Scc is a sparrow plugin that could be run over terminal to check security best practice of your Linux conf files :
- sshd
- sudoers
- bind
- redis
- sysctl
more services are coming , check it out and let me know what you think https://github.com/melezhik/sparrow-plugins/tree/master/scc
Is it just me or is the results output kinda spammy?
I mean, I’m all for information and stuff, but do I really need to know the regex?
I’d love to have this as an option, when I think, that the tool provided a false positive, but for routine checks, I’m feeling a bit overwhelmed
More interesting it would be, to just show me the parts, that are seemingly an issue and some description, why it is an issue.
With that output, I’ll probably have an easier time just checking the config file myself
But maybe, that’s just me…
Thanks. This is going to be addressed here - https://github.com/melezhik/Sparrow6/issues/13