What is the best way to do Enterprise audit of linux server environment ?
One of our customers is looking at enterprise audit of their data center (primarily consists of Linux servers)
We suggested them towards a SNMP based tool that has some limitations. Any other recommendation is welcome...
SNMP has many, MANY limitations, not the least of which is that it might not be configured and running on the host(s) you're going to scan. Want to know how to do a decent audit? Simple...sit someone down, have them log into EVERY box, and look at things. Pull up the hardware info, kernel level, authentication file(s) (password/shadow), and look at permissions on key security points. Check CRON jobs/scripts. Port scan EVERY box, to see what services are running, then check those services to see if they're secured with TCP wrappers, IP tables, etc. Then go and PHYSICALLY LOOK at each box, and confirm that there aren't hardware devices present, that don't show up, or are powered off.
An audit is a complex task, and there are many schools of thought and guides to help you along. SNMP would be so low on a list, that I'd not even consider it, except for VERY basic info.
|All times are GMT -5. The time now is 12:32 AM.|