Security Basics mailing list archives

Re: Linux auditing checklist, documents

From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Tue, 19 Dec 2006 13:30:58 +0530

On 17/12/06 11:25 +0100, urandom character special device wrote:

I am Linux System Administrator at a telecom provider. Our customer
inform us to send soon independent security auditors to have a look at
our Linux systems. They will have a root password and make an in deep
analysis of the systems.

 am not quite sure I would allow a random third party root access to my
 servers.

I wish to prepare. What "commands" and "config files" they will look?
Are there Linux Security Guidelines? They wont use automated tools.


I am not an auditor, so take this with a pinch of salt:

Lots of Linux security guidelines on the net. Personally, I would look at
permissions on config files, up-to-dateness of patches, running
processes, and a comparison of your configuration against your security
policy.

Devdas Bhagat

Current thread:

Linux auditing checklist, documents urandom character special device (Dec 18)
- Re: Linux auditing checklist, documents Saqib Ali (Dec 19)
- RE: Linux auditing checklist, documents Clement Dupuis (Dec 19)
  - RE: Linux auditing checklist, documents Simmons, James (Dec 21)
- RE: Linux auditing checklist, documents Gurpreet Singh (Dec 19)
  - Re: Linux auditing checklist, documents jm (Dec 21)
- Re: Linux auditing checklist, documents Devdas Bhagat (Dec 19)
- <Possible follow-ups>
- RE: Linux auditing checklist, documents Hayes, Bill (Dec 19)
- Re: Linux auditing checklist, documents barcajax (Dec 19)
- RE: Linux auditing checklist, documents Gurpreet Singh (Dec 21)
- Re: Linux auditing checklist, documents jsimmons (Dec 21)