Profiles-based audit for bussiness models

[dmknght]

I have an idea that this script can use for audit / hardening server base on profiles that use defined. For example, for file server:

1. User defines which is allowed on file share server. Basic profile can be something like:

• net.allow 445
• service.allow samba
• service.alert vnc

2. When in audit mode, script can have 3 levels:

• alert: something suspicious or is defined as alert in profile
• warning: it isn't defined as allow and it is unknown data / service / port /...
• allow: it is defined as allow
  So, with this custom profile syntax, admins can define rules for their servers and remove / block unsafe stuff easier.
  It should be also works for end-users with something like check firewall rules, ....
  What do you think about this idea?

[carlospolop]

Hi @dmknght,

That idea is awesome but also very time consuming. Therefore I won't be able to do it in a near/medium future. If you want to try to do it yourself we can talk about how to do it. If not I will probably close this issue an reopen if whenever I try to do something similar.
Let me know your thought.

[dmknght]

How about we keep this issue and do it later?

[carlospolop]

Thanks for the idea mate, but I don't consider this to be a top priority feature so it will be tracked here: #43
Also, remember that if you would like to create the proposed idea, feel free to submit a pull request