Greetings. My employer has purchased a smaller company which has two servers running RHEL 5.1. As part of the M&A process, we need to do a security review on these RHEL systems. While we have some people with some past unix experience, it's not current and certainly not in RHEL. The other company purchased the systems turnkey from a vendor, and they have even less RHEL administration experience than our IT team. Can you point me to some good resources which outline a proper security review for a RHEL installation? We are, of course, aware of the obvious things such as strong password controls (using PAM, apparently), making sure that the systems don't have listeners on unused ports (netstat -tunap), and the like. But, like all systems, there must be nuances that would escape the naive person. Any directions to reliable resources will be appreciated. Thank you. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
