A while back I wrote a quick windows app to parse out the results of the DISA Linux STIG Security Readiness Review (SRR). In case you’re unfamiliar, the Linux STIG (or Security Technical Implementation Guide) is a set of computer security guidelines put out by DISA. These documents are fairly lengthy, so they (or someone) created the SRR. So I…”fixed the glitch”
The SRR scans your computer for STIG compliance. When it finds an area of non-compliance, it gives you an option to comment on it, or mark it as a false hit. When completed, it generates a huge XML file that is even less readable than the STIGS!
So, I created a windows app (yes, a windows app to read Linux logs) which parses the PDI-DB file (Included in the STIG download) as well as your results file and displays everything in a nice readable format including the finding and the regulation details.
Very briefly, when you launch the application you will be prompted to select the PDI-DB file. You can get that file from the SRR script package (it gets updated by DISA). After that, you simply select your server’s XML results file, and you get something like the above.
Im sure this is not bug-proof, so don’t come crying to me when it doesn’t work. Actually, do…so I can put the fix on my to-do-list. I’ve tested this under XP and Vista…both seem to work!
Well done, would you happen to have or know of an application that would provide similar functionality for Gold Disk/SQL SRR/OracleSRR/Nessus/AppDetective/Retina?
beatnitup -
I never really had the need to run the other SRRs. Unless they output the same XML file and the SRR tool has a XML Definitions file (like the PDI-DB), this tool won’t do the trick for you. Unfortunatley, I’ve never seen a tool like this one for any of the SRRs.
Best of Luck,
Daleeman
Daleeman -
Thanks for the quick response. Each one of the DISA SRR tools uses a XML definition and output file. Unfortunately each respected tool doesn’t maintain the same structure as the Unix SRR. I can identify the xml def file for most of the SRR’s with the exception of the SQL SRR, unfortunately I lack the coding skill set to develop any tools with the same functionality as yours.
Holy hell man, you just saved me a TON of time! I don’t see a paypal donate button, but if you have one, email me with it and I will send you some beer money!
btw worked on Win7x64 Ultimate without issue.
So this worked once for me, but now it says it cannot locate the PDI-DB file….any ideas on what I’m doing wrong? I’ve got the PDI-DB file in the same directory as the XML when I try to open it.
Never mind, I’m an idiot….got it working. Thanks!
I am going to have to try this and will let you know how it works