AIX Audit Program.docx
- 文档编号:2479026
- 上传时间:2022-10-30
- 格式:DOCX
- 页数:13
- 大小:22.26KB
AIX Audit Program.docx
《AIX Audit Program.docx》由会员分享,可在线阅读,更多相关《AIX Audit Program.docx(13页珍藏版)》请在冰豆网上搜索。
AIXAuditProgram
AIXCHECKLIST
By:
FrankW.Lyons
PresidentofEntellusTechnologyGroup,Inc.
407-774-8397
EntellusFL@
I.PreliminarySteps
A.Obtainanorganizationalchartofthegroupresponsiblefortheoperatingenvironment.
B.Obtainanyexistingsecurityandcontrolprocedures
C.Obtainadescriptionofthenetworkconfiguration
D.Obtainalistingofthevarioussystems(applications)supportedbytheoperatingsystem
E.ObtainajobdescriptionoftheSystemAdministrator
II.InstallationAuditSteps
A.Reviewanydesigncriteriaforsystemsecurity.
B.Determinewhethertheuseraccessiscontrolledthroughtheoperatingsystem,thedatabasemanagementsystem,ortheapplicationfront-endmenusystem.
C.Determinewhatdocumentationstandardsexistandwhethertheyarebeingfollowed.
D.DeterminewhoactsastheSecurityAdministratorfortheoperatingenvironment.
E.Determinethestandardsforpasswordmanagementandconstruction.
F.Reviewanyexistingsecurityguidelinesforusers,groups,andfunctions.
III.PhysicalSecurity
A.Reviewthenetworkconfigurationtoensurethatallnetworkcomponentsarephysicallysecured.
TheseincludeFileServers,Bridges,Routers,Hubs/Concentrators,Gateways,TerminalServers,andModems.
B.Determinewhoisresponsibleandwhatdocumentationisrequiredforconfigurationchangestothephysicalnetwork.
Aretheseprocedureseffective?
Arethechangestothenetworkdocumented?
Areusersandotherimpactedpartiesproperlynotified?
C.EnsurethatonlytheSystemAdministratororotherauthorizedpersonnelhavephysicalaccesstothefileserverconsoleasthesystemcanberebootedfromthe‘A’driveandanewrootpasswordcanbesupplied.
IV.SystemAdministration
A.IdentifyalltheSystemAdministrators.
$grep:
0:
/etc/passwd
B.Determinethateachadministratorrequiresthislevelofauthority.
C.Determinethechangecontrolproceduresoverchangestousers,programs,menus,authorities,userscripts,hardwareandsystemsoftware.
D.Determinethattheproperpersonorgroupisresponsibleformonitoringthenetworkthatsupportthefileserver.
E.Determinethattheproperpersonorgroupisresponsibleforsystemshutdownandbackups.
F.DetermineiftheSystemAdministratorissupportedbyabackuporataminimumtheiruserid/passwordarekeptinasecuredlocationincaseofanemergency.
G.Determinewhoisresponsibleformaintaininglicenseagreementsandifallagreementsarebeingmet.
V.SystemSecurity
TheSystemAdministrator’sinterfacefortheAIXsystemistheSystemManagementInterfaceTool(smit).
Youcaninvokesmitbykeyingsmitattheoperatingsystemprompt.
A.DuringtheinitialinstallationdidtheSystemAdministratorcreateauditchecksumfiles.ThesefileswillallowtheSecurityAdministratortoverifythatnochangeshavebeenmadesincetheinstallationofthesystem.
Theauditchecksumfilesshouldcontainasingle-lineentryforeachfilehavingthefollowinginformation:
(See/etc/security/sysck.cfg)
fieldcomments
aclcontainsbothbaseandextendedaccesscontrollistdataforthefile
classalogicalgrouptowhichthisfilebelongs
pathnameAbsolutepathname
ownerEthersymbolicornumericID
groupEithersymbolicornumericID
modeSymbolicrepresentationasdisplayedbythels-lcommand
sizeSizeofthefileinbytes.Majorandminornumbersarelistedfordevices
linksNumberofhardlinkstopathname
versionNumericvalue,reportedbywhat
(1).
checksumFilecontentscomputedbyachecksumalgorithm.Thisfieldreflectsthe
slightestchangetoafile,evenasinglecharacter.
symlinksIndicateswhetherthefilehassymbolicorhardlinks
programtheassociatedcheckingprogram
sourcethesourcefileforthisfile
typethetypeoffile
Producingthesefilesshouldbeasimpletask.Theresultingfilesshouldresideinasecureddirectory.
Dynamicsecurityroutinesshouldberunonaperiodicbasistoensurethatthesecriticalfileshavenotbemodifiedwithoutproperapproval.
B.Determineifthesystemisrunninginasecured(trusted)mode.
/etc/security/passwdForthepasswordfile
Atrustedenvironmentformatstheprimarypasswordfile’sencryptedpassword/etc/passwdtothe/etc/security/passwdfileandreplacesthepasswordfieldinthe/etc/passwdwithan‘!
’.
Inaddition,itforcesallusertousepasswords,createsanauditIDnumberforeachuser,setstheauditflagonforallexistingusers,andconvertstheat,batch,andcrontabfilestousethesubmitter’sauditID.
C.Determineifauditinghasbeenenabled.Usethefollowingfiletolookatdefinedauditevents:
/etc/security/audit/events
Determineifminimalsetofauditableeventsisbeingrecorded.
Auditingisenabledbyentering/etc/auditstart
FilesusedbyAudit
/etc/security/audit/configconf
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- AIX Audit Program
![提示](https://static.bdocx.com/images/bang_tan.gif)