Auditing Your Unix and Linux Operating Systems: A Practical Audit Program for IBM AIX and SUN Solaris Servers
UNIX and LINUX operating systems are widely used in large processing environment like financial institutions (banks and insurance companies), telecoms, warehousing and distribution and the internet. It is important to note that more than 90% of internet servers runs on either UNIX and LINUX systems. Due to high end multitasking and multi-user capacity of the operating system as well as the resilience of the environment to carter for high volumes of processing, UNIX and LINUX systems are very popular in interconnected systems and environments. Open source LINUX has found is usability and acceptability on the internet environment while Android (a UNIX flare) has become the most popular and widely used mobile operating system in the world. As vital as UNIX and LINUX are to our lives and the industries were they are used, they also come with vulnerabilities inherent in the system as well as those arising from mis-configuration of the system. Hence, it is important for us to look at some of these vulnerabilities and risks associated with the UNIX and LINUX operating systems and how they can be mitigate to ensure optimal system performance and security of information assets running on these environments. The objective of this book is to evaluate the adequacy, effectiveness and efficiency of controls in place to minimize the risk of unauthorized access, disclosure of classified information and minimize system disruption.
The audit program covers security and administration of UNIX operating systems with particular focus on IBM AIX and SUN Solaris servers well as Red Hat LINUX OS. The following areas or aspects of the operating system and process controls will be reviewed and extensively discussed.
• Policies, procedures and guidelines for UNIX system administration.
• Logical access controls (user profile and privilege management).
• Patch management.
• System support and change management.
• Organization and Administration.
• Installation Audit.
• Operating Policies and Procedures.
• Systems Administration.
• System Security.
• Account Security (Logical Access control).
• Password Security.
• Network Security.
• Batch Jobs and Log File Security.