[SECURITY-L] The Unix Auditor's Practical Handbook

Daniela Regina Barbetti Silva daniela em ccuec.unicamp.br
Qua Nov 13 09:40:56 -02 2002 

----- Forwarded message from "K. K. Mookhey" <cto em nii.co.in> -----

From: "K. K. Mookhey" <cto em nii.co.in>
Subject: The Unix Auditor's Practical Handbook
To: <secpapers em securityfocus.com>, <bugtraq em securityfocus.com>,
	<focus-linux em securityfocus.com>, <focus-sun em securityfocus.com>,
	<COBIT-L em share.isaca.org>, <audit-l em list.auditnet.org>,
	"Amjad Malik" <amjadm em hblpk.com>
Date: Tue, 12 Nov 2002 18:45:01 +0530
X-Mailer: Microsoft Outlook Express 5.50.4920.2300


==============================================
            "The Unix Auditor's Practical Handbook"
                    http://www.nii.co.in/tuaph.html
                                          by
                                K. K. Mookhey
                Network Intelligence India Pvt. Ltd.
                            http://www.nii.co.in
==============================================


We at Network Intelligence India Pvt. Ltd. have written a document on unix
auditing called "The Unix Auditor's Practical Handbook", which is available
for download from our website http://www.nii.co.in/tuaph.html

The idea behind this is to present a step-by-step practical guide to
auditors when carrying out a Unix Audit. It mostly covers Sun Solaris
systems, but it has cross-references for AIX and Linux.
It details the auditing procedure right from the moment you enter the
client's server room, to running the automated auditing tools.

It covers the following areas of an Audit:
1. Preliminary Steps
2. Documentation
3. Physical Security
4. Operating System Security
5. Network Security
6. Filesystem Security
7. User and Group Security
8. Sun Built-in Auditing
9. Backup and Emergency Response
10. Automated Auditing Tools
11. References

We have kept the focus on the practicality of conducting an audit, providing
the reader with the commands, filenames, tools, and techniques for carrying
out the
audit.

It is also useful for security administrators, who might be looking to
implement security on their Unix Servers.

Please send all feedback to unix em nii.co.in

Sincerely,
K. K. Mookhey
CTO
Network Intelligence India Pvt. Ltd.
Tel: 91-22-22001530, 22006019
Email: cto em nii.co.in
Web: www.nii.co.in

============================================================
The steps carried out as part of this document are already present in our
automated Unix auditing tool:
AuditPro for Unix:
http://www.nii.co.in/software/apunix.html
============================================================




----- End forwarded message -----

Mais detalhes sobre a lista de discussão SECURITY-L