Bitdefender misconfigurations based on OpenSCAP profile ?

ceov · 2022-09-12T15:53:38+00:00

There was an error rendering this rich post.

OpenSCAP (NIST certified) is widely use to check configurations based on security standard specifications (governments agencies i.e DISA or ANSSI, finance industry i.e PCI-DSS, ...). It can (must) be used for servers but also for desktops.

Is Bitdefender using those profiles and if yes which one, and if not, where can we have the technical details of the configuration checks (Windows but also Linux)

Thank you in advance,

Find more posts tagged with

Accepted answers

Flexx

https://community.bitdefender.com/en/discussion/comment/329587#Comment_329587

You can directly open their profile and send them a private message. Note that the respective staff member will only respond back when they will be active on the forum.

Regards

All comments

Gjoksi

Hello.

Since you need help with business product, @Alex_Dr or @Andra_B could take a look here and help you.

Also, you can always contact the Bitdefender business support:

https://www.bitdefender.com/business/support/en/71263-85158-contact.html

Regards.

ceov

Hi,

Thank you we will use support if needed, but i think it is a very interesting question for the community of users

Best regards,

Andra_B

Hi @ceov

Thank you for your question.

In this case, it would be the best to open a ticket so that my colleagues from the Enterprise Technical Support Department can help you, and answer all your questions.

Please keep me posted, how it went.

Kind regards,

Andra_B

ceov

We will not have time the check that with your support desk.

For our understanding/guess, BitDefender Linux misconfiguration checks are based on CIS "Red Hat Enterprise Linux 8 Benchmark for Level 1 - Server" and "Red Hat Enterprise Linux 8 Security Technical Implementation Guide (STIG)" security profiles

ceov

1 year later we still have numerous misconfigurations that we can't fix specially on Linux. One of the reason is that we still don't know which benchmark is enforced by Bitdefender, even if it is very likely to be CIS, and which tests are done.

We made tests on Ubuntu 22.04.3, Opensuse 15.5, and Fedora 38 passing CIS Level 2 remediation fixes which makes most checks PASS on OpenSCAP and FAILS on Bitdefender.

Most of the misconfigurations FAILS are auditd checks, for example :

CIS Workstation L2 benchmark rule that is described by Tenable here https://www.tenable.com/audits/items/CIS_Ubuntu_22.04_LTS_v1.0.0_Server_L2.audit:ed52a887fd290275acf0cd1ee2dc38a2 is PASSED manually but FAIL on Bitdefender.

Same for other auditd recording on umount syscalls, creat, open, openat, truncate, and ftruncate syscalls, unlink, unlinkat, rename, renameat syscalls, ...

We would like a documentation of the exact check per rule done by Bitdefender and have debugging logs for the misconfiguration module to be effective.

Flexx

https://community.bitdefender.com/en/discussion/comment/329510#Comment_329510

Please contact Bitdefender Business Support by visiting https://www.bitdefender.com/support/contact-us.html?last_page=BusinessCategory.

Additionally, you can reach out to @Alex_Dr, @Andra_B or @Andrei_S Enterprise from the Enterprise team, and they will be able to assist you.

Regards

ceov

We are currently in contact with Bitdefender support, hope it goes to Level 3, we already shared all extended logs.

How can we reach the persons you suggest ?

Regards,

Flexx

https://community.bitdefender.com/en/discussion/comment/329587#Comment_329587

You can directly open their profile and send them a private message. Note that the respective staff member will only respond back when they will be active on the forum.

Regards