Hello Daniweb users.

I am a security analyst who needs to currently audit the compliance rate of machines for my client. He is having both Windows and Linux machines including AIX. I want to know rather than doing a manual check i.e. document to document, is there any tool (preferablly open source or free tool) which I can use to conduct this check. The reason being that the client is having more than 20 machines to be checked and it will take a long time to audit all of it. Hope anyone can share their experience in compliance checking or suggest any tools to be used for this activity. Thanks a bunch in advance. Thank you.

5 Years
Discussion Span
Last Post by Bheeman89

No. Compliance checks/analysis requires that the factors that indicate a system is in/out of compliance are very specific to a particular organization. Assuming your are paid by the hour, this is a nice contract to have. Do it dilligently, and be thorough in your report. FWIW, I am a senior systems engineer with a tier-one mobile phone manufacturer, and have been an IT consultant for years. There are no shortcuts for this sort of work. I am also a director of a major IEEE consulting network (and previous chairman) - this sort of work has been my bread and butter for years... :-)


Thank you for reply Mr. Rubberman. I am aware of your statement where this has to be done manually. However there are few tools such as Nessus & Nexpose which say they are ableto do the compliance checking. Have you tried those tools? Hoping for a feedback from you because we are planning to purchase any one of it if it is a dead end for us. Thank you.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.