RE: Linux auditing checklist, documents


DISA came out with a listing of Security Technical Implementation Guides
(Stigs) that are used as a baseline for all DoD systems. Everything
from Web Servers, *nix, Windows, even go into Databases, and VoIP. Good
place to start, and if you do some digging you will see they have a
checklist, and some scripts if you wish to run them.

http://iase.disa.mil/stigs/stig/index.html

Regards,

J.A. Simmons V
EDS - Navy Marine Corps Intranet (NMCI)
Information Assurance Engineer
jsimmons@xxxxxxx

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Clement Dupuis
Sent: Monday, December 18, 2006 8:54 PM
To: 'urandom character special device';
security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Linux auditing checklist, documents

You must visit http://www.cisecurity.org/

They have great benchmark and checklist.

Have fun

Clement
http://www.cccure.org
http://www.professionalsecuritytesters.org


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of urandom character special device
Sent: Sunday, December 17, 2006 5:26 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Linux auditing checklist, documents

I am Linux System Administrator at a telecom provider. Our customer
inform us to send soon independent security auditors to have a look at
our Linux systems. They will have a root password and make an in deep
analysis of the systems.

I wish to prepare. What "commands" and "config files" they will look?
Are there Linux Security Guidelines? They wont use automated tools.

------------------------------------------------------------------------
---
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetec
t
------------------------------------------------------------------------
---

Relevant Pages

  • RE: [Full-Disclosure] M$ Getting Better?
    ... I worked on *nix before I started on anything from MS. ... speak *nix in meetings just like I don't say I can speak Windows API. ... My issue with this list isn't that people are about security, ... Could I secure a *nix system? ...
    (Full-Disclosure)
  • Re: Application & Iplanet/Apache web server vulnerability and penetration testing
    ... >> on iPlanet and Apache web servers. ... I don't know what to do on the web servers other than delete example ... Any suggestions on iPlanet and Apache security? ...
    (Pen-Test)
  • RE: Securing web site with redundancy ?
    ... I was wondering if there was a way to set up 2 "redundant" web servers ... Ethical Hacking at the InfoSec Institute. ... Ethical Hacker to better assess the security of your organization. ... interaction with one of our expert instructors. ...
    (Pen-Test)
  • Re: MicroMonopoly aids Terrorism?
    ... > If you weren't implying that users switching to *nix would make them ... The point is having one monopoly Desktop OS is a National Security risk ... > Switching half the desktop computers to *nix would not have made ...
    (microsoft.public.security)
  • Re: MicroMonopoly aids Terrorism?
    ... > If you weren't implying that users switching to *nix would make them ... The point is having one monopoly Desktop OS is a National Security risk ... > Switching half the desktop computers to *nix would not have made ...
    (microsoft.public.windowsxp.security_admin)