Remember that ESM is a security policy enforcement tool, not a security hole "finder" (for lack of a better word)... While these two subjects are for the most part one and the same, all you have to do is tell ESM that, for instance, your policy gives a umask of 022 as the suggested value, and it won't tell you to change them. Look through the product a little more, and take some time to develop a custom policy, rather than using the generic Phase 1, Phase 2, Phase 3 thing, and I bet you'll find it a much more useful product. Regards, Steve McBride At 07:41 AM 8/27/98 -0400, Larry Bassett wrote: >Your point about checksums is well taken. We were externally audited and >the auditors used Axent ESM. The Axent ESM is not what I would call a >great security assessment tool. It is brain dead in a few places. > >It will complain about files and directories that have more secure >permissions since it only checks to see if files have the permissions it is >expecting. It also complains about the files it installs. > >It complained about uninstalled patches. In our case this was completely >ridiculous because we already had newer revisions of the patches than the >ones they suggested we install. > >It complained about an HP printer device being world writable. This >complaint was pointless since these device files are functionally >equivalent to /dev/null. > >It complained that a umask of 022 was unsafe. They suggested 027. > >There were other questionable findings but it will find misconfigurations >and stupid mistakes. However, there are better tools available.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:13:44 PDT