Audit Me!

Introducing…Audit Me

Audit Me is a small python program designed to quickly give Ubuntu System Administrators and Users an overview of their system’s security stance. It looks for default configurations, weak configurations, weak password hashes, services you might not know may be running, inherently insecure services, configuration (or lack thereof) of mandatory access controls and weak file permissions.

Note : in order for Audit Me to Audit Apparmor you must have apparmor-utils installed.

sudo apt-get install apparmor-utils

Download AuditMe v.1 : Here [right click save link as]

Usage :

sudo python auditme.py

or

sudo ./auditme.py

It’s fast, written in Python and free (like beer and freedom).

Please Note :

This software is provided free for you to use , change or throw away without any warranty of any kind. If it screws up your system (which it shouldn’t) it’s your fault not mine. I will support you with issues (though there shouldn’t be any) to the best of my ability. If you would like to report a bug please do so in the comments section on this page.

Audit Me (Alpha) v.1 Released

This is in its very beginning stages, and is probably a little rough around the edges, though it’s still pretty effective.

Features include

+ Auditing of Weak Service configurations for (Apache and SSH with more services to be added)
+ Password Auditing (checks only the hash strength NOT the password strength)
+ Auditing of Mandatory Access Controls
+ Auditing of File Permissions
+ Auditing of Kernel Tuning
+ Detect insecure services

In the Future :

+ More configuration auditing
+ Deeper file permission auditing
+ Password entropy auditing
+ Firewall Auditing
+ IDS Auditing
+ Deeper Kernel auditing and process memory protection auditing.
+ Support for SELinux context auditing
+ Support for Apparmor profile auditing
+ File Integrity Checking
+ Report Generation

Advertisements
Comments
  1. […] To find out more about AuditMe click here […]

  2. Carlos says:

    Nice work Adam, I hope this tool improve later on.Btw, didn’t you say that confining sshd with appamor would essentially be a waste?

    • dangertux says:

      Yep, due to what it needs access to, it’s better to confine the user’s shell. In this particular case the program still makes a suggestion based on how it compares, it only compares a list of running services to enforced Apparmor profiles at this stage of the game.

      It’s something good to keep in mind when I make the Apparmor profile auditing feature more robust though. Thanks!

      • dangertux says:

        Meh, I hit reply too soon. So what I’m saying it’s not very smart. It can only tell SSH is running and doesn’t have a profile, there isn’t a logic based decision on whether or not SSH should have one yet. Add it to the todo list 😉

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s