Confirmed users
529
edits
Security/InfoSec/Test Driven Security: Difference between revisions
Jump to navigation
Jump to search
Security/InfoSec/Test Driven Security (view source)
Revision as of 14:48, 12 August 2014
, 12 August 2014→Compliance checks
| Line 47: | Line 47: | ||
} | } | ||
</source> | </source> | ||
Compliance checks are generic. The specific example above targets all linux systems. Compliance items, however, represent the result of one compliance check on one target system. The compliance item below shows that target server1.example.net successfully passed compliance of the SSH Root Login check. | |||
<source lang="javascript"> | |||
{ | |||
"target": "server1.example.net", | |||
"utctimestamp": "2014-08-07T14:04:23.96561Z", | |||
"compliance": true, | |||
"link": "https://link.to.mig.api", | |||
"policy": { | |||
"url": "https://link.to.security.policy", | |||
"name": "system", | |||
"level": "medium" | |||
}, | |||
"check": { | |||
"test": { | |||
"type": "regex", | |||
"value": "(?i)^permitrootlogin no$" | |||
}, | |||
"location": "/etc/ssh/sshd_config", | |||
"ref": "sysmediumssh1", | |||
"description": "compliance check for openssh", | |||
"name": "check root login is off" | |||
} | |||
} | |||
</source> | |||
At the moment, most tests are regex tests ran against configuration files. In the future, we plan to support checks for the network, and for configurations that aren’t stored as files (such as the strength of a SSL connection, or the fact that a server is protected by a bastion host). The logic will remain the same: a test looks for a specific security requirement and returns a boolean that represents compliance. | |||
Below is a screenshot of the MozDef dashboard for an example target. We run all compliance checks daily and on demand. Operational teams have real time visibility over the security of their systems. | |||
[[File:Compliance Chart 1.png]] | |||