Guidelines on Security Audit
David Miller
millerdc at fusion.gat.com
Thu Oct 8 21:14:58 UTC 2009
Here are a few guides guides.
NSA hardening guide for RHEL5
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
RedHat's hardening guide for RHEL5
http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf
CentOS(exact clone of RHEL5) Guide.
http://wiki.centos.org/HowTos/OS_Protection
David.
On Oct 8, 2009, at 12:59 PM, Able Baker wrote:
> Greetings. My employer has purchased a smaller company which has
> two servers running RHEL 5.1. As part of the M&A process, we need
> to do a
> security review on these RHEL systems. While we have some people
> with some
> past unix experience, it's not current and certainly not in RHEL.
> The other
> company purchased the systems turnkey from a vendor, and they have
> even less
> RHEL administration experience than our IT team.
>
> Can you point me to some good resources which outline a proper
> security
> review for a RHEL installation? We are, of course, aware of the
> obvious
> things such as strong password controls (using PAM, apparently),
> making sure
> that the systems don't have listeners on unused ports (netstat -
> tunap), and
> the like. But, like all systems, there must be nuances that would
> escape
> the naive person.
>
> Any directions to reliable resources will be appreciated.
>
> Thank you.
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list