(Updated blog and version 2.00)
A while back I wrote a quick windows app to parse out the results of the DISA Linux STIG Security Readiness Review (SRR). In case you’re unfamiliar, the Linux STIG (or Security Technical Implementation Guide) is a set of computer security guidelines put out by DISA. These documents are fairly lengthy, so they (or someone) created the SRR. So I…”fixed the glitch”
The SRR scans your computer for STIG compliance. When it finds an area of non-compliance, it gives you an option to comment on it, or mark it as a false hit. When completed, it generates a huge XML file that is even less readable than the STIGS!
So, I created a windows app (yes, a windows app to read Linux logs) which parses the PDI-DB file (Included in the STIG download) as well as your results file and displays everything in a nice readable format including the finding and the regulation details.
Very briefly, when you launch the application you will be prompted to select the PDI-DB file. You can get that file from the SRR script package (it gets updated by DISA). After that, you simply select your server’s XML results file, and you get something like the above.
Im sure this is not bug-proof, so don’t come crying to me when it doesn’t work. Actually, do…so I can put the fix on my to-do-list. I’ve tested this under XP and Vista…both seem to work!
Well done, would you happen to have or know of an application that would provide similar functionality for Gold Disk/SQL SRR/OracleSRR/Nessus/AppDetective/Retina?
beatnitup -
I never really had the need to run the other SRRs. Unless they output the same XML file and the SRR tool has a XML Definitions file (like the PDI-DB), this tool won’t do the trick for you. Unfortunatley, I’ve never seen a tool like this one for any of the SRRs.
Best of Luck,
Daleeman
Daleeman -
Thanks for the quick response. Each one of the DISA SRR tools uses a XML definition and output file. Unfortunately each respected tool doesn’t maintain the same structure as the Unix SRR. I can identify the xml def file for most of the SRR’s with the exception of the SQL SRR, unfortunately I lack the coding skill set to develop any tools with the same functionality as yours.
Holy hell man, you just saved me a TON of time! I don’t see a paypal donate button, but if you have one, email me with it and I will send you some beer money!
btw worked on Win7x64 Ultimate without issue.
So this worked once for me, but now it says it cannot locate the PDI-DB file….any ideas on what I’m doing wrong? I’ve got the PDI-DB file in the same directory as the XML when I try to open it.
Never mind, I’m an idiot….got it working. Thanks!
I am going to have to try this and will let you know how it works
It would be nice to have a How to Document with this one. I’ll try it at home..too much work
Yhanks for coming up with this tool. I’ll let you know.
RC -
The only trick is sourcing the PDI-DB file. You can get that file out of the root of the Unix SRR script package. I can’t post it here, unfortunately.
I’m thinking about creating a POA&M export tool to add into this…should be easy, but I just have to find the time!
Lee – I’ve used your tool multiple times before, so I don’t believe it is user error. I’m using the October 29, 2010 SRR Script. I copied the PDI-DB file into the root of the results folder after running the SRR tool against my system. Have you ever seen your tool throw this error:
Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. if you click Quit, the application will close immediately.
‘[]‘, hexadecimal value 0x1B, is an invalid character. Line 75, position 94.
All –
I worked with Gary Asp (above) on this issue and we found that the SRR appeared to be placing control characters of some sort in the results file. While I should handle these eventualities better, this may also be a bug in the SRR; I haven’t had the time to fully test though.
If you see these issues, check the first few pages of results for strange characters, delete, and re-load in the STIG Viewer app. This is a stop-gap until I can get around to handling the error more gracefully…
Looks like closed perenthesese “)” are not handled properly when exporting to a CSV.
I noticed the “Results” for V0000903 carried across 6 columns instead of 2 and the break point appears to be the close paren…
In anycase. Great job!
[...] updated the Linux STIG SRR Viewer originally released here to incorporate some of the community [...]
Lee – when you say I need to check the first few pages of the results, are you talking about the xml file or….?
If you are willing to pay there is a company called prolific-solutions that makes a product called proVM that will consolidate findings from the gold disk, srr(s), nessus, app detective, and some other tools for you. It produces some really easy to read spreadsheets. I have used it in support of my programs and it has been very useful.
This was great when it came out but now that there is Vulnerator which does Retina, Gold Disk, UNIX SRR, LINUX/ESX SRR and SQL SRR there is no longer a need for this tool.