What is a configuration audit?
The level of security of computer systems dependent on software patch management and how well software is configured. A configuration audit helps to discover weaknesses in the way the software is tuned for its purpose. Auditing tools can be of great help here to automate this task.
- Linux and PCI-DSS » Auditing systems for PCI-DSS
There are 2 tool collections available that cover configuration audit:
The following security tools are linked to configuration audit and are worth investigating.
- 360-FAAR (firewall analysis tool)
- Cloud Security Suite (cloud security toolkit)
- Docker Bench for Security (Docker security scanner)
- LUNAR (system security scanner)
- Lynis (security scanner and compliance auditing tool)
- OpenSCAP (suite with tools and security data)
- Prowler (AWS benchmark tool)
- VHostScan (virtual host scanner)
- orthrus (security framework and auditing tool)
- otseca (system information gathering tool)
- ssh_scan (SSH configuration and policy scanner)