Report examples
These examples are from root level and site level reports.
Root level
Security audit report for Cloverleaf ROOT.
Summary:
Severity | Number of alerts |
---|---|
High | 2 |
Medium | 0 |
Low | 0 |
Server INI:
Classification | Severity | Key | Description |
---|---|---|---|
DEFINITIVE | HIGH | audit_server_used |
Turning off the Audit Server prevents oversight of activity on
the system. This makes detection of a data breach and malicious behavior difficult
to track. Ignorance of a data breach is not defense against liability for a data breach. Strongly consider turning this feature back on. |
DEFINITIVE | HIGH | seciurity_server_used
|
Cloverleaf is working on None Security mode. Advanced Security
mode ensures that the maximum amount of defensive support is enabled within
Cloverleaf. Basic Security does mitigate some risk through user security enforced by certificates, but it is not the recommended level of security. Ensure strong business needs are driving the running of Cloverleaf on Basic Security. Ensure that the maximum amount of defensive support is enabled within Cloverleaf by turning on Advanced Security mode. |
Site level
Security audit report for site hvshd04.
Summary:
Severity | Number of alerts |
---|---|
High | 11 |
Medium | 0 |
Low | 0 |
TCL scripting
Mitigation:
Permitting a command to manipulate the host operating system, or files on the file system, makes the system vulnerable to command injection. Command injection is an attack in that the goal is running malicious commands on the host operating system. In this attack, the attacker-supplied operating system commands are usually run with the privileges of the vulnerable application. The best remediation is to not permit or encourage this functionality. If this is not feasible, then all user-supplied input needs to be validated to ensure unintentional or malicious OS commands are not permitted.
Classification | Severity | Path | Line | Description |
---|---|---|---|---|
SUSPECT | HIGH | C:\191r2\cis19.1\integrator\hvshd04\tclprocs\clud.tcl | 254 | The delete method is called. |
SUSPECT | HIGH | C:\191r2\cis19.1\integrator\hvshd04\tclprocs\clud.tcl | 259 | The delete method is called. |
SUSPECT | HIGH | C:\191r2\cis19.1\integrator\hvshd04\tclprocs\clud.tcl | 305 | The delete method is called. |