26 January 2016
Baselines in Open-AudIT
Our new major feature for 1.10 is the beginning of our Baselines feature. This is not finished as yet (in 1.10), but we wanted it out there for feedback. Baselines in Open-AudIT Enterprise allow you to take the details of one machine (say it’s software list) and use that as a basis for comparison against another machine or group of machines.
Being able to determine which machines are configured the same is a major part of systems administration and auditing – and now reporting on that will be made simple and automated. Once you define your baseline it will automatically run against a set of devices on a predetermined schedule. The output of these executed baselines will be available for web viewing, importing into a third party system or even as a printed report.
For example – you might create a baseline from a device running Centos 6 which acts as one of your apache servers in a cluster. You know this particular server is configured just the way you want it but you’re unsure if other servers in the cluster are configured exactly the same. Baselines enables you to determine this.
So you can say “Take the software installed on device X and tell me where it’s different on all the machines in the Web Servers group.”
You get a nice GUI interface showing which machines did or did not meet the expected software install state. You can also apply this to users and netstat ports. Other tables will be introduced in the future.
Our initial release (in 1.10) is functional but not yet complete. You can create a baseline, run it against a group of devices and view the results in a web browser. We plan to add scheduled execution, more tables for comparison (currently only software, netstat ports and users are enabled), in place baseline and policy editing, archiving of results, exporting of results and more.
A sample baseline definition screen is below. In this example we show a baseline consisting of software policies targeted at Centos 6 devices.
Once this has been run against our target group we have a result which is below.
From our result page we can inspect individual devices or individual policies for compliance.
Once we have completed the implementation of Baselines in Open-AudIT you will see how powerful this feature can be for reporting items like compliance, ensuring device consistency and more. Stay tuned for more Baselines in our next Open-AudIT release!
Terms:
Baseline – the overarching document that contains the baseline definition and the individual policy tests.
Policies – The individual tests contained within a Baseline. Each test is for a specific item. An example would be testing for SSH version 1.2.3.