SUA - Software Usage Analysis - Server Config
0 Votes |
Versioning - This is the latest version.
1 | SUA - Software Usage Analysis - Server Config | 10/2/2013 12:38:29 PM |
2 | SUA - Software Usage Analysis - Server Config | 10/2/2013 1:09:14 PM |
3 | SUA - Software Usage Analysis - Server Config | 10/2/2013 1:28:45 PM |
4 | SUA - Software Usage Analysis - Server Config | 11/13/2013 10:10:35 AM |
5 | SUA - Software Usage Analysis - Server Config | 11/13/2013 12:31:42 PM |
6 | SUA - Software Usage Analysis - Server Config | 12/6/2013 11:11:55 AM |
Description
This Analysis audits many different aspects of the SUA server setup.
Latest version found here: http://bigfix.me/analysis/details/2994602
References:
http://technet.microsoft.com/en-us/library/cc739424(v=ws.10).aspx
https://www.ibm.com/developerworks/community/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Securing%20a%20TEMA%20installationhttps://www.ibm.com/developerworks/community/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Securing%20a%20TEMA%20installation
Property Details
2994611 | |
Beta - Preliminary testing ready for more | |
SUA - Software Usage Analysis - Server Config | |
BESC | |
jgstew on 12/6/2013 11:11:55 AM | |
jgstew on 12/6/2013 11:11:55 AM | |
9188 Views / 19 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Properties
DB Server Config
Period
2 days
* Results in a true/false |
lines whose(it does not contain "password") of file "database.yml" of folder "config" of (parent folder of folder (parenthesized part of match (regex "^%22?([^%22]+)\\TEMAnalytics.exe%22?") of (value whose (name of it = "ImagePath") of keys "HKLM\SYSTEM\CurrentControlSet\services\TEMA" of registry as string)))
Version
Period
2 days
* Results in a true/false |
(parenthesized part of match (regex "['%22]([\d\.]+)['%22]") of concatenation of lines containing "full_string" of file (parent folder of folder (parenthesized part of match (regex "^%22?([^%22]+)\\TEMAnalytics.exe%22?") of (value whose (name of it = "ImagePath") of keys "HKLM\SYSTEM\CurrentControlSet\services\TEMA" of registry as string)) as string & "\work\tema\webapp\WEB-INF\config\version.rb")) as string
reg config
Period
2 days
* Results in a true/false |
(name of it & " -> " & it as string) of values of key "TEMA\Parameters\Java" of key whose(exists key "TEMA" of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation" of registry
reg service config
Period
2 days
* Results in a true/false |
(name of it & " -> " & it as string) of values of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TEMA" of registry
JVM
Period
2 days
* Results in a true/false |
value "Jvm" of key "TEMA\Parameters\Java" of key whose(exists key "TEMA" of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation" of registry
Java Version
Period
2 days
* Results in a true/false |
file "java.dll" of parent folder of parent folder of file ((it as string) of (value "Jvm" of key "TEMA\Parameters\Java" of key whose(exists key "TEMA" of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation" of registry))
DB Server
Period
2 days
* Results in a true/false |
unique values of (following text of first "host:" of it as trimmed string) of lines whose(it contains "host:") of file "database.yml" of folder "config" of (parent folder of folder (parenthesized part of match (regex "^%22?([^%22]+)\\TEMAnalytics.exe%22?") of (value whose (name of it = "ImagePath") of keys "HKLM\SYSTEM\CurrentControlSet\services\TEMA" of registry as string)))
Java Max Memory
Period
1 day
* Results in a true/false |
value "JvmMx" of key "TEMA\Parameters\Java" of key whose(exists key "TEMA" of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation" of registry
Successful Imports
Period
1 day
* Results in a true/false |
number of files whose(exists lines whose(it contains " INFO: Import succeeded in ") of it) of folder "log\imports" of (parent folder of folder (parenthesized part of match (regex "^%22?([^%22]+)\\TEMAnalytics.exe%22?") of (value whose (name of it = "ImagePath") of keys "HKLM\SYSTEM\CurrentControlSet\services\TEMA" of registry as string)))
Bin Folder Path
Period
2 days
* Results in a true/false |
((it as string) of parenthesized part of match (regex "^%22?([^%22]+)\\TEMAnalytics.exe%22?") of (it as string) of value whose (name of it = "ImagePath") of keys "HKLM\SYSTEM\CurrentControlSet\services\TEMA" of registry)
master.tag
Period
2 days
* Results in a true/false |
(it as trimmed string) whose(it does not start with "#" AND it != "") of lines of file "master.tag" of folder "admin" of parent folder of folder ((it as string) of parenthesized part of match (regex "^%22?([^%22]+)\\TEMAnalytics.exe%22?") of (it as string) of value whose (name of it = "ImagePath") of keys "HKLM\SYSTEM\CurrentControlSet\services\TEMA" of registry)
login account of service "TEMA"
Period
2 days
* Results in a true/false |
login account of service "TEMA"
SUA service user member of local admin group?
Period
6 hours
* Results in a true/false |
/* This may not work, or be applicable in all cases */ exists members whose(it as string as lowercase contains following text of first "\" of (it as string as lowercase) of login account of service "TEMA") of local group "Administrators"
SUA RAM usage
Period
6 hours
* Results in a true/false |
working set size of process whose (name of it as lowercase is "temanalytics.exe")
SUA RAM usage - WMI
Period
6 hours
* Results in a true/false |
((((string value of selects "WorkingSetSize from win32_process where Name = 'temanalytics.exe'" of wmi) as integer) / (1024*1024)) as string & " MB")
Relevance
isWindows (Relevance 1172)
windows of operating system
exists folder (parent folder of folder (parenthesized part of match (regex "^%22?([^%22]+)\\TEMAnalytics.exe%22?") of (value whose (name of it = "ImagePath") of keys "HKLM\SYSTEM\CurrentControlSet\services\TEMA" of registry as string)) as string & "\work\tema\webapp\WEB-INF\domains\sam")
Sharing
Social Media: |