The Secureframe Agent checks for the following device configuration settings:
- Hard Drive Encrypted
- The drive mounted as root needs to be encrypted
- The encryption process will vary based on the flavor of Linux being used
- ZFS encryption is not currently supported because of a limitation in osquery
- Password Policy
- If you are having issues with this check, please follow these steps:
- Install the augeas-lenses library and PAM module by running the following commands in your terminal
sudo apt install augeas-lenses
sudo apt install libpam-pwquality- Some Linux distributions may already have these libraries installed
- More technical information about the PAM module
- Open the /etc/pam.d/common-password file
- Find the line that includes "pam_pwquality.so"
- Add "minlen=8 minclass=3" to the end of that line, to look something like this:
-
password requisite pam_pwquality.so retry=3 minlen=8 minclass=3
- Install the augeas-lenses library and PAM module by running the following commands in your terminal
- --------------------------------------------------------------------------------------------
- The Password Policy check requires the following criteria:
- Minimum password length of at least 8
- Minimum class of at least 3
- The classes of characters are digits, upper letters, lower letters, and special characters.
- Requiring a minimum class of 3 means that many classes must be in the password.
- The Password Policy check will not pass until you have both updated the password requirements and changed your password to comply with these requirements.
- These instructions were taken in part from this article.
- If you are having issues with this check, please follow these steps:
- Local Firewall Enabled
- This check is looking to see if the Debian Uncomplicated Firewall (UFW) is installed and configured.
- More information on Uncomplicated Firewall (UFW)
Note:
- The Secureframe Agent does not currently pull Native Anti-Virus due to Linux not having a native antivirus solution.
- The Secureframe Agent does not pull Screen Lock information due to the data being different depending on the windows manager being used.