Scribd Logo
Importer

Bienvenue sur Scribd !

  • Linux Audit Check List

    Transféré par

    scorpiyanz
    88 vues3 pages
    The document contains a list of commands to check system configurations and software installations on Linux servers. It includes commands to check filesystem usage, network configurations, software versions, service statuses, password policies, log files, access controls and security settings. It also lists files and directories that contain important configuration information and logs.

    Description originale:

    Linux audit check list

    Titre original

    Linux audit check list

    Copyright

    © © All Rights Reserved

    Formats disponibles

    TXT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    The document contains a list of commands to check system configurations and software installations on Linux servers. It includes commands to check filesystem usage, network configurations, software versions, service statuses, password policies, log files, access controls and security settings. It also lists files and directories that contain important configuration information and logs.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    88 vues3 pages

    Linux Audit Check List

    Transféré par

    scorpiyanz
    The document contains a list of commands to check system configurations and software installations on Linux servers. It includes commands to check filesystem usage, network configurations, software versions, service statuses, password policies, log files, access controls and security settings. It also lists files and directories that contain important configuration information and logs.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 3

    Commands:

    =====================================
    df -h
    echo $PATH
    grep /tmp /etc/fstab
    grep /var/log /etc/fstab
    grep /var/log/audit /etc/fstab
    uname -r
    cat /etc/redhat-release
    stat -c "%u %g" /etc/grub.conf | egrep "0 0"
    chkconfig --list avahi-daemon
    yum list dhcp
    yum list openldap-servers
    yum list openldap-clients
    chkconfig --list nfslock
    chkconfig --list rpcbind
    yum list bind
    yum list vsftpd
    yum list httpd
    yum list dovecot
    yum list samba
    yum list squid
    yum list net-snmp
    /sbin/sysctl net.ipv4.ip_forward
    yum list tcp_wrappers
    cat /etc/hosts.allow
    /bin/ls -l /etc/hosts.allow
    grep "ALL: ALL" /etc/hosts.deny
    /bin/ls -l /etc/hosts.deny
    yum list rsyslog
    chkconfig --list syslog
    chkconfig --list rsyslog
    ls -l /var/log/
    grep max_log_file_action /etc/audit/auditd.conf
    grep identity /etc/audit/audit.rules
    grep logins /etc/audit/audit.rules
    grep scope /etc/audit/audit.rules
    chkconfig --list anacron
    stat -c "%a %u %g" /etc/cron.d | egrep ".00 0 0"
    grep "^Protocol" /etc/ssh/sshd_config
    grep "^PermitRootLogin" /etc/ssh/sshd_config
    grep "^PermitEmptyPasswords" /etc/ssh/sshd_config
    grep "^ClientAliveInterval" /etc/ssh/sshd_config
    grep "^ClientAliveCountMax" /etc/ssh/sshd_config
    grep "^AllowUsers" /etc/ssh/sshd_config
    grep "^AllowGroups" /etc/ssh/sshd_config
    grep "^DenyUsers" /etc/ssh/sshd_config
    grep "^DenyGroups" /etc/ssh/sshd_config
    grep "^Banner" /etc/ssh/sshd_config
    chkconfig --list iptables
    grep pam_cracklib.so /etc/pam.d/system-auth
    grep pam_passwdqc.so /etc/pam.d/system-auth
    grep "pam_faillock" /etc/pam.d/password-auth
    grep pam_unix.so /etc/pam.d/password-auth | grep success=1
    grep "pam_faillock" /etc/pam.d/system-auth
    grep pam_unix.so /etc/pam.d/system-auth | grep success=1
    authconfig --test | grep hashing | grep sha512
    grep "remember" /etc/pam.d/system_auth
