On Wed, 28 Nov 2001, tony toni wrote:
> (1) Does anyone know where I can quickly get my hands on some high quality, > concise security standards/templates/checklists? for each Unix *flavor*? Check SANS. http://www.sans.org. They have checklists for Solaris and Linux that I know of and probably more. > (2) What about good books/sites on Unix Security? Most of the vendors have good OS specific books on security, but most of the security concepts for one UNIX flavor apply to another. I suggest starting with the following: Practical UNIX and Internet Security, Second Edition (O'Reilly) > (3) What about user friendly software tool(s) that I can periodically use > to audit the Unix boxes for compliance to the new security standards I > developed? You've got me there. Since your standards will not be like everyone elses, I would not expect any canned compliance tool would be capable of doing what you ask. It might be best to either take one of the existing UNIX auditing scripts and modify it to fit your needs. Regards, -- Joseph W. Shaw II Network Security Specialist/CCNA I'd have consumer confidence if I still had a job. Hire me.
