oss-sec mailing list archives
Re: Re: [kernel-hardening] Security vulnerability tools
From: Tim Brown <tmb () 65535 com>
Date: Thu, 28 Mar 2013 16:19:07 +0000
On Thursday 28 Mar 2013 15:58:32 Steve Grubb wrote:
On Wednesday, March 27, 2013 05:51:19 PM Corey Bryant wrote:Thanks Tim. Sounds nice. This is the first security audit tool on the list so if we could add more in this category that would be nice.There is also openscap if you are wanting security auditing. http://www.open-scap.org/page/Main_Page
I've already said this to Corey but it bares repeating... Having a background in UNIX SecOps, I do a lot of system audits in my current role and whilst I understand the business driver, I really don't like the term. The main gist is, CIS style audits are worthy but they won't effectively test your controls. upc is an offensive tool to help identify escalation of privilege vectors (especially on large multi-user system), (there is of course a degree of overlap with a traditional audit). It started off focussing on the quick wins but it's developing in a more rounded attack tool. As an example, the trunk version of upc contains plugins to pull up (amongst other things) compiler flag misuse, insecure API usage and other SDL violations, not something a traditional audit would cover but which are pretty useful when you land on a random system and want additional privileges. Users of upc should not be afraid to write code, or fire up a debugger in the pursuit of root. If you wanted to use it in a more systemic fashion, it might be interesting to run it (for example) pre and post package upgrade or as part of distro QA etc - but that's certainly not why we use/develop it (unless maybe we're doing a product assessment where I might use it to model the authorised users attack surface). I'm sure if people wanted to develop it in that direction, any submitted patches would be looked upon favourably though :). Tim -- Tim Brown <mailto:tmb () 65535 com>
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Security vulnerability tools Corey Bryant (Mar 27)
- Re: [kernel-hardening] Security vulnerability tools Tim Brown (Mar 27)
- Re: Re: [kernel-hardening] Security vulnerability tools Corey Bryant (Mar 27)
- Re: Re: [kernel-hardening] Security vulnerability tools Steve Grubb (Mar 28)
- Re: Re: [kernel-hardening] Security vulnerability tools Tim Brown (Mar 28)
- Re: Re: [kernel-hardening] Security vulnerability tools Corey Bryant (Mar 27)
- Re: [kernel-hardening] Security vulnerability tools Tim Brown (Mar 27)
- Re: Security vulnerability tools Solar Designer (Mar 27)
- Re: [kernel-hardening] Re: Security vulnerability tools Corey Bryant (Mar 27)
- Re: Security vulnerability tools Solar Designer (Mar 28)
- Re: [kernel-hardening] Re: Security vulnerability tools Corey Bryant (Mar 27)
- Re: Security vulnerability tools Russ Allbery (Mar 27)
- Re: Security vulnerability tools Corey Bryant (Mar 27)
- Re: Security vulnerability tools Murray McAllister (Mar 27)
- Re: Security vulnerability tools Andreas Ericsson (Mar 28)
- Re: Security vulnerability tools Corey Bryant (Mar 29)
- Re: Re: Security vulnerability tools Raphael Geissert (Mar 29)