Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Directory Tree

check_bastille

Rating
0 votes
Favoured:
0
Hits
143966
Files:
FileDescription
check_bastille-1.0.4.tar.gzcheck_bastille-1.0.4.tar.gz
Nagios CSP

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Monitoring Made Magically Better

  • Nagios Core on Overdrive
  • Powerful Monitoring Dashboards
  • Time-Saving Configuration Wizards
  • Open Source Powered Monitoring On Steroids
  • And So Much More!
Use Bastille Unix to track the level of your server security.
Summary: This plugin runs Bastille Unix in assessment mode, comparing consequtive runs line by line. Lowered scores are critical, other changes generate warnings. An option is available to publish the report. The plugin updates the report with the previous score for your reference.

Details: If the latest assessment scores lower than the last one, or if the latest one scores below the specified critical score, the check will return as critical. If the latest assessment is higher than the last one, or its score is below the specified warning score, the check will return a warning. The old and new reports are also compared line by line for changes, raising a warning if the scores are the same but individual line items have changed.

Response: Any reduction in hardening is reason for concern. A change could also indicate suspicious activity. Changes should be confirmed as quickly as possible. If you recently re-ran Bastille with relaxed answers, or you manually changed system components resulting in a lower score, consider running Bastille again with more aggressive answers. If no changes were authorized, you may have sufferred an intrusion. Contain damage by disconnecting the computer from the network and verifying its integrity by scanning with a product like chkrootkit. See check_chkrootkit for adding this to your regular routine.

Coming Soon: Working on an rpm release and instructions on running this plugin via NSCA.