Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • 546-sap-successfactors-3rd-try
  • 545-sap-successfactors-2nd-try
  • 542-sap-successfactors
  • 543-onboard-imagenow-oidc-metadata-and-remove-deprecated-oidc-metadata
  • 544-update-webfocus-prod-metadata
  • 541-onboard-webfocus-production-metadata
  • 540-sso-service-request-h5p
  • 518-update-oidc-metadata-scopes
  • 539-onboard-uno-its-appdev-self-service-metadata-prd
  • 538-onboard-short-urls-qa-metadata-for-uno-app-dev
  • 537-onboard-updated-hotel-engine-sp
  • 531-onboard-metadata-for-hpe-aruba-central
  • 536-unk-salesforce-cert-update
  • 535-onboard-uno-its-appdev-self-service-metadata
  • 534-onboard-omaha-credentialed-service
  • 533-update-ehswastecollection-metadata
  • 532-h5p-onboarding
  • 530-update-ianr-arcgis-metadata
  • 529-update-cert-for-http-webapp2-dev-local-unomaha-edu-8000
20 results
Compare
Name Last commit Last update
app/scripts
release
.gitignore
.gitlab-ci.yml
Makefile
README.md
VERSION
roadmap.md
README.md

Check Clearpass Compliance

Description

This is a Bash script that checks if a Linux machine is compliant with a ClearPass policy. ClearPass is a network access control solution developed by Aruba Networks that enables organizations to enforce security policies on devices that connect to their networks.

The script performs the following compliance checks:

Operating system version: The script checks if the machine is running an approved version of the Linux operating system.
Patch level: The script checks if the system is up-to-date
Antivirus software: The script checks if approved antivirus software is running 
Firewall: The script checks if the local firewall is enbled
System wide encryption: The script checks if the system has system wide encryption enabled

If the machine passes all checks, the script prints "Machine is in compliance with ClearPass policy." and returns ExitCode "= 0. Otherwise, the script prints an error message indicating which check failed and returns ExitCode := 1.

This script can be used as part of an automated compliance checking process or as a standalone tool to check the compliance of individual machines. It can be easily modified to add or remove compliance checks, and can be integrated into existing automation workflows using Git hooks or other tools.

Approved Linux Versions

  • Alma 8.8, 9.2 
  • Debian 11.7, 12 (we could include 10.13, but just as an exception)
  • Fedora, releases 37 and 38 
  • Oracle 7.9, 8.7. 9.1
  • Pop!_OS 20.04, 22.04 
  • RedHat 7.9, 8.7, 9.1
  • Rocky 8.7, 9.1 
  • Slackware 14.0, 14.1, 14.2, 15.0
  • SuSE SLES 12 SP5, SLES 15 SP4
  • Ubuntu 20.04, 22.04, 23.04

Tests

Badges

Visuals

Nothing to see yet!

Installation

```bash
git clone https://git.unl.edu/itss-public/check_clearpass_compliance.git
mkdir -p ~/bin/
cp  check_clearpass_compliance/check_clearpass_compliance.sh ~/bin/
```

Usage

```bash
./check_compliance.sh 
```

Support

Send a ticket to support@nebraska.edu or create an issue

Roadmap

- [ ] Operating system version: The script checks if the machine is running an approved version of the Linux operating system.
- [ ] Patch level: The script checks if the system is up-to-date
- [ ] Antivirus software: The script checks if approved antivirus software is running 
- [ ] Firewall: The script checks if the local firewall is enbled
- [ ] System wide encryption: The script checks if the system has system wide encryption enabled

Contributing

Please request access to the repo and contribute! :)

Authors and acknowledgment

License

MIT

Project status

Active