Unix Audit & Security Course

Topics covered on the 2 day Unix Audit & Security course

Introduction To Audit & Security

• Audit & Security
• Security
• Audit
• Checklist-Based Auditing
• Risk-Based Auditing
• Audit Plan
• Check Lists
• DISA Database STIG
• NIST
• The Big Picture

Access Control

• Intrusion Prevention
• Intrusion Detection
• Secure Data Storage
• Secure Data Access
• UNIX Deployment Model

Introduction To UNIX

• History Of Unix
• Unix Features
• Unix System V
• Standards
• UNIX Architecture
• UNIX Standards
• Product Standards
• Application Programming Interface
• Commands & Utilities
• Operating System Versions
• Solaris
• HP-UX
• AIX
• IRIX
• Linux
• Patch Levels

UNIX Startup & Shutdown

• Power On
• Kernel Processes
• init
• System V
• BSD
• Changing Run Levels
• Changing run levels with init
• Graceful Run Level Changes
• Quick Shutdown
• Firmware
• boot to Single User Mode
• Start Solaris Installation
• boot From alternative boot disk
• Emergency boot From CDROM

Access Control

• Managing Logins
• Login Processes
• Local Login
• (‘Old’ System V – up to Sys V Rel 3)
• (‘New’ System V – from Sys V Rel 4)
• (BSD Unix)
• Network Login
• Accepting a login name
• Logon Banners

Creating & Maintaining User Accounts

• /etc/passwd
• /etc/shadow
• useradd
• The group file
• The Shells
• Customising User Environments - Initialisation Scripts
• Password Management
• Lock A User Account
• The root Account
• Restricting Root Access
• Encrypting Root Network Access
• Reserved User Accounts
• Single-User Mode
• Multi-User Mode
• Shared User Accounts
• Duplicate User ID Accounts

System Security

• Usernames & Passwords
• /etc/passwd and /etc/shadow
• Password Ageing
• Login Control with /etc/default/login
• Switching User with su
• su Control with /etc/default/su
• Limiting The Number Of Failed Login Attempts
• Setting Minimum Password Length
• Password Character Mix
• Password Repeating Characters
• Standard File & Directory Permissions
• File & Directory Permissions
• Special Permissions SUID & GUID
• Access Control Lists

Process Management

• Processes Overview
• Parent & Child
• Killing Application Processes
• Changing Process Priorities
• Changing Priority of Running Processes With renice

Scheduling & Job Control

• Delayed Execution with the at Command
• Restricting Access To at
• Cron
• Restricting Access To cron
• Logging

Disk Management

• Partition and Volume Group Layout
• Disk Layout
• Solaris Partitions & Slices
• Device Files
• Logical Device Names
• RAID
• Physical Device Names
• UNIX File Systems
• Traditional UNIX Filesystem
• Journaled File Systems
• Mounting a Filesystem
• Unmounting a File System
• Mounting At Boot Time
• Traditional File System Corruption
• File System Checking With fsck
• NFS File Systems
• RAM Based File Systems
• Swap Management

Backing Up

• Backup Media
• Why Backup?
• Backup Types
• Full Backup
• Incremental Backup
• Partial Backup
• Backing Up With tar
• Absolute and Relative Paths
• Image Copying With dd
• Backing Up With cpio
• Backing Up With dump
• Dump Levels

Network Services

• TELNET
• Secure Shell
• FTP
• Restricting FTP access
• Anonymous FTP
• Secure FTP
• The R Commands
• Host-Level Security with /etc/hosts.equiv
• User-Level Security with .rhosts
• The rlogin Command
• The rcp Command
• The rsh & rcmd Commands

UNIX Vulnerabilites

• Intrusion Detection
• Network Services
• /etc/inetd.conf
• /etc/hosts.allow
• Denial Of Service Attacks
• Trojan Horses, Viruses & Worms
• Vi Editor
• .exrc
• Shell Escapes
• Set user ID programs
• Booting from CD
• File System Ownership & Permissions
• File system Corruption
• Startup and Shutdown Scripts
• UNIX services
• Network Service User Equivalence
• Backup storage
• System Clock

UNIX Auditing

• The find command
• The grep command
• The who command
• The last command
• The ps command
• System Accounting