セキュリティ監視

Pandora FMS ドキュメント一覧に戻る

Pandora FMS can be used to monitor the status of security infrastructures such as backup environments, antivirus, VPN, firewalls, IDS/IPS, SIEM, honeypots, authentication systems, storage systems, log collection, etc. In addition, Pandora FMS incorporates internal tools to increase its own security such as doble authentication (2FA), encryption in the database data for passwords, external authentication, protocol Tentacle using data encryption (SSL/TLS ), own audit log and other features to make the platform more secure. Pandora FMS, as an organization, has 27001 certification, and is CNA at Miter to manage its own CVEs. We have a public security policy and open to independent security auditors.

In addition to these functions, Pandora FMS incorporates its own specific security functionalities since version 773 and more features will be added in successive versions.

In version 774 Pandora FMS incorporates the following security features.

• Security monitoring plugin, to monitor basic system security, designed for Linux® servers only.
• Hardening evaluation system over time (Linux®, MS Windows®).
• System vulnerability assessment system (Linux®, MS Windows® and remote systems).

This plugin, which comes standard in Linux EndPoints, is responsible for constantly verifying certain basic aspects of your environment. It is designed to be lightweight, impact very little on system performance, and be released at the EndPoint's standard interval of every five minutes. Check the following aspects of the system:

• Strength of passwords for all users with access to the system. It does this through a “password dictionary”, by default composed of 100 entries. You can customize this dictionary and add your own entries (to reflect the typical common passwords used in your organization). 90% of common attacks have a poorly protected user account in a secondary environment as the attack vector.
• SELinux status, checking if it is active or present.
• Remote access as root user, verifying that password login is disabled for this user.
• Automatic remote access as root using previously configured and established SSH keys.
• TCP ports actively listening (that are outside a list of allowed port numbers).
• Modification of essential configuration files, verifying their integrity and whether they have changed (files such as /etc/resolv.conf, /etc/hosts/, /etc/passwd and others).

They are very basic things but at the same time very important. Any system, be it a test environment, a virtual machine or a VPS on secondary hosting, is vulnerable to basic attacks, but these are usually 80% of those that open a more serious incident in the organization.

To install the security plugin, simply activate it in the Linux EndPoint, it is included by default in versions 774 or later:

module_begin
module_plugin /etc/pandora/plugins/pandora_security_check
module_end

To install the plugin on previous versions of the EndPoint, it can be downloaded from the Pandora FMS plugin library:

Pandora FMS ドキュメント一覧に戻る