问题描述
在Tenable Security Center(SC)中,我们可以使用从Tenable Audit Files获取的审核策略来安排扫描时间。
我正在尝试查找这些审核策略的来源。
(例如他们从何处获得这些政策,并且是否遵循任何全球联网标准)
有人可以帮我找到这个吗?
审核文件中的示例策略如下所示
<custom_item>
system : "Linux"
type : FILE_CONTENT_CHECK
description : "BSI-100-2: S 4.106: Activation of system logging: /etc/rsyslog.conf - *.alert root"
info : "All changes made to /etc/syslog.conf must be documented. When making modifications to the existing IT system,at first everything should be logged. After that,individual areas can be deactivated in stages as required. The /var partition must be sufficiently large to accommodate the log files.
* Please note that the equivalent file on a Red Hat system is /etc/rsyslog.conf
Safeguard Catalogues: S 4: Hardware and software
S 4.106: Activation of system logging"
reference : "800-171|3.3.1,800-171|3.3.2,800-53|AU-12,BSI-100-2|S4.106,CN-L3|7.1.3.3(a),CN-L3|7.1.3.3(b),CN-L3|7.1.3.3(c),CN-L3|8.1.3.5(a),CN-L3|8.1.3.5(b),CN-L3|8.1.4.3(a),CSF|DE.CM-1,CSF|DE.CM-3,CSF|DE.CM-7,CSF|PR.PT-1,ISO/IEC-27001|A.12.4.1,ITSG-33|AU-12,NESA|T3.6.2,NESA|T3.6.5,NESA|T3.6.6,NIAv2|SM8,QCSC-v1|13.2,QCSC-v1|3.2,QCSC-v1|6.2,QCSC-v1|8.2.1,SWIFT-CSCv1|6.4,TBA-FIISB|45.1.1"
see_also : "https://www.bsi.bund.de/cae/servlet/contentblob/471430/publicationFile/28223/standard_100-2_e_pdf.pdf"
file : "/etc/rsyslog.conf"
regex : "*.alert root"
expect : "*.alert root"
</custom_item>
谢谢您的帮助。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)