Guidelines on Security Audit

[Michael Ward]

Look into SELinux, it runs on all RHEL5 servers but probably is not set to
enforcing. 
You can set it to permissive mode(if it isn't set to enforcing already)
without disturbing anything and watch the security logs.
It will start spitting out potential security vulnerabilities. This should
give you a starting point into your review. 

http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

The guide above will give you info into securing just about anything in
RHEL5.

I hope this helps.

Regards, 
Michael Ward
Redhat Linux Administrator
Metro State College of Denver
303-352-4225

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]
On Behalf Of Able Baker
Sent: Thursday, October 08, 2009 2:00 PM
To: redhat-list at redhat.com
Subject: Guidelines on Security Audit

Greetings.  My employer has purchased a smaller company which has
two servers running RHEL 5.1.  As part of the M&A process, we need to do a
security review on these RHEL systems.  While we have some people with some
past unix experience, it's not current and certainly not in RHEL.  The other
company purchased the systems turnkey from a vendor, and they have even less
RHEL administration experience than our IT team.

Can you point me to some good resources which outline a proper security
review for a RHEL installation?  We are, of course, aware of the obvious
things such as strong password controls (using PAM, apparently), making sure
that the systems don't have listeners on unused ports (netstat -tunap), and
the like.  But, like all systems, there must be nuances that would escape
the naive person.

Any directions to reliable resources will be appreciated.

Thank you.
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list