Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/skipmcgee/host_security
Red Hat Enterprise Linux 6 & 7 security tool for enumerating security and IT operations-relevant information on a host and forwarding to a SIEM or enterprise syslog server in key='value' format.
https://github.com/skipmcgee/host_security
cyber cybersecurity linux python3 rhel6 rhel7 security security-tools syslog
Last synced: 22 days ago
JSON representation
Red Hat Enterprise Linux 6 & 7 security tool for enumerating security and IT operations-relevant information on a host and forwarding to a SIEM or enterprise syslog server in key='value' format.
- Host: GitHub
- URL: https://github.com/skipmcgee/host_security
- Owner: skipmcgee
- License: gpl-3.0
- Created: 2020-08-27T11:07:32.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2021-07-15T15:03:45.000Z (over 3 years ago)
- Last Synced: 2024-08-05T17:44:58.327Z (4 months ago)
- Topics: cyber, cybersecurity, linux, python3, rhel6, rhel7, security, security-tools, syslog
- Language: Python
- Homepage: https://skipmcgee.github.io
- Size: 110 KB
- Stars: 3
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - skipmcgee/host_security - Red Hat Enterprise Linux 6 & 7 security tool for enumerating security and IT operations-relevant information on a host and forwarding to a SIEM or enterprise syslog server in key='value' format. (Python)
README
## RHEL 6 & 7 Host Security Tool
This package consists of a host enumeration script (hostinfo.py), and an ansible playbook to copy the script and create a weekly cron job to run it.
### The script (hostinfo.py):
Identifies security-relevant data and sends it to your SIEM or syslog collector in key='value' syntax. There is an xml-user account scrubber included which could be easily modified for your environment if you are storing your user account data in xml. Before running hostinfo.py it is worth validating that the import modules do exist and are able to be installed in your environment.
### The ansible (playbook ansible-playbook-hostinfo.yml):
Requires validating the directory paths and users you want to execute the playbook (may require adjustment for your environment). Items that need to be tweaked for your environment are identified with "{}".
#####
Requires python/3.2+ on either RHEL 6 or RHEL 7; due to use of platform.dist module, cannot be run with python/3.7+