Security Basics: RE: Linux auditing checklist, documents

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

RE: Linux auditing checklist, documents

From: "Simmons, James" <jsimmons () eds com>
Date: Tue, 19 Dec 2006 14:39:20 -0600

 
DISA came out with a listing of Security Technical Implementation Guides
(Stigs) that are used as a baseline for all DoD systems.  Everything
from Web Servers, *nix, Windows, even go into Databases, and VoIP.  Good
place to start, and if you do some digging you will see they have a
checklist, and some scripts if you wish to run them.

http://iase.disa.mil/stigs/stig/index.html

Regards,

J.A. Simmons V
EDS - Navy Marine Corps Intranet (NMCI)
Information Assurance Engineer
jsimmons () eds com

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Clement Dupuis
Sent: Monday, December 18, 2006 8:54 PM
To: 'urandom character special device';
security-basics () securityfocus com
Subject: RE: Linux auditing checklist, documents

You must visit http://www.cisecurity.org/ 

They have great benchmark and checklist.  

Have fun

Clement
http://www.cccure.org
http://www.professionalsecuritytesters.org 


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of urandom character special device
Sent: Sunday, December 17, 2006 5:26 AM
To: security-basics () securityfocus com
Subject: Linux auditing checklist, documents

I am Linux System Administrator at a telecom provider. Our customer
inform us to send soon independent security auditors to have a look at
our Linux systems. They will have a root password and make an in deep
analysis of the systems.

I wish to prepare. What "commands" and "config files" they will look?
Are there Linux Security Guidelines? They wont use automated tools.

------------------------------------------------------------------------
---
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetec
t
------------------------------------------------------------------------
---

By Date By Thread

Current thread:

Linux auditing checklist, documents urandom character special device (Dec 18)
- Re: Linux auditing checklist, documents Saqib Ali (Dec 19)
- RE: Linux auditing checklist, documents Clement Dupuis (Dec 19)
  - RE: Linux auditing checklist, documents Simmons, James (Dec 21)
- RE: Linux auditing checklist, documents Gurpreet Singh (Dec 19)
  - Re: Linux auditing checklist, documents jm (Dec 21)
- Re: Linux auditing checklist, documents Devdas Bhagat (Dec 19)
- <Possible follow-ups>
- RE: Linux auditing checklist, documents Hayes, Bill (Dec 19)
- Re: Linux auditing checklist, documents barcajax (Dec 19)