What is Security Auditor and Why Use It?

Powertech Security Auditor is a product that automates security administration and policy compliance tasks and reporting. With Security Auditor you can:

• Check compliance and configuration of user accounts, directories, files, configuration settings, daemons, exported directories and more.
• Check compliance on a single server with a Private Policy, or check several servers against the same policy using a Group Policy.
• Monitor for changes to ownership, permissions and attributes for a specific set of files or directories.
• Deploy and run custom scripts to managed servers through the integrated cron function.
• Report the compliance status of running user-written scripts using the Security Auditor reporting function.
• Monitor for changes to the contents of critical application, configuration or server files.
• Use the Export/Import function to:
  • enforce the same policy requirements across multiple servers.
  • copy the required settings to new servers and configuring them using FixIt to set them to your required settings
• Email exception-based compliance reports, policy, FixIt or Message log reports to yourself and others.
• Document your security implementation with unique templates that reflect your security policy requirements.
• Use “Fix-It” to return out of compliance items to your security policy specifications.

Help for Managing your Compliance Requirements and your Servers

Security Auditor is a tool for to help you reduce the cost of attaining and staying in compliance with your security policy requirements. In addition, many organizations are using Security Auditor to address - not only compliance - but security administration issues as well. Here are some of the ways Security Auditor is being used:

• Discover files with either the SUID or SGID bit set then monitor them for changes to their ownership, permissions or attributes.
• Discover when the sudoers file has been changed by using the checksum function.
• Ensure key system files are not world-writable.
• Schedule a cron job to run regular compliance checks on the daemons category to find when a daemon has been activated that shouldn't have been. Schedule the FixIt function to set the daemons to the appropriate value (turn them on or off as appropriate).
• Upload your user-written scripts to run customized compliance checks and FixIt scripts.
• Ensure all user accounts have been created - and remain - with the appropriate attributes.
• Discover new admin accounts.
• Discover user accounts with UID of 0 (root being the allowed exception, of course!)
• Discover user accounts with non-unique UIDs.
• Ensure all files for an application have the appropriate owner, group and permissions. Receive a detailed report specifying any files not figured correctly. Run FixIt to change the settings.
• Discover and manage inactive user accounts.
• Ensure that the exported directories that are required for your servers remain along with their appropriate settings.
• Aid with auditor and compliance requirements by ensuring password rules are set appropriately - both for the global settings and at the user level.
• Easily set-up new servers by defining file and user account templates, daemon and configuration settings, exporting the policies to the new server and running FixIt to set the configuration.
• Use the integrated cron function to setup regular compliance checks and immediate FixIt tasks to keep your servers in compliance.
• Document policy exceptions along with the policy then print the policy when the auditor appears - no more scrambling to find previous years' documentation or writing up the exception in the middle of your audit.