Is there any code out there to monitor that (a) iptables is running (not just set to everything allowed) (b) SELinux is enabled
I've looked on Xymonton, the Xymon archives and Google but not found anything. Obviously, checking that these are running is anywhere between nice and critical if one either has a server exposed to the Internet or need to pass regulatory security checks.
The way I would ideally have liked these to work (but beggers can't be choosers!) is that the iptables check would work a bit like the port checks in analysis.cfg so one can check if particular rules are enabled (and the default policy on chains), and SELinux would also be monitored and configured in analysis.cfg with options to go yellow or red depending on the state of the enabled/disabled, permissive/enforcing and targeted/strict toggles.
This then allows for sending alerts to managers if someone disables security measures on a server.
Kind regards,
SebA