About Configuration Security Monitoring
One of the most important steps you can take toward securing your cloud servers is to ensure that their operating systems and applications are properly hardened against attack. Maintaining attack-resistant software configurations makes it much more difficult for intruders to gain a foothold on your systems.
The configuration security monitoring feature of CloudPassage® Halo® allows you to monitor the details of your configuration settings, system files, running processes, ownership and permissions to ensure that no unauthorized changes are made that could compromise server security.
Once you set up configuration-security monitoring, Halo regularly scans all of your protected servers, looks for settings that have changed and therefore are violating policy. Halo reports its findings back to the Halo Portal or directly to you through email alerts.
In scanning each server, Halo applies a set of rules that specify what the secure configuration for that server should be. Each set of rules is called a configuration policy; you can simply adopt one of the Halo-provided default policies, you can customize a default policy to better fit it to your server configurations, or you can create a policy wholly from scratch.
To set up and use configuration-security monitoring, you'll follow these basic steps:
- Define a server group that includes similarly configured servers. Servers with the same O.S. and application configurations can share the same configuration policy.
- Create or find a configuration policy that can detect departures from your defined secure configuration in those servers. Assign that policy to your server group.
- Enable automatic configuration scanning and set a scan frequency, or else manually execute a scan.
After a scan completes, you can examine the scan report in the Halo Portal. If you have set up alerting, you may also have email notifications alerting you to critical configuration-security issues. Use that information to remediate detected issues by restoring the proper configuration settings to the affected servers.
If you need to customize a Halo-provided configuration policy or create your own, you will see that policies are made of rules, and rules are made of checks. You can learn the details of how all configuration checks work by consulting Appendix: Configuration Policy Rule Checks, at the end of this document.
For ideas on what kinds of issues and specific settings you might want to detect with configuration-security monitoring, see Best Practices for Configuration Scanning.