Report examples

Note: These are only examples.

These examples are from root level and site level reports.

Root level

Security audit report for Cloverleaf ROOT.

Summary:

Severity Number of alerts
High 2
Medium 0
Low 0

Server INI:

Classification Severity Key Description
DEFINITIVE HIGH audit_server_used Turning off the Audit Server prevents oversight of activity on the system. This makes detection of a data breach and malicious behavior difficult to track.

Ignorance of a data breach is not defense against liability for a data breach. Strongly consider turning this feature back on.

DEFINITIVE HIGH seciurity_server_used

basic_security_enabled

Cloverleaf is working on None Security mode. Advanced Security mode ensures that the maximum amount of defensive support is enabled within Cloverleaf.

Basic Security does mitigate some risk through user security enforced by certificates, but it is not the recommended level of security. Ensure strong business needs are driving the running of Cloverleaf on Basic Security.

Ensure that the maximum amount of defensive support is enabled within Cloverleaf by turning on Advanced Security mode.

Site level

Security audit report for site hvshd04.

Summary:

Severity Number of alerts
High 11
Medium 0
Low 0

TCL scripting

Mitigation:

Permitting a command to manipulate the host operating system, or files on the file system, makes the system vulnerable to command injection. Command injection is an attack in that the goal is running malicious commands on the host operating system. In this attack, the attacker-supplied operating system commands are usually run with the privileges of the vulnerable application. The best remediation is to not permit or encourage this functionality. If this is not feasible, then all user-supplied input needs to be validated to ensure unintentional or malicious OS commands are not permitted.

Classification Severity Path Line Description
SUSPECT HIGH C:\191r2\cis19.1\integrator\hvshd04\tclprocs\clud.tcl 254 The delete method is called.
SUSPECT HIGH C:\191r2\cis19.1\integrator\hvshd04\tclprocs\clud.tcl 259 The delete method is called.
SUSPECT HIGH C:\191r2\cis19.1\integrator\hvshd04\tclprocs\clud.tcl 305 The delete method is called.