DEPRECATED AT AT v2. See Baselines.

Introduction

Starting in Open-AudIT 1.10 we are introducing a new feature - Baselines.

...

Our initial release (in 1.10) is functional but not yet complete. You can create a baseline, run it against a group of devices and view the results. We plan to add scheduled execution (done in 1.12), more tables for comparison (currently only software, netstat ports and users are enabled), in place baseline editing, archiving of results and more.

...

Baselines can compare netstat ports, users and software.

Software

To compare software we check the name and version. Because version numbers are not all standardised in format, when we receive an audit result we create a new attribute called software_padded which we store in the database along with the rest of the software details for each package. For this reason, baselines using software policies will not work when run against a device that has not been audited by 1.10 (at least). Software policies can test against the version being "equal to", "greater than" or "equal to or greater than".

Netstat Ports

Netstat Ports use a combination of port number, protocol and program. If all are present the policy passes.

Users

Users work similar to Netstat Ports. If a user exists with a matching name, status and password details (changeable, expires, required) then the policy passes.

Baseline Creation

Initially you will need to create a baseline definition. You can reach the GUI for this in Open-AudIT Enterprise by clicking on menu -> Views -> Baselines.

...