# |
Test Name |
Result Details |
11 |
Test presence of CollPack |
Red-Hat_Enterprise-Linux_6.1r2-Pre5.spz.zip file not found |
12 |
Test presence of EULA in collpack |
|
21 |
Verify single default CONNECTION METHOD |
Found 1 nodes:
-- NODE --
SYSLOG |
22 |
Ensure all taxonomy is valid |
Line TaxonomyKey,Target,SubTarget,Action,SubAction,EventTaxonomy,EventOutcome
in taxonomy.map had problems: | Target unrecognized | SubAction unrecognized |
24 |
Verify DeviceName with RV31 |
|
28 |
Verify Collector Pack UUID Conflict |
Red-Hat_Enterprise-Linux,9634E5E0-B803-102B - is unique and does not have any node-level conflicts with other collector packs |
29 |
Verify Collector Pack Controls |
Control 'Global Setup' is not found in package.xml
Control 'Dashboard Status' is not found in package.xml
Control 'Implementation Audit Trail' is not found in package.xml
Control 'Event Trends' not found in package.xml
Control 'Collector Management' is not found in package.xml |
31 |
All events should have DeviceEventTime, DeviceEventTimeString, EventName, Message, Severity |
23
events matched test criteria:<br/>The following events failed
this test:<br/>Line 9: et=; evt=Collector Internal Message;
xdastaxname=; msg=Parsing failed: TypeError: Cannot call method
"search" of undefined; input: Oct 31 12:42:12 linuxtest vsftpd[3241]:
Mon Oct 31 12:42:12 2005 [pid 3241] [root] OK LOGIN: Client
"127.0.0.1<br/>Line 11: et=; evt=Red Hat Enterprise Linux useradd
Event; xdastaxname=; msg=useradd[17914]: new group: name=heebu123,
GID=504 |
32 |
All events should have an Observer IP or hostname |
23
events matched test criteria:<br/>The following events failed
this test:<br/>Line 9: et=; evt=Collector Internal Message;
xdastaxname=; msg=Parsing failed: TypeError: Cannot call method
"search" of undefined; input: Oct 31 12:42:12 linuxtest vsftpd[3241]:
Mon Oct 31 12:42:12 2005 [pid 3241] [root] OK LOGIN: Client
"127.0.0.1<br/>Line 11: et=; evt=Red Hat Enterprise Linux useradd
Event; xdastaxname=; msg=useradd[17914]: new group: name=heebu123,
GID=504 |
33 |
All events should report the Collector name and UUID |
23 events matched test criteria:<br/>All events passed. |
401 |
Account events (create, delete, modify, enable, disable, change password) should have InitUserName |
5
events matched test criteria:<br/>The following events failed
this test:<br/>Line 2: et=Sat May 08 2010 11:18:57 GMT-0400
(EDT); evt=passwd: Password changed;
xdastaxname=XDAS_AE_SET_CRED_ACCOUNT; msg=pam_unix(passwd:chauthtok):
password changed for heebu<br/>Line 3: et=Sat May 08 2010
11:19:48 GMT-0400 (EDT); evt=passwd: Password change failed;
xdastaxname=XDAS_AE_SET_CRED_ACCOUNT; msg=pam_unix(passwd:chauthtok):
new password not acceptable<br/>Line 12: et=Fri May 07 2010
16:53:29 GMT-0400 (EDT); evt=useradd: Account Created Successfully;
xdastaxname=XDAS_AE_CREATE_ACCOUNT; msg=new user: name=heebu123,
UID=503, GID=504, home=/home/heebu123, shell=/bin/bash<br/>Line
13: et=Fri May 07 2010 16:53:51 GMT-0400 (EDT); evt=useradd: Account
Created Successfully; xdastaxname=XDAS_AE_CREATE_ACCOUNT; msg=new user:
name=nawaz123, UID=504, GID=504, home=/home/nawaz123,
shell=/bin/bash<br/>Line 14: et=Tue May 25 2010 11:10:00 GMT-0400
(EDT); evt=userdel: User deleted; xdastaxname=XDAS_AE_DELETE_ACCOUNT;
msg=delete user `Testuser2' |
402 |
Account events (create, delete, modify, enable, disable, change password) should have TargetUserName |
5
events matched test criteria:<br/>The following events failed
this test:<br/>Line 2: et=Sat May 08 2010 11:18:57 GMT-0400
(EDT); evt=passwd: Password changed;
xdastaxname=XDAS_AE_SET_CRED_ACCOUNT; msg=pam_unix(passwd:chauthtok):
password changed for heebu<br/>Line 3: et=Sat May 08 2010
