Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-28-2010, 12:20 PM   #1
Registered: Jul 2003
Location: Cairo, Egypt
Distribution: CentOS, RHEL, Debian, FreeBSD
Posts: 94

Rep: Reputation: 38
Lightbulb Assessing and auditing a server

Greetings folks,

In 2 weeks, I will be handed over 8 servers, each one hosts around ~3 virtual machines, which will make them a total of around ~24 servers. And part of my initial responsibility is to make sure that these servers are secured and ready for me to look after.

My question is, what are the best procedures (or as I will call it "checklist") to assess and audit each server, and be 100% sure that the server doesn't have a rootkit and everything is secured.

Any advice is EXTREMELY appreciated, and thanks in advance.

Last edited by barghota; 12-28-2010 at 12:23 PM.
Old 12-28-2010, 06:29 PM   #2
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599
Given the amount of information available the best and worst answer IMHO is "it depends". There are more than a few organizations that provide security documentation ranging from methodologies (OSSTMM, SOMAP) and policies (SANS: Information Security Policy Templates) to NIST guidelines and CISecurity benchmarks and "Zen-like" mantra's like OWASP's "proven application security principles" everyone should memorize. Also do not forget the distribution security documentation.

How you go about using available information to your advantage in practice depends on more than a few factors: for instance in some cases management considerations like time constraints (look for quick wins) might overrule extensive auditing while in other cases compliance with government or industry-mandated rules and regulations will be leading. It matters how heterogeneous your server park is in terms of OSes and services, if these setups are pristine or previously maintained, what their maintenance level is, what usage they saw and if non-standard components were added. Server security and maintenance is not only about "rootkits" and saying "everything is secured" but also taking into account the cost of (unexpected) downtime in terms of business loss for the company, knowing your (line of) business is susceptible to specific threats, if service level agreements are in place, knowing how to guarantee continuity et cetera.

The best way IMHO is to start not by doing stuff but by reading documents, gathering requirements, creating a plan and after that choosing your tools. If you post details wrt machine use and services and what your level of security knowledge is it could make making recommendations more efficient.
1 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
rhel5 server auditing abti Linux - Security 6 09-20-2010 07:30 AM
hardening \ securing \ auditing a linux server account Networking Linux - Security 15 09-22-2009 07:00 PM
hardening \ securing \ auditing a linux server account Networking Linux - Security 4 08-06-2009 01:20 PM
Linux Server Auditing mshajan Linux - Software 1 05-05-2005 01:37 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:50 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration