[Xymon] Monitoring that iptables and SELinux are running / enabled

SebA spah at syntec.co.uk
Thu Apr 11 13:46:46 CEST 2013


Is there any code out there to monitor that
(a) iptables is running (not just set to everything allowed)
(b) SELinux is enabled
 
I've looked on Xymonton, the Xymon archives and Google but not found
anything.  Obviously, checking that these are running is anywhere between
nice and critical if one either has a server exposed to the Internet or need
to pass regulatory security checks.
 
The way I would ideally have liked these to work (but beggers can't be
choosers!) is that the iptables check would work a bit like the port checks
in analysis.cfg so one can check if particular rules are enabled (and the
default policy on chains), and SELinux would also be monitored and
configured in analysis.cfg with options to go yellow or red depending on the
state of the enabled/disabled, permissive/enforcing and targeted/strict
toggles.
 
This then allows for sending alerts to managers if someone disables security
measures on a server.

Kind regards, 

SebA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130411/090c75be/attachment.html>


More information about the Xymon mailing list