Look into SELinux, it runs on all RHEL5 servers but probably is not set to enforcing. You can set it to permissive mode(if it isn't set to enforcing already) without disturbing anything and watch the security logs. It will start spitting out potential security vulnerabilities. This should give you a starting point into your review. http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf The guide above will give you info into securing just about anything in RHEL5. I hope this helps. Regards, Michael Ward Redhat Linux Administrator Metro State College of Denver 303-352-4225 -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Able Baker Sent: Thursday, October 08, 2009 2:00 PM To: redhat-list@xxxxxxxxxx Subject: Guidelines on Security Audit Greetings. My employer has purchased a smaller company which has two servers running RHEL 5.1. As part of the M&A process, we need to do a security review on these RHEL systems. While we have some people with some past unix experience, it's not current and certainly not in RHEL. The other company purchased the systems turnkey from a vendor, and they have even less RHEL administration experience than our IT team. Can you point me to some good resources which outline a proper security review for a RHEL installation? We are, of course, aware of the obvious things such as strong password controls (using PAM, apparently), making sure that the systems don't have listeners on unused ports (netstat -tunap), and the like. But, like all systems, there must be nuances that would escape the naive person. Any directions to reliable resources will be appreciated. Thank you. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
