Compoly
Home
Analyse
Download
Documentation
News
Links
 
Welcome to the official Compoly website!
Compoly is an open source tool to analyse policy compliance for IT systems such as MS Windows, UNIX versions or Cisco IOS. Best for an Information Security assessment, Sarbanes-Oxley 404 or NIST compliance testing and to support internal/external IT audits. Download the latest off-line version and start to use it.
Because each organization has it's own policies and standards, a set of industry "best practices" were used to compile general policies and standards. However, the tool contains policies in a editable XML Knowledge Base. So, it is easy to adjust standards to specific requirements. See Documentation for details.
On-line analysis could be done in 3 easy steps:
Step 1: Download a collection script for your system. Run it on the system with high (root or administrator) privileges. No installation is required. All scripts are text base. So verify them for your peace of mind.
Step 2: Upload the generated XML file or a Cisco IOS configuration file to the web site over SSL encrypted connection. We provide a free service. So, the certificate is a self-signed and is not from vendors like Verisign. Specify your email address as an optional parameter. It is used to store your configuration preferences or special standards to analyse against.
Step 3: Select analysis and report parameters. Then push the button and generate the report.
System "Best Practice" Standard (BPS) Number of tests Collection Script
Network Operating Systems
Sun Solaris (UNIX) [Tested: 5.8] BPS-UNIX Solaris TBD assess_sun.sh (ver 2.2)
IBM AIX (UNIX) [Tested: 5.2, 5.3] BPS-UNIX AIX 19 assess_aix.sh (ver 2.7)
HP-UX (UNIX) [Tested: 11.x] TBD TBD assess_hpux.sh (ver 0.5)
Linux General (UNIX) [Tested: Fedora Core 3-6] TBD TBD assess_linux.sh (ver 1.4)
MS Windows Server [Tested: w2k+SP4, w2k3] TBD TBD TBD
MS Domain/Active Directory [Tested: NT4-w2k3] TBD TBD assess_dom.bat (ver 0.2)
Databases
IBM DB2 on UNIX TBD TBD assess_db2.sh (ver 0.7)
Oracle TBD TBD TBD
MS SQL TBD TBD TBD
Routers/Firewalls
Cisco IOS [Tested: 12.0-12.4, PIX] BPS-Cisco IOS 22

Use command "show run" to extract the configuration and save it as a text file.
 
Links
Similar project with standards (benchmarks) and tools - Center for Internet Security, Nessus.
NIST and SANS are good source of standards and guidelines.
 
News
12/03/2006 Now the on-line analysis supports zip and tar archives. Plus, more final report options are available.
11/19/2006 New web site design and more online analysis functionality.
 
  About   |   Legal   |   Contact   Copyright (C) 2005-2006 by Eugene Taylashev