Hello Daniweb users.

I am a security analyst who needs to currently audit the compliance rate of machines for my client. He is having both Windows and Linux machines including AIX. I want to know rather than doing a manual check i.e. document to document, is there any tool (preferablly open source or free tool) which I can use to conduct this check. The reason being that the client is having more than 20 machines to be checked and it will take a long time to audit all of it. Hope anyone can share their experience in compliance checking or suggest any tools to be used for this activity. Thanks a bunch in advance. Thank you.

Recommended Answers

All 2 Replies

No. Compliance checks/analysis requires that the factors that indicate a system is in/out of compliance are very specific to a particular organization. Assuming your are paid by the hour, this is a nice contract to have. Do it dilligently, and be thorough in your report. FWIW, I am a senior systems engineer with a tier-one mobile phone manufacturer, and have been an IT consultant for years. There are no shortcuts for this sort of work. I am also a director of a major IEEE consulting network (and previous chairman) - this sort of work has been my bread and butter for years... :-)

Thank you for reply Mr. Rubberman. I am aware of your statement where this has to be done manually. However there are few tools such as Nessus & Nexpose which say they are ableto do the compliance checking. Have you tried those tools? Hoping for a feedback from you because we are planning to purchase any one of it if it is a dead end for us. Thank you.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.