I'm looking for good security audit tools to check system security in Unix/Linux environments. I've found nessus to be a good tool, but a tool is needed also to check ssh configurations, file permissions and so on... Any suggestions? It would be necessary to perform these test from remote pc (with ssh for example).
Last edited by tsorvoja; 12th June 2008 at 08:42 AM.
Reason: added more info
this is what i do as my day job, and i've found nothing works better than some homebrew shell scripts executed over ssh.
nessus, especially the commercial v3 with compliance support is good - you write an xml-type file and it checks things like permissions etc; plus write a nasl script and get it executed over ssh, which is what i originally did before i replaced it all with shell scripts (bit more reliable across platforms).
nmap has a new scripting engine thats getting interesting too.