Saturday, November 08, 2008

Linux Auditing Tool Showdown: sectool v. ProShield

So I ran across ProShield on Complete Dose of Linux Poison and I was expecting good things by the writeup, but when I peeked inside the .deb I was shocked to see a 1000+ line shell script. Got a new test? Just tack in on the end of a monolithic script.

The horror. The horror.

Unless you are writing system startup scripts there is no reason anything should be written in shell that is longer than 10-20 lines.

(Having had to maintain thousands of lines of shell/sed/awk scripts that somebody else wrote.)

On the other hand sectool (which doesn't work out of the box with Ubuntu/Debian) does have some potential not only because it is written in a post-1970s scripting language (Python) but has a framework-plugin architecture where where individual test cases can be written in shell or Python.

Of course a limitation of both of these is that must be run locally to get results (I assume) making it very difficult to scan large numbers of systems -- unlike what you can do with Nessus compliance checks for UNIX.

No comments: