcheck.sh
seccheck_05_logging.sh
seccheck_10_accessauth.sh
seccheck_99_perms.sh
seccheck_NN_template.sh.NOT
You can see that seccheck_00_services.sh will be processed before seccheck_01_users.sh, and so on. You can disable a module by renaming it something other than the convention, for example, by appending a .NOT suffix to the module filename.
A template is provided so that you can write your own seccheck modules.
By default, seccheck will write everything out to STDOUT and STDERR. If you want to redirect to an output file, just use the -o option and specify an output directory. After running the script, you'll be left with a file such as:
${OUTPUT_DIR}/seccheck-< hostname >-YYYYMMDD-hhmm.log
containing the output of your modules.
What's New in This Release:
· Bugfixes were made in shell detection logic, for a typo in SAMBA recommendations, and in the use of "printf" instead of "echo" in the authlog recommendation.
Product's homepage
Find us on Google+
