Guidelines on Security Audit
Able Baker
ablebakerrh at gmail.com
Thu Oct 8 19:59:37 UTC 2009
Greetings. My employer has purchased a smaller company which has
two servers running RHEL 5.1. As part of the M&A process, we need to do a
security review on these RHEL systems. While we have some people with some
past unix experience, it's not current and certainly not in RHEL. The other
company purchased the systems turnkey from a vendor, and they have even less
RHEL administration experience than our IT team.
Can you point me to some good resources which outline a proper security
review for a RHEL installation? We are, of course, aware of the obvious
things such as strong password controls (using PAM, apparently), making sure
that the systems don't have listeners on unused ports (netstat -tunap), and
the like. But, like all systems, there must be nuances that would escape
the naive person.
Any directions to reliable resources will be appreciated.
Thank you.
More information about the redhat-list
mailing list