Title: Unix Server Security and Auditing
1Unix Server Security and Auditing
by linux-doks.de
2Unix Server Security and Auditing
Security Targets The key security priciples are
- Freedom from risk or danger, safety.
- Freedom from doubt, anxiety, or fear confidence.
- Something that gives or assures safety, as
- A group or department of private guards Call
building security if a visitor acts suspicious. - Measures adopted by a government to prevent
espionage, sabotage, or attack. - Measures adopted, as by a business or homeowner,
to prevent a crime such as burglary or assault
Security was lax at the firm's smaller plant. - Measures adopted to prevent escape Security in
the prison is very tight. - Something deposited or given as assurance of the
fulfillment of an obligation a pledge. - One who undertakes to fulfill the obligation of
another a surety. - A document indicating ownership or creditorship
a stock certificate or bond.
by linux-doks.de
3Unix Server Security and Auditing
Unix Server Security and Auditing
Definition of Security Se-cu-ri-ty
- Installed software should not have any known
high- or medium-risk vulnerabilities - Applicable security patches should be applied to
the software - Configuration should not have any known high- or
medium-risk vulnerabilities - Minimise risk of as-yet unknown vulnerabilities,
only necessary network services should be enabled - New vulnerabilities are discovered over time
therefore this standard must be sufficiently
dynamic to cover future problems - All items in this software standard should be
verifiable - Sometimes it is necessary to deviate from this
standard. A list of dispensations is included,
covering items which have been reviewed and
granted a temporary risk acceptance. Any other
deviations require an individual risk acceptance
to be raised.
by linux-doks.de
4Unix Server Security and Auditing
Security Checks Following possible security
problems are known
- Running unsecure inet / xinetd services like
echo, chargen, telnet, rlogin - Running not generally provided services like
vold, cupsd, lpd - Portmap including NFS shares (except autofs)?
- Executable and FS Protection (Limit SUID
executables, not owned files, world writable
directories except sticky bit)? - Accounts (Password expiring (except batch user),
not accessed accounts, no passwd) - SSH (Disabled root login (except golden host),
using SSH version2 only)? - Network (IP forwarding, Ignoring Broadcast ICMP
Echo requests, disabled source routing)? - Central logging hosts (just implemented with
Syslog-ng Server)? - Up2date of all systems
- Existing core files
- Boot loader passwords (grub)?
by linux-doks.de
5Unix Server Security and Auditing
Host based Security and Auditing Tools Host base
Security and Auditing Tools to be considered
- Client only system
- Tripwire (Data integrity checker)?
- Aide (Data integrity checker)?
- Logsurfer (Real-time protocol checker)?
- Logwatch (Protocol analysis tool)?
- Tiger (Security audit and intrusion detection
system)? - Snare (Process and kernel monitoring)?
- Server/Client system
- Samhain/Yule (Security audit and intrusion
detection system)?
by linux-doks.de
6Unix Server Security and Auditing
Security and Auditing Tools Requirements
Contemplable Tool TIGER
by linux-doks.de
7Unix Server Security and Auditing
Overview Tiger
- Start on every client once per hand (security
audit) or via cron in calculated time intervals
(intrusion detection system)? - Client only system
- Runs on several UNIX derivates (AIX, HPUX, IRIX,
Linux, NeXT, SunOS, Tru64)? - Check of diskless clients possible (via check of
manager system)? - About 40 different checks (user, files, services,
network)? - Output optional as text or html
- Build of own modules possible
- Separately call of Tripwire and/or Aide
by linux-doks.de