Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
UNIX and Linux Security Checklist

UNIX and Linux Security Checklist

Ratings: (0)|Views: 74 |Likes:
Published by Asif Mahbub

More info:

Published by: Asif Mahbub on Nov 18, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





UNIX and Linux SecurityChecklist v3.0AusCERT public release2007-07-25
 This document has been published by the Australian ComputerEmergency Response Team (AusCERT). It provides a checklist of steps to improve the security of UNIX and Linux systems. Weencourage system administrators to review all sections of thisdocument and if appropriate modify their systems to fix potentialweaknesses. The checklist is structured to follow the lifecycle of a system, fromplanning and installation to recovery and maintenance. Sections Ato G of the checklist are best applied to a system before it isconnected to the network for the first time. In addition, the checklistcan be reapplied on a regular basis, to audit conformance.No two organisations are the same, so in applying the checklistconsideration should be given to the appropriateness of each actionto your particular situation. Rather than enforcing a singleconfiguration, this checklist will identify the specific choices andpossible security controls that should be considered at each stage.Operating system specific footnotes throughout the document offersome additional information to help with applying these steps onspecific UNIX and Linux variants. The most current version of this document is available athttp://www.auscert.org.au/1935We will continue to update this checklist. Any comments should bedirected via email to auscert@auscert.org.au.Before using this document, please ensure you have the latestversion. New versions of this checklist will be available via the URLlisted above and should be checked for periodically.
AusCERT advises that this information is provided without warranty -sites should ensure that actions and procedures taken frominformation in this document are verified and in accordance withsecurity policies that are in place within their organisation. Listing of 
software products or tools within this document does not constituteendorsement by AusCERT or The University of Queensland.
A. Determine Appropriate Security
Apply your organisation's information security policy to guide thedecisions made in this section.
A.1 Computer role
First decide on and document the role of this computer. This meansspecifying exactly which services the computer will provide.Example computer roles are:
email server and email virus/spam scanner
user workstation for word processing, email and web browsing
combined web server / database server
A.2 Assess security needs of each kind of datahandled
 The security measures appropriate for this computer will dependgreatly on what information will be stored on it, or pass through it.
For Internet connected computers, even for unimportant data, acertain baseline level of security will be required, to stop thiscomputer being used as a platform to attack further into thenetwork or other external networks. The following steps will help to determine the security needs of thissystem:
1. Data on this system
Considering the computer role, identify each kind of information thatwill be handled by this computer. Examples are:
office emails
client personal data
private keys and certificates
source code being developed in-house The list should also identify information such as user passwords,which may be typed into this computer but which also give accessto other systems that use the same password.
2. Threats
 Consider the potential threats to each kind of information identifiedabove. Which classes of attacker will be motivated to read, modifyor disable each of these kinds of data?Consideration of the threat should include both targeted andindiscriminate attacks.
Targeted attacks:
 Targeted attacks refer to those where attackers may specificallytarget your business or your customers. Depending on the kind of information processed, threats may include malicious changes by adisgruntled insider, a denial of service attack for the purpose of extortion, or industrial espionage or sabotage.
Indiscriminate attacks:
All computers on the Internet are subject to these threats. Someorganisations believe that their systems will not be of interest toattackers; this is incorrect. Attackers are interested in controllingyour computers for a number of reasons, including to launch attackson other organisations, to send spam, or to capture users'authentication credentials.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->