Good news, the Nessus compliance checks work on Tru64 UNIX! Why, might you ask, does anyone care about Tru64? Well, let me tell you… even though support for the OS ends in 2011 and people are generally moving to new platforms, we continue to see Tru64 on many of our control system assessments running very critical applications. When the Bandolier project first started, I noticed that it was not on Tenable’s list of supported operating systems for the compliance checks so we set out to test it.
I had prepared myself for a major challenge – proprietary SSH server difficulties, system call differences, etc… but was pleasantly surprised when Nessus came back with a nice report from the Tenable UNIX Compliance Template. It had lots of red and blue highlighting which means the checks were doing their job. (red=non-compliant, blue=compliant, yellow=failed to run) In fact, they all worked perfectly with the exception of three that were flagged in yellow. They were the following built-in checks: minimum_password_length, max_password_age, and min_password_age. Nothing is lost, though, because we can still report on these settings using custom file content checks.
So, for those of you responsible for maintaining and securing Tru64 boxes, stay tuned to Bandolier for some tools that may make your life a little easier.