How to use Baselining to your advantage in Open-AudIT

By Daniel Carter

For auditing and management purposes it can be advantageous to baseline individual devices against a fixed, known gold standard device. Baselines enable you to combine audit data with a set of attributes you have previously defined (your baseline) to determine the compliance of devices.

For example – you might create a baseline from a device running CentOS 6 that acts as one of your Apache servers in a cluster. You know this particular server is configured to your standards, but you’re unsure if the other servers in the cluster are configured correctly. Baselines enable you to determine this.

The steps required for this process are outlined below.

1. Identify the device that is your gold standard that you want to compare similar devices against:

  • First focus on what the end goal is, are you trying to baseline software, users, or Netstat data? What are the critical aspects to compare and report on?
  • Do you have a gold standard for this configuration? Perhaps a device located in a lab environment or a workstation you use to clone workstation VMs from.

2. Create a Baseline for the exemplary device:

  • In Open-AudIT Enterprise, Select Manage -> Baselines -> List Baselines from the top menu
  • To create a new entry click the Create button in the top right-hand corner 
  • Detailed instructions on creating Baselines can be found here – Baselines

3. Determine how often you want to run the Baseline check against the database and create a Scheduled Report:

  • Select Report -> Scheduled Reports from the top menu
  • To create a new entry click the Create button in the top right-hand corner
  • Note – Under Type make sure to select Baseline, and under Group you should select a Group of devices that apply to this baseline, selecting similar groups of devices will prevent erroneous entries to be logged.
  • More information on Scheduling Tasks can be found here – How to Schedule Tasks in Open-AudIT.