Security Basics: Re: Linux auditing checklist, documents

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: Linux auditing checklist, documents

From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Tue, 19 Dec 2006 13:30:58 +0530

On 17/12/06 11:25 +0100, urandom character special device wrote:

I am Linux System Administrator at a telecom provider. Our customer
inform us to send soon independent security auditors to have a look at
our Linux systems. They will have a root password and make an in deep
analysis of the systems.

 am not quite sure I would allow a random third party root access to my
 servers.

I wish to prepare. What "commands" and "config files" they will look?
Are there Linux Security Guidelines? They wont use automated tools.


I am not an auditor, so take this with a pinch of salt:

Lots of Linux security guidelines on the net. Personally, I would look at
permissions on config files, up-to-dateness of patches, running
processes, and a comparison of your configuration against your security
policy.

Devdas Bhagat

By Date By Thread

Current thread:

Re: Linux auditing checklist, documents, (continued)
- Re: Linux auditing checklist, documents Saqib Ali (Dec 19)
- RE: Linux auditing checklist, documents Clement Dupuis (Dec 19)
  - RE: Linux auditing checklist, documents Simmons, James (Dec 21)
- RE: Linux auditing checklist, documents Gurpreet Singh (Dec 19)
  - Re: Linux auditing checklist, documents jm (Dec 21)
- Re: Linux auditing checklist, documents Devdas Bhagat (Dec 19)
- RE: Linux auditing checklist, documents Hayes, Bill (Dec 19)
- Re: Linux auditing checklist, documents barcajax (Dec 19)
- RE: Linux auditing checklist, documents Gurpreet Singh (Dec 21)
- Re: Linux auditing checklist, documents jsimmons (Dec 21)