11:19:48 GMT-0400 (EDT); evt=passwd: Password change failed;
xdastaxname=XDAS_AE_SET_CRED_ACCOUNT; msg=pam_unix(passwd:chauthtok):
new password not acceptable<br/>Line 12: et=Fri May 07 2010
16:53:29 GMT-0400 (EDT); evt=useradd: Account Created Successfully;
xdastaxname=XDAS_AE_CREATE_ACCOUNT; msg=new user: name=heebu123,
UID=503, GID=504, home=/home/heebu123, shell=/bin/bash<br/>Line
13: et=Fri May 07 2010 16:53:51 GMT-0400 (EDT); evt=useradd: Account
Created Successfully; xdastaxname=XDAS_AE_CREATE_ACCOUNT; msg=new user:
name=nawaz123, UID=504, GID=504, home=/home/nawaz123,
shell=/bin/bash<br/>Line 14: et=Tue May 25 2010 11:10:00 GMT-0400
(EDT); evt=userdel: User deleted; xdastaxname=XDAS_AE_DELETE_ACCOUNT;
msg=delete user `Testuser2' |
403 |
All account queries should have TargetUserName |
0 events matched test criteria:<br/> |
404 |
User Login events should have TargetUserName |
7
events matched test criteria:<br/>The following events failed
this test:<br/>Line 1: et=Thu Jan 20 2011 02:40:23 GMT-0500
(EST); evt=sshd(pam_unix): Session opened;
xdastaxname=XDAS_AE_CREATE_SESSION; msg=session opened for user root by
root(uid=0)<br/>Line 4: et=Thu Jan 20 2011 02:41:32 GMT-0500
(EST); evt=remote(pam_unix): Authentication failure;
xdastaxname=XDAS_AE_AUTHENTICATE_ACCOUNT; msg=authentication failure;
logname= uid=0 euid=0 tty=pts/1 ruser= rhost=172.16.12.199
<br/>Line 7: et=Thu Oct 28 2010 12:54:13 GMT-0400 (EDT);
evt=unix_chkpwd: check pass; xdastaxname=XDAS_AE_CREATE_SESSION;
msg=check pass; user unknown<br/>Line 8: et=Thu Oct 28 2010
13:37:03 GMT-0400 (EDT); evt=su(pam_unix): Become session opened;
xdastaxname=XDAS_AE_CREATE_SESSION; msg=session opened for user root by
esec(uid=500)<br/>Line 10: et=Sun Oct 31 2010 12:39:46 GMT-0400
(EDT); evt=vsftpd(pam_unix): Authentication failure;
xdastaxname=XDAS_AE_AUTHENTICATE_ACCOUNT; msg=authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=127.0.0.1
user=root<br/>Line 16: et=Thu Jan 20 2011 02:42:15 GMT-0500
(EST); evt=sshd: Authentication denied;
xdastaxname=XDAS_AE_AUTHENTICATE_ACCOUNT; msg=Failed password for root
from ::ffff:172.16.12.199 port 32771 ssh2<br/>Line 17: et=Thu Jan
20 2011 02:42:33 GMT-0500 (EST); evt=sshd: Authentication denied;
xdastaxname=XDAS_AE_AUTHENTICATE_ACCOUNT; msg=Invalid user kidddd from
::ffff:172.16.12.199 |
405 |
User Logout should have InitUserName |
2
events matched test criteria:<br/>The following events failed
this test:<br/>Line 15: et=Sat May 08 2010 11:42:36 GMT-0400
(EDT); evt=su: Become session closed;
xdastaxname=XDAS_AE_TERMINATE_SESSION; msg=pam_unix(su-l:session):
session closed for user heebu<br/>Line 23: et=Tue May 25 2010
18:28:59 GMT-0400 (EDT); evt=crond(pam_unix): Session closed;
xdastaxname=XDAS_AE_TERMINATE_SESSION; msg=session closed for user root |
411 |
Trust events (create, delete, modify) should have InitUserName |
2
events matched test criteria:<br/>The following events failed
this test:<br/>Line 21: et=Tue May 25 2010 11:10:01 GMT-0400
(EDT); evt=groupdel: Group deleted; xdastaxname=XDAS_AE_DELETE_TRUST;
msg=remove group `Testuser2'<br/>Line 22: et=Tue May 25 2010
10:45:06 GMT-0400 (EDT); evt=groupadd: Group added;
xdastaxname=XDAS_AE_CREATE_TRUST; msg=new group: name=newgroup1, gid=535 |
412 |
Trust events (create, delete, modify) should have TargetTrustName |
2
events matched test criteria:<br/>The following events failed
this test:<br/>Line 21: et=Tue May 25 2010 11:10:01 GMT-0400
(EDT); evt=groupdel: Group deleted; xdastaxname=XDAS_AE_DELETE_TRUST;
msg=remove group `Testuser2'<br/>Line 22: et=Tue May 25 2010
10:45:06 GMT-0400 (EDT); evt=groupadd: Group added;
xdastaxname=XDAS_AE_CREATE_TRUST; msg=new group: name=newgroup1, gid=535 |
413 |
Trust events (query) should have TargetTrustName |
0 events matched test criteria:<br/> |
414 |
Trust events (associate, deassociate) should have InitUserName |
0 events matched test criteria:<br/> |
415 |
Trust events (associate, deassociate) should have TargetTrustName and TargetUserName |
0 events matched test criteria:<br/> |
416 |
Resource access to trust (grant, revoke) should have InitUserName |
0 events matched test criteria:<br/> |
417 |
Resource access to trust (grant, revoke) should have TargetTrustName and TargetDataName |
0 events matched test criteria:<br/> |
418 |
Resource access to user (grant, revoke) should have InitUserName |
0 events matched test criteria:<br/> |
419 |
Resource access to user (grant, revoke) should have TargetUserName and TargetDataName |
0 events matched test criteria:<br/> |
421 |
DataItem events (create, delete, modify) should have InitUserName |
0 events matched test criteria:<br/> |
422 |
DataItem events (create, delete, modify) should have TargetDataName |
0 events matched test criteria:<br/> |
423 |
DataItem events (open, close, modify, query) should have InitUserName |
0 events matched test criteria:<br/> |
424 |
DataItem events (open, close, modify, query) should have TargetDataName |
0 events matched test criteria:<br/> |
425 |
DataItem query attributes event should have TargetDataName |
0 events matched test criteria:<br/> |
431 |
Session Modification events should have InitUserName |
0 events matched test criteria:<br/> |
441 |
System events (start, shutdown) should have InitUserName |
0 events matched test criteria:<br/> |
442 |
System events (start, shutdown) should have TargetHostName or TargetIP |
0 events matched test criteria:<br/> |
443 |
Service events (install, remove, enable, disable, invoke, terminate, config, modify) should have InitUserName |
4
events matched test criteria:<br/>The following events failed
this test:<br/>Line 6: et=Thu Jan 20 2011 02:46:21 GMT-0500
(EST); evt=xinetd: START: telnet; xdastaxname=XDAS_AE_ENABLE_SERVICE;
msg=START: telnet pid=3375 from=172.16.12.199<br/>Line 18: et=Thu
May 13 2010 12:36:12 GMT-0400 (EDT); evt=crontab: BEGIN EDIT;
xdastaxname=XDAS_AE_INVOKE_SERVICE; msg=(root) BEGIN EDIT
(root)<br/>Line 19: et=Thu May 13 2010 12:25:52 GMT-0400 (EDT);
evt=anacron: Service started; xdastaxname=XDAS_AE_INVOKE_SERVICE;
msg=Anacron 2.3 started on 2009-05-13<br/>Line 20: et=Thu May 13
2010 12:57:51 GMT-0400 (EDT); evt=crond: Cronjob Running;
xdastaxname=XDAS_AE_INVOKE_SERVICE; msg=(root) CMD (run-parts
/etc/cron.hourly) |
444 |
Service events (install, remove, enable, disable, invoke, terminate, config, modify) should have TargetServiceName |
4
events matched test criteria:<br/>The following events failed
this test:<br/>Line 6: et=Thu Jan 20 2011 02:46:21 GMT-0500
(EST); evt=xinetd: START: telnet; xdastaxname=XDAS_AE_ENABLE_SERVICE;
msg=START: telnet pid=3375 from=172.16.12.199 |
445 |
Service events (config, query) should have TargetServiceName |
0 events matched test criteria:<br/> |
451 |
Resource events (backup) should have InitUserName |
0 events matched test criteria:<br/> |
452 |
Resource events (backup) should have TargetDataName |
0 events matched test criteria:<br/> |
453 |
Resource events (corrupt, exhaust) should have TargetDataName |
0 events matched test criteria:<br/> |
461 |
All WorkFlow events should have TargetDataName and TargetDataContainer |
0 events matched test criteria:<br/> |
471 |
Malware infected events should have TargetDataName |
0 events matched test criteria:<br/> |
472 |
Malware infected events should have TargetHostName or TargetIP |
0 events matched test criteria:<br/> |