Here are a few guides guides.
NSA hardening guide for RHEL5
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
RedHat's hardening guide for RHEL5
http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf
CentOS(exact clone of RHEL5) Guide.
http://wiki.centos.org/HowTos/OS_Protection
David.
On Oct 8, 2009, at 12:59 PM, Able Baker wrote:
Greetings. My employer has purchased a smaller company which has
two servers running RHEL 5.1. As part of the M&A process, we need
to do a
security review on these RHEL systems. While we have some people
with some
past unix experience, it's not current and certainly not in RHEL.
The other
company purchased the systems turnkey from a vendor, and they have
even less
RHEL administration experience than our IT team.
Can you point me to some good resources which outline a proper
security
review for a RHEL installation? We are, of course, aware of the
obvious
things such as strong password controls (using PAM, apparently),
making sure
that the systems don't have listeners on unused ports (netstat -
tunap), and
the like. But, like all systems, there must be nuances that would
escape
the naive person.
Any directions to reliable resources will be appreciated.
Thank you.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