    cat /etc/securetty
    grep pam_wheel.so /etc/pam.d/su
    grep wheel /etc/group
    grep PASS_MAX_DAYS /etc/login.defs
    chage --list <user> from user passwd
    grep PASS_MIN_DAYS /etc/login.defs
    grep PASS_WARN_AGE /etc/login.defs
    grep root /etc/passwd | cut -f4 -d:
    grep "^UMASK=077" /etc/bashrc
    grep "^umask 077" /etc/profile
    useradd -D | grep INACTIVE
    egrep '(\\v|\\r|\\m|\\s)' /etc/issue
    egrep '(\\v|\\r|\\m|\\s)' /etc/motd
    /bin/ls -l /etc/passwd
    /bin/ls -l /etc/shadow
    /bin/ls -l /etc/gshadow
    /bin/ls -l /etc/group
    /bin/cat /etc/shadow | /bin/awk -F : '($2 == "" ) { print $1 " does not have a p
    assword "}'
    /bin/cat /etc/passwd | /bin/awk -F: '($2 == 0) { print $1 }'
    =================================================
    Oracle DB Servers
    =======
    grep i account_name /etc/password
    opatch lsinventory -detail
    $ORACLE_HOME/bin/tkprof
    grep default
    $ORACLE_HOME/network/admin/listener.ora
    grep -i HOST
    $ORACLE_HOME/network/admin/listener.ora
    ls $ORACLE_HOME/otrace/admin/*.dat
    grep -i PASSWORD \
    $ORACLE_HOME/network/admin/listener.ora
    ls al $ORACLE_HOME/bin/dbsnmp
    grep 1521 \ $ORACLE_HOME/network/admin/listener.ora
    grep 1526 \ $ORACLE_HOME/network/admin/listener.ora
    grep -i ORCL \ $ORACLE_HOME/network/admin/listener.ora
    grep -i oracle /etc/password
    ls -al $ORACLE_HOME/bin/*
    ls -al $ORACLE_HOME/bin/*
    ls al $ORACLE_HOME
    umask
    ls -al $ORACLE_HOME/dbs/init.ora
    ls -al $ORACLE_HOME/dbs/spfile.ora
    ls -al $ORACLE_HOME/dbs/*
    grep ifile init.ora
    ls -al <result>
    grep -i audit_file_dest init.ora
    ls -al <result>
    grep -i control_files init.ora
    ls -al <result>
    select name from V$controlfile;
    grep -i log_archive_dest init.ora
    ls -al <result>
    ls -al $ORACLE_HOME/network/admin/*
    ls al sqlnet.ora
    grep -i log_directory_client sqlnet.ora
    grep -i log_directory_client sqlnet.ora
    ls -al \ $ORACLE_HOME/network/admin/listener.ora
    grep -i log_file_listener \ $ORACLE_HOME/network/admin/listener.ora
    ls al .htaccess
    ls al dads.conf
    grep i _trace_files_public init.ora
    grep -i global_names init.ora
    grep -i remote_os_authent init.ora
    grep -i remote_os_roles init.ora
    grep -i remote_listener init.ora
    grep -i audit_trail init.ora
    grep -i os_authent_prefix init.ora
    grep -i os_roles init.ora
    grep -i utl_file_dir init.ora
    grep -i log_archive_duplex_dest init.ora
    grep -i LOG_ARCHIVE_MIN_SUCCEED_DEST \ init.ora
    grep -i sql92_security init.ora
    grep -i admin_restrictions listener.ora
    grep -i logging_listener listener.ora
    grep i o7_dictionary_accessibility \ init.ora
    grep -i AUDIT_SYS_OPERATIONS init.ora
    grep i remote_login_passwordfile \ init.ora
    grep i REMOTE_ADMIN cman.ora
    grep -i \ SEC_RETURN_SERVER_RELEASE_BANNER init.ora
    grep -i DB_SECUREFILE init.ora
    grep -i SEC_CASE_SENSITIVE_LOGO init.ora
    grep -i SEC_MAX_FAILED_LOGIN_ATTEMPTS \ init.ora
    grep -i SECURE_CONTROL listener.ora
    grep -i SECURE_PROTOCOL listener.ora
    grep i EXTPROCS_DLLS listener.ora
    grep i ENCRYPTION_SERVER sqlnet.ora
    =============
    files/logs required:
    --------------
    Logs:
    /etc/syslog.conf
    /etc/rsyslog.conf
    /var/account/pact
    /etc/hosts.allow
    /etc/banners
    /etc/issue
    /etc/mail/access
    /etc/sendmail.cf
    /etc/securetty
    /etc/httpd.conf
    /etc/passwd
    /etc/shadow
    /etc/group
    /etc/sudoers
    /etc/login.defs
    /etc/sshd_config
    /etc/chkconfig
    /etc/default/login
    /etc/security/limits.conf
    /etc/hosts
    /etc/sysconfig/sysctl.conf

    Vous aimerez peut-être aussi