Scribd
Upload
334 views

Linux Audit Check List

The document contains a list of commands to check system configurations and software installations on Linux servers. It includes commands to check filesystem usage, network configurations, software versions, service statuses, password policies, log files, access controls and security settings. It also lists files and directories that contain important configuration information and logs.

Uploaded by

scorpiyanz
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
334 views

Linux Audit Check List

The document contains a list of commands to check system configurations and software installations on Linux servers. It includes commands to check filesystem usage, network configurations, software versions, service statuses, password policies, log files, access controls and security settings. It also lists files and directories that contain important configuration information and logs.

Uploaded by

scorpiyanz
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

Commands:

=====================================
df -h
echo $PATH
grep /tmp /etc/fstab
grep /var/log /etc/fstab
grep /var/log/audit /etc/fstab
uname -r
cat /etc/redhat-release
stat -c "%u %g" /etc/grub.conf | egrep "0 0"
chkconfig --list avahi-daemon
yum list dhcp
yum list openldap-servers
yum list openldap-clients
chkconfig --list nfslock
chkconfig --list rpcbind
yum list bind
yum list vsftpd
yum list httpd
yum list dovecot
yum list samba
yum list squid
yum list net-snmp
/sbin/sysctl net.ipv4.ip_forward
yum list tcp_wrappers
cat /etc/hosts.allow
/bin/ls -l /etc/hosts.allow
grep "ALL: ALL" /etc/hosts.deny
/bin/ls -l /etc/hosts.deny
yum list rsyslog
chkconfig --list syslog
chkconfig --list rsyslog
ls -l /var/log/
grep max_log_file_action /etc/audit/auditd.conf
grep identity /etc/audit/audit.rules
grep logins /etc/audit/audit.rules
grep scope /etc/audit/audit.rules
chkconfig --list anacron
stat -c "%a %u %g" /etc/cron.d | egrep ".00 0 0"
grep "^Protocol" /etc/ssh/sshd_config
grep "^PermitRootLogin" /etc/ssh/sshd_config
grep "^PermitEmptyPasswords" /etc/ssh/sshd_config
grep "^ClientAliveInterval" /etc/ssh/sshd_config
grep "^ClientAliveCountMax" /etc/ssh/sshd_config
grep "^AllowUsers" /etc/ssh/sshd_config
grep "^AllowGroups" /etc/ssh/sshd_config
grep "^DenyUsers" /etc/ssh/sshd_config
grep "^DenyGroups" /etc/ssh/sshd_config
grep "^Banner" /etc/ssh/sshd_config
chkconfig --list iptables
grep pam_cracklib.so /etc/pam.d/system-auth
grep pam_passwdqc.so /etc/pam.d/system-auth
grep "pam_faillock" /etc/pam.d/password-auth
grep pam_unix.so /etc/pam.d/password-auth | grep success=1
grep "pam_faillock" /etc/pam.d/system-auth
grep pam_unix.so /etc/pam.d/system-auth | grep success=1
authconfig --test | grep hashing | grep sha512
grep "remember" /etc/pam.d/system_auth
cat /etc/securetty
grep pam_wheel.so /etc/pam.d/su
grep wheel /etc/group
grep PASS_MAX_DAYS /etc/login.defs
chage --list <user> from user passwd
grep PASS_MIN_DAYS /etc/login.defs
grep PASS_WARN_AGE /etc/login.defs
grep root /etc/passwd | cut -f4 -d:
grep "^UMASK=077" /etc/bashrc
grep "^umask 077" /etc/profile
useradd -D | grep INACTIVE
egrep '(\\v|\\r|\\m|\\s)' /etc/issue
egrep '(\\v|\\r|\\m|\\s)' /etc/motd
/bin/ls -l /etc/passwd
/bin/ls -l /etc/shadow
/bin/ls -l /etc/gshadow
/bin/ls -l /etc/group
/bin/cat /etc/shadow | /bin/awk -F : '($2 == "" ) { print $1 " does not have a p
assword "}'
/bin/cat /etc/passwd | /bin/awk -F: '($2 == 0) { print $1 }'
=================================================
Oracle DB Servers
=======
grep i account_name /etc/password
opatch lsinventory -detail
$ORACLE_HOME/bin/tkprof
grep default
$ORACLE_HOME/network/admin/listener.ora
grep -i HOST
$ORACLE_HOME/network/admin/listener.ora
ls $ORACLE_HOME/otrace/admin/*.dat
grep -i PASSWORD \
$ORACLE_HOME/network/admin/listener.ora
ls al $ORACLE_HOME/bin/dbsnmp
grep 1521 \ $ORACLE_HOME/network/admin/listener.ora
grep 1526 \ $ORACLE_HOME/network/admin/listener.ora
grep -i ORCL \ $ORACLE_HOME/network/admin/listener.ora
grep -i oracle /etc/password
ls -al $ORACLE_HOME/bin/*
ls -al $ORACLE_HOME/bin/*
ls al $ORACLE_HOME
umask
ls -al $ORACLE_HOME/dbs/init.ora
ls -al $ORACLE_HOME/dbs/spfile.ora
ls -al $ORACLE_HOME/dbs/*
grep ifile init.ora
ls -al <result>
grep -i audit_file_dest init.ora
ls -al <result>
grep -i control_files init.ora
ls -al <result>
select name from V$controlfile;
grep -i log_archive_dest init.ora
ls -al <result>
ls -al $ORACLE_HOME/network/admin/*
ls al sqlnet.ora
grep -i log_directory_client sqlnet.ora
grep -i log_directory_client sqlnet.ora
ls -al \ $ORACLE_HOME/network/admin/listener.ora
grep -i log_file_listener \ $ORACLE_HOME/network/admin/listener.ora
ls al .htaccess
ls al dads.conf
grep i _trace_files_public init.ora
grep -i global_names init.ora
grep -i remote_os_authent init.ora
grep -i remote_os_roles init.ora
grep -i remote_listener init.ora
grep -i audit_trail init.ora
grep -i os_authent_prefix init.ora
grep -i os_roles init.ora
grep -i utl_file_dir init.ora
grep -i log_archive_duplex_dest init.ora
grep -i LOG_ARCHIVE_MIN_SUCCEED_DEST \ init.ora
grep -i sql92_security init.ora
grep -i admin_restrictions listener.ora
grep -i logging_listener listener.ora
grep i o7_dictionary_accessibility \ init.ora
grep -i AUDIT_SYS_OPERATIONS init.ora
grep i remote_login_passwordfile \ init.ora
grep i REMOTE_ADMIN cman.ora
grep -i \ SEC_RETURN_SERVER_RELEASE_BANNER init.ora
grep -i DB_SECUREFILE init.ora
grep -i SEC_CASE_SENSITIVE_LOGO init.ora
grep -i SEC_MAX_FAILED_LOGIN_ATTEMPTS \ init.ora
grep -i SECURE_CONTROL listener.ora
grep -i SECURE_PROTOCOL listener.ora
grep i EXTPROCS_DLLS listener.ora
grep i ENCRYPTION_SERVER sqlnet.ora
=============
files/logs required:
--------------
Logs:
/etc/syslog.conf
/etc/rsyslog.conf
/var/account/pact
/etc/hosts.allow
/etc/banners
/etc/issue
/etc/mail/access
/etc/sendmail.cf
/etc/securetty
/etc/httpd.conf
/etc/passwd
/etc/shadow
/etc/group
/etc/sudoers
/etc/login.defs
/etc/sshd_config
/etc/chkconfig
/etc/default/login
/etc/security/limits.conf
/etc/hosts
/etc/sysconfig/sysctl.conf

You might also like