Security Auditing.md

related	cheat-sheet Package Vulnerabilities auditd OpenSCAP

Threat Modelling

• Microsoft Stride
• Threat Dragon (Editor)

Server Scanners

• CIS CAT Pro Assessor (commercial)
• CIS CAT Pro Lite (more or less free)
• Nessus (commercial)
• OpenVAS - Security Scanner (more or less free)
• Sguil (commercial)
• SCAP
  • SCAP Guidelines
  • Open SCAP - Scanner for NIST SCAP
  • NSA SIMP - SCAP scanner + Puppet modules
• Tiger - Unix auditing tool
• Lynis - Linux auditing solution (free, with enterprise support)
• File Checksum Tools
  • rkhunter
  • Tripwire
• auditd
• Detecting Linux Kernel Rootkits

Website Scanners

See HTTPS for HTTPS configuration and certificate checkers.

• Nessus (commercial)
• Nmap NSE scripts
• Sucuri - Website Malware Scan
• unmaskparasites.com - Site scanner
• Wordpress Vulnerability Scanner
• https://www.netsparker.com/
• GDPR Scanner

Standards and Guides

• NIST XCCDF Format
• PCI DSS Standards Documents
• chroot Best Practices
• CCE List - Common Configuration Enumerations
• TCP/IP Stack Hardening: Unix network hardening
• ArchLinux TCP/IP Stack hardening
• ArchLinux Kernel hardening
• Linux Foundation: Workstation hardening

OpenVAS

Setup

Create initial GUI user for Debian OpenVAS

# openvasmd --create-user admin
User created with password '3e1e7f50-1bc3-4f38-9d48-2ac410dd37cf'.

Updating

openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync

Threat Sharing

• MISP