Guidelines on Security Audit
m.roth at 5-cent.us
m.roth at 5-cent.us
Thu Oct 8 21:33:41 UTC 2009
> Greetings. My employer has purchased a smaller company which has
> two servers running RHEL 5.1. As part of the M&A process, we need to do a
> security review on these RHEL systems. While we have some people with
> some past unix experience, it's not current and certainly not in RHEL. The
> other company purchased the systems turnkey from a vendor, and they have
even
> less RHEL administration experience than our IT team.
>
> Can you point me to some good resources which outline a proper security
> review for a RHEL installation? We are, of course, aware of the obvious
> things such as strong password controls (using PAM, apparently), making
> sure that the systems don't have listeners on unused ports (netstat
-tunap),
> and the like. But, like all systems, there must be nuances that would
escape
> the naive person.
>
> Any directions to reliable resources will be appreciated.
Several things: first, if the other company purchased it as a turnkey
solution, you should find out if they still have support; if so, support
should help you with this.
Second, there are a number of security scanners - I haven't done it in a
while, and don't remember which I used.
Finally, many if not most of the NIST's recommendations are based on
Bastille Linux. This is *not* a distro, but a set of hardening scripts
that will walk you through about 20 pages or so of questions, and then
shut down everything that doesn't need to be open, or running, and fix
permissions.
I've used that on my own firewall/router at home, and have been on
broadband for nine or ten years, and have not had a single intrusion, to
the best of my knowledge.
Hope this helps.
mark
More information about the redhat-list
mailing list