| About Blog Cheatsheets Defense Links Offense |
| Defense |
| Architecture Authorities Concept Forensic Introduction ITlawCH Malware Management Measures Methods Network Policy Risks Rules Threats Unix Linux Windows |
Unix Linux
|
General Information system information (IP, DNS-name, OS, patchlevel), use of server and special configurations (/etc) |
|
Trust Relationship /etc/hosts.equiv and /etc/lp.equiv, /etc/hosts.allow and /etc/hosts.deny |
|
Login and Password Policy shadowing passwords, guestaccounts, password policy (requests for lenght and quality), integrity of passwordfiles, password cracking, group administration (systemgroups, wheel group, passwords on groups), SSH-keys |
|
Patches organisation of patch-administration and -installation, patchlevel up-to-date |
|
Standard Services rights and configuration of started services, NFS, NIS/YP, FTP, telnet, X11, sendmail, websoftware, firewallsoftware, other services |
|
Filesystemsecurity SUID-programs, SGID-programs, world-writable-files and -directories, shellscripts, maildirectories, files in /etc, filepermissions in /dev and /root, use of monitoring-tools |
|
Actual Systemconfiguration current processes, environment variables, network configuraiton (resolve.conf, hosts.conf, nsswitch.conf) |
|
TCP/IP-Kernelconfiguration security-relates kernelparameters (/etc/sysctl.conf) |
|
User Security passwort policy (requests for lenght and quality), analysis of .rhosts and .netrc-files, analysis of file .Xautority, file- and directory permissions, variable umask, use of quota |
|
Logging, Accounting and Auditing use of power- and super-users, loggingrules for syslogd and use of loghosts, inspection of logfiles, |
|
Remote Administration encryption (openssl), use of SNMP, security of teleworker-computers (and notebooks), remote access (openssh) |
|
Booting, Startup Scripts and Automated Tasks boot-process, intervention possibilities, startup-scripts, cron-jobs |
|
Hardening Linux SE, PaX, grsecurity, apparmor, tomoyo, tcpwrappers, hardened apps (PHP, Python, Java, C, ...), tripwire, snort, memory protection, chrooting/jailing, application firewall |
|
Encryption LUKS, encFS, ecryptfs, dmcrypt, truecrypt |
|
Other databases, terminal services, web (apache), FTP, DNS, file and print |