FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 12-09-2008, 10:21 PM
"Richard Hartmann"
 
Default Tying debsecan & Zabbix (or RT) together?

Hi all,

I am wondering if anyone has created a script to feed debsecan
data into Zabbix. Alternatively, a solution with lets RT parse &
classify debsecan output would be great.

How are you handling this? Self-baked scripts to parse your
daily mail? Are you doing it by hand? Not at all?


Thanks
Richard


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-09-2008, 11:48 PM
Ron Johnson
 
Default Tying debsecan & Zabbix (or RT) together?

On 12/09/08 17:21, Richard Hartmann wrote:

Hi all,

I am wondering if anyone has created a script to feed debsecan
data into Zabbix. Alternatively, a solution with lets RT parse &
classify debsecan output would be great.


Zabbix being???


How are you handling this? Self-baked scripts to parse your
daily mail? Are you doing it by hand? Not at all?


--
Ron Johnson, Jr.
Jefferson LA USA

How does being physically handicapped make me Differently-Abled?
What different abilities do I have?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-10-2008, 07:05 AM
"Richard Hartmann"
 
Default Tying debsecan & Zabbix (or RT) together?

On Wed, Dec 10, 2008 at 01:48, Ron Johnson <ron.l.johnson@cox.net> wrote:

> Zabbix being???


A monitoring solution[1] which has agents[2] running on the monitored
system which report to a server[3].

If you are interested in the idea I had, it's the first hit with google. If
you are not, why ask? Or is it customary to link to all software
mentioned which is not in base? If yes, please let me know and I
will do from now on


Richard

[1] http://www.zabbix.com/download.php
[2[ http://packages.debian.org/lenny/zabbix-server-pgsql
[3] http://packages.debian.org/lenny/zabbix-agent


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-10-2008, 07:13 AM
Ron Johnson
 
Default Tying debsecan & Zabbix (or RT) together?

On 12/10/08 02:05, Richard Hartmann wrote:

On Wed, Dec 10, 2008 at 01:48, Ron Johnson <ron.l.johnson@cox.net> wrote:


Zabbix being???



A monitoring solution[1] which has agents[2] running on the monitored
system which report to a server[3].

If you are interested in the idea I had, it's the first hit with google. If
you are not, why ask? Or is it customary to link to all software
mentioned which is not in base? If yes, please let me know and I
will do from now on


No, it's just polite to provide some context when referring to
generally-unfamiliar software.


--
Ron Johnson, Jr.
Jefferson LA USA

How does being physically handicapped make me Differently-Abled?
What different abilities do I have?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-10-2008, 07:18 AM
"Richard Hartmann"
 
Default Tying debsecan & Zabbix (or RT) together?

On Wed, Dec 10, 2008 at 09:13, Ron Johnson <ron.l.johnson@cox.net> wrote:

> No, it's just polite to provide some context when referring to
> generally-unfamiliar software.

I was under the impression that it's quite well-known. But we
both know what the other means, so yah


Richard


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-11-2008, 02:54 PM
Hugo Vanwoerkom
 
Default Tying debsecan & Zabbix (or RT) together?

Richard Hartmann wrote:

On Wed, Dec 10, 2008 at 09:13, Ron Johnson <ron.l.johnson@cox.net> wrote:


No, it's just polite to provide some context when referring to
generally-unfamiliar software.


I was under the impression that it's quite well-known. But we
both know what the other means, so yah



I sit here with Debian Sid 8 hrs more or less every day and this is the
first time I hear of debsecan and Zabbix (or RT) ;-)


Hugo


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-14-2008, 06:29 PM
Florian Weimer
 
Default Tying debsecan & Zabbix (or RT) together?

* Richard Hartmann:

> How are you handling this? Self-baked scripts to parse your
> daily mail? Are you doing it by hand? Not at all?

What would be required for Zabbix integration? What kind of data does
Zabbix need?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-14-2008, 07:21 PM
"Richard Hartmann"
 
Default Tying debsecan & Zabbix (or RT) together?

On Sun, Dec 14, 2008 at 20:29, Florian Weimer <fw@deneb.enyo.de> wrote:

> What would be required for Zabbix integration?

Bascially, the zabbix agent would need a plugin/module/script which
it can use to forward data.


> What kind of data does Zabbix need?

It can collect, and then trigger on, arbitrary data. In this case, it
would probably make sense to collect CVE number, remote/local,
the package in question, the version in question, the severity and
if there is a fix available. If any of this changes (probably only the
availability of a fix or if a fixed package has been installed), it
should send new data.

I will poke the zabbix guys about specifics and get back to you
on this.
I take it you have an interest in this to make centralised host
security management easier?


Richard


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-14-2008, 07:25 PM
Florian Weimer
 
Default Tying debsecan & Zabbix (or RT) together?

* Richard Hartmann:

>> What kind of data does Zabbix need?
>
> It can collect, and then trigger on, arbitrary data. In this case, it
> would probably make sense to collect CVE number, remote/local,
> the package in question, the version in question, the severity and
> if there is a fix available.

The default debsecan output format might suffice for this.

> If any of this changes (probably only the availability of a fix or
> if a fixed package has been installed), it should send new data.

However, it does not contain change detection.

> I take it you have an interest in this to make centralised host
> security management easier?

Yes, but I don't know if Zabbix is part of the solution.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-14-2008, 07:37 PM
"Richard Hartmann"
 
Default Tying debsecan & Zabbix (or RT) together?

On Sun, Dec 14, 2008 at 21:25, Florian Weimer <fw@deneb.enyo.de> wrote:

> Yes, but I don't know if Zabbix is part of the solution.

Well, Zabbix is not ideal as it's a non-common tool. eMail
is a lot nicer, there are not automated parsers for something
like this.
A SNMP based solution or something like syslog might be
something to think about.

I think we agree that the end goal needs to be $something
which can present the security status information of a lot
of hosts in a portable format, ideally with different backends
like www, cli, X/GTK/Qt, eMail, etc


Richard


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 10:08 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org