Introduction

In 2021, ERNW collaborated with Hochschule Mannheim for their CEP (Cyber Security Entwicklungsprojekt) to build an auditing framework for testing operating system configurations against security procedures. This project is part of the education program of the university to give the students the chance to utilize the knowledge gained throughout the first semesters in a real world project. ERNW posed as the fictitious customer, providing a requirements document and regular meetings with all project groups for feedback. We planned to process and adapt the results for an open source auditing framework. Unfortunately, we were not able to finish this project yet, but we think the students should get some attention for their work independent from our side. So here is a short summary of what the students created and the corresponding repositories.

Requirements

The desired result was an audit framework that fulfills the following requirements:

Cross-platform Usability

The audit modules should be written in a way that allows the same rule set to be tested on a variety of operating systems ranging from Windows and OS X to different Linux distributions.

Open Definition of Audit Steps

The framework should allow the user to freely define and modify audit steps, ideally separating the rules and the framework.

Collection of Test Artifacts

To verify audit results later (and to have resources for a Proof-of-Concept), the framework should collect all configuration parameters and used files used and include them in the output.

Automated Analysis of the Collected Data

The audit framework should automatically analyze the collected data to provide simple Pass/Failed result flags for each defined test.

Results

Over the span of 14 weeks, five groups developed their approach in coordination with a contact person at ERNW. A total of three milestones were defined by the groups to show their progress and gather feedback from the customer. The third milestone represented the final presentation of the finished product.

Hochschule Mannheim and ERNW decided that the projects should be realized in Golang, as Go is perfectly suitable for cross-platform applications that are simple to run on other systems due to the possibility of static compilation.

In the following sections we want to spotlight some features of all five approaches. We didn’t select a “winner” project, all five groups delivered interesting ideas and fulfilled our requirements within the very limited time frame. Especially, as the primary focus was for the students to use their theoretical knowledge gained in university courses about software engineering, professional communication with a customer, etc. in a simulated real-life scenario.

about_blank

Source code: https://gitlab.com/about-blank/mtac

Highlights:
– YAML configuration files
– Implemented basic commands (find, grep) in Go for cross-platform compatibility

Just Go IT

Source code: https://github.com/Just-Go-IT/EZAudit

Highlights:
– JSON configuration files
– A broad variety of Linux commands available (although not natively implemented)
– More modules can easily be added

Jungbusch Softwareschmiede

Source code: https://github.com/Jungbusch-Softwareschmiede/jungbusch-auditorium

Highlights:
– Own file format for configuration files
– Native implementation of basic commands

6 in a Row

Source code: https://github.com/6inarow/Auditheia

Highlights:
– JSON configuration files
– Module-less architecture
– Commands can be concatenated
– Scripting support through Goja JavaScript engine

Seculeet

Source code: https://github.com/Seculeet/secuteel

Highlights:
– JSON configuration files
– Scripting through Goja JavaScript engine
– Limited set of allowed executables to call

We hope to release a tool based on the ideas of the students to the public at some point. If you reuse some ideas, please give credit to the corresponding students, they did a great job and deserve a mention. 😉

Cheers!