Bitdefender misconfigurations based on OpenSCAP profile ?

OpenSCAP (NIST certified) is widely use to check configurations based on security standard specifications (governments agencies i.e DISA or ANSSI, finance industry i.e PCI-DSS, ...). It can (must) be used for servers but also for desktops.

Is Bitdefender using those profiles and if yes which one, and if not, where can we have the technical details of the configuration checks (Windows but also Linux)

Thank you in advance,

Best Answer

Answers

  • Gjoksi
    Gjoksi Defender of the month mod

    Hello.

    Since you need help with business product, @Alex_Dr or @Andra_B could take a look here and help you.

    Also, you can always contact the Bitdefender business support:

    https://www.bitdefender.com/business/support/en/71263-85158-contact.html

    Regards.

  • Hi,

    Thank you we will use support if needed, but i think it is a very interesting question for the community of users

    Best regards,

  • Hi @ceov

    Thank you for your question.

    In this case, it would be the best to open a ticket so that my colleagues from the Enterprise Technical Support Department can help you, and answer all your questions.

    Please keep me posted, how it went.

    Kind regards,

    Andra_B

  • ceov
    ceov
    edited September 2022

    We will not have time the check that with your support desk.

    For our understanding/guess, BitDefender Linux misconfiguration checks are based on CIS "Red Hat Enterprise Linux 8 Benchmark for Level 1 - Server" and "Red Hat Enterprise Linux 8 Security Technical Implementation Guide (STIG)" security profiles

  • 1 year later we still have numerous misconfigurations that we can't fix specially on Linux. One of the reason is that we still don't know which benchmark is enforced by Bitdefender, even if it is very likely to be CIS, and which tests are done.

    We made tests on Ubuntu 22.04.3, Opensuse 15.5, and Fedora 38 passing CIS Level 2 remediation fixes which makes most checks PASS on OpenSCAP and FAILS on Bitdefender.

    Most of the misconfigurations FAILS are auditd checks, for example :

    CIS Workstation L2 benchmark rule that is described by Tenable here https://www.tenable.com/audits/items/CIS_Ubuntu_22.04_LTS_v1.0.0_Server_L2.audit:ed52a887fd290275acf0cd1ee2dc38a2 is PASSED manually but FAIL on Bitdefender.

    Same for other auditd recording on umount syscalls, creat, open, openat, truncate, and ftruncate syscalls, unlink, unlinkat, rename, renameat syscalls, ...

    We would like a documentation of the exact check per rule done by Bitdefender and have debugging logs for the misconfiguration module to be effective.

  • Please contact Bitdefender Business Support by visiting https://www.bitdefender.com/support/contact-us.html?last_page=BusinessCategory.

    Additionally, you can reach out to @Alex_Dr, @Andra_B or @Andrei_S Enterprise from the Enterprise team, and they will be able to assist you.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • We are currently in contact with Bitdefender support, hope it goes to Level 3, we already shared all extended logs.

    How can we reach the persons you suggest ?

    Regards,