Checklist

Checklist - courtesy of AusCERT

Based on AusCERT UNIX and Linux Security Checklist v3.0 current as of 2008.06

There are various sections of the checklist dependent on Management practises, those are ignored and the specific host items are listed below.

B. Installation

Incorporated into the build documentation

C. Apply all Patches and Updates

Double edged sword, as there are no guarantees that post-release patches do not introduce further problems of their own.

Major releases historically seem to have had more man and machine resources provisioned for the testing cycle, and subsequently gain a broader ‘verification’ assessment on live customer sites. Patches, by their own release cycle do not gain the same level of testing and corner cases not tested during development can be the cause of serious damage for users.

D. Minimise

Security through simplicity.

The foundation of border control is that only trusted users are allowed on the “wall.” This minimal level of security is mandatory to securing services in a practical manner.

D.1 Minimise network services

Audit: scanning all network interfaces

D.2 Disable all unnecessary startup scripts

Audit: scanning all network interfaces

D.3 Mimimise SetUID/SetGID programs

Audit: scanning all network interfaces

D. 4 Other minimisations

E. Secure Base OS

E.1 Physical, console and boot security

Because the server is physically secured, the situation where physical access to the box is necessary generally implies an authorised user with a task that cannot be remotely completed.

Console access is required.

E.2 User Logons

Note when disabling accounts

E.2.2 Special Accounts
E.2.3 Root Account
E.2.4 PATH advice
E.2.5 User session controls

E.3 Authentication

E.3.1 Password Authentication
E.3.2 One-time passwords
E.3.3 PAM Pluggable Authentication Module
E.3.4 NIS / NIS+

Kill all occurrences.

E.3.5 LDAP

N/A

E.4 Access Control

E.4.1 File Permissions
E.4.2 Filesystem attributes
E.4.3 Role Based Access Control
E.4.4 sudo

E.5 Other