DISA came out with a listing of Security Technical Implementation Guides
(Stigs) that are used as a baseline for all DoD systems. Everything
from Web Servers, *nix, Windows, even go into Databases, and VoIP. Good
place to start, and if you do some digging you will see they have a
checklist, and some scripts if you wish to run them.
http://iase.disa.mil/stigs/stig/index.html
Regards,
J.A. Simmons V
EDS - Navy Marine Corps Intranet (NMCI)
Information Assurance Engineer
jsimmons@eds.com
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Clement Dupuis
Sent: Monday, December 18, 2006 8:54 PM
To: 'urandom character special device';
security-basics@securityfocus.com
Subject: RE: Linux auditing checklist, documents
You must visit http://www.cisecurity.org/
They have great benchmark and checklist.
Have fun
Clement
http://www.cccure.org
http://www.professionalsecuritytesters.org
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of urandom character special device
Sent: Sunday, December 17, 2006 5:26 AM
To: security-basics@securityfocus.com
Subject: Linux auditing checklist, documents
I am Linux System Administrator at a telecom provider. Our customer
inform us to send soon independent security auditors to have a look at
our Linux systems. They will have a root password and make an in deep
analysis of the systems.
I wish to prepare. What "commands" and "config files" they will look?
Are there Linux Security Guidelines? They wont use automated tools.
------------------------------------------------------------------------
---
This list is sponsored by: ByteCrusher
Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.
http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetec
t
------------------------------------------------------------------------
---
