Re: Scripts for OS security audit

[Robert Escue <roescue () cox net>]

Noaman Khan wrote:
> Hi all,
>
> I need to do OS level security audit for Linux/Solaris servers. Below
> are some of things i would like to check
>
> - Operating system resources security
> - Configuration settings security for OS
> - Network services security such as ssh, snmp, ftp, nfs etc security
> - User resources (home directories)
> - whether logging is active such as failed logs etc
> - password aging settings such as max age, min age
> - password complexity
> - password storage file security such as /etc/passwd and /etc/shadow
>
> I know couple of tools such as tiger and some other shell scripts
> which do part of what is required. Wondering if anyone know some
> tool/script which do all of above.
>
> Thanks in advance
>
> Noaman
>
>
>   
Noaman,

As I just went through this process with DISA (Defense Information 
Systems Agency), this is dependent on the version of the OS and what 
specific features you want implemented and to what level.

At work I use three different versions of Solaris and two different 
versions of Linux. This makes writing a generic script as  best 
challenging since you have to address the change in functionality 
amongst versions of the same OS. For example if I want to shut off 
sendmail on Solaris 8 I would use a command that would rename the 
/etc/init.d/sendmail and /etc/rc2.d/S81sendmail scripts so that they 
would not be executed at boot time. In the case of Solaris 10 I would 
issue the svcadm command to disable sendmail.

While there are tools available such as the CIS Security Benchmarks 
(http://www.cisecurity.org/), I prefer to come up with my own script for 
securing Solaris, which is a work in progress.

Another thing you might want to consider is locking down the machines 
you build during the installation through scripts run as the OS is being 
installed (JumpStart and KickStart).


Robert Escue
System Administrator