Noaman Khan wrote:
Hi all,
I need to do OS level security audit for Linux/Solaris servers. Below
are some of things i would like to check
- Operating system resources security
- Configuration settings security for OS
- Network services security such as ssh, snmp, ftp, nfs etc security
- User resources (home directories)
- whether logging is active such as failed logs etc
- password aging settings such as max age, min age
- password complexity
- password storage file security such as /etc/passwd and /etc/shadow
I know couple of tools such as tiger and some other shell scripts
which do part of what is required. Wondering if anyone know some
tool/script which do all of above.
Thanks in advance
Noaman
Noaman,
As I just went through this process with DISA (Defense Information
Systems Agency), this is dependent on the version of the OS and what
specific features you want implemented and to what level.
At work I use three different versions of Solaris and two different
versions of Linux. This makes writing a generic script as best
challenging since you have to address the change in functionality
amongst versions of the same OS. For example if I want to shut off
sendmail on Solaris 8 I would use a command that would rename the
/etc/init.d/sendmail and /etc/rc2.d/S81sendmail scripts so that they
would not be executed at boot time. In the case of Solaris 10 I would
issue the svcadm command to disable sendmail.
While there are tools available such as the CIS Security Benchmarks
(http://www.cisecurity.org/), I prefer to come up with my own script for
securing Solaris, which is a work in progress.
Another thing you might want to consider is locking down the machines
you build during the installation through scripts run as the OS is being
installed (JumpStart and KickStart).
Robert Escue
System Administrator
