Working with Reports

Reports are available to:

  • Document your policies.
  • Provide the results of the last compliance check.
  • Document the changes made using the FixIt function, including the exact command that was run and the setting before FixIt was run.
  • Document actions taken by Security Auditor administrators (see Working with the Message Log).

Documenting your Policy

You can print your policy definition by going to Servers > Reports > Create Reports and choosing the Policy report type. You can use this report as:

  • Your documentation for the IBM AIX and Linux implementations of your overall security policy – some people call this their security “standards.”
  • Documentation to show auditors as to how your security is configured
  • An additional description can be added to the policy for each category or template. People often use this to describe the portion of the security policy being implemented, reasons why items are omitted from the template, document risk acceptance standards, etc

Checking compliance

After running a compliance check, the results you’re obviously looking for is an “empty” report. That is, a report with the summary stating that the status is “compliant.”

Unfortunately, there may be times when items are out of compliance. In this case, the items that are out of compliance will be listed and include the policy setting as well as the current setting – there’s no further investigation needed to determine the issue – it will be in the report.

Documenting what FixIt Fixed

It’s quite possible that your change management process requires that you document every change on your servers. The FixIt reports will assist with that requirement. The report shows the user that made the change, how the change was made, the new value and the original value.

Generating and Viewing Reports

To generate reports:

  1. Choose Reports, then click Create Reports. (Or, go to Servers > Create Reports.) The Create Reports screen appears.
  2. In the Servers tab, choose the servers or Server Groups from which you want the reports.
  3. In the Policies tab:
    • Choose whether you want reports for Private Policies or Group Policies.
    • Select the Policies you want to include on the report.
    • For User Accounts, Files, and Scripts, you can choose Selected to choose from a list of available Policies. Choose All to include all policies for that type on the report.
  4. In the Options tab:
    • Under Select Report Category, choose the type of report:
      • Compliance. This report shows compliance details for the selected servers and policies.
      • Policy. This report shows the policy details.
      • FixIt. This report shows FixIt activity details.
      • Message Log. This report shows a list of Security Auditor messages for the type(s) selected.
    • whether you want one report for each server, or one report that includes the information from all servers you’ve selected.
  5. The reports can be viewed by selecting Single-System Tasks > Reports.

Report Formats

Both PDF and CSV formats are available. They are written to the following directory on the system running the console:

/PowerTech/SecurityAuditor/tomcat/webapps/securityauditor/reports

Emailing Reports

You can choose to email the report when the report is generated or while viewing the reports. In order to do so, you must configure an SMTP server. To change or manage the SMTP server settings, go to Admin Tasks > Preferences > Email Server. See Preferences screen.

NOTE: The Default SMTP server option available in earlier versions of this software is no longer available. In order to send email from Security Auditor you will need to define an SMTP server.

 

Related Topics

 

Previous Next