1. We must log in to the system using account root, then :
a. Check Operating System Name, Host and Time System
b. Check Finger Users :
- root
- system
- ftp
- send mail
- bin
- apache
- guest
- O
c. Check this files :
- cat /etc/inittab
- cat /etc/passwd
- cat /etc/shadow or cat /etc/security/passwd
- cat /etc/group
- cat /etc/crontab
- cat /etc/rc.local
- cat /etc/motd
- cat /etc/inetd.conf
- cat /etc/rc.nfs
- cat /etc/rc.tcpip
d. Check Network Configuration
- ifconfig –a
- netstat –an
- netstat –rn
2. Do trial for Security System :
a. Do check to see if system run in safe condition. Whether password / etc /
passwd in enkrip in file. / etc / security / passwd
b. Check to assure that all users have the password
c. If the auditing program is run (enable). Check file /etc/security/audit
/events
d. Do check the permissions of the files below are already set in true :
- -rw-rw-r-- root system /etc/filesystems
- -rw-rw-r-- root system /etc/hosts
- -rw------- root system /etc/inittab
- rw-r--r-- root system /etc/vfs
- -rw-r--r-- root system /etc/security/failedlogin
- -rw-rw---- root audit /etc/security/audit/hosts
3. Perform security testing account :
a. Check configuration password: file /etc/security/login.cfg,use this parameter:
- pass_max_days
- pass_min_days
- pass_min_length
b. Identification of all accounts do have rights as a System Administrator
grep :0: /etc/passwd
c. Attention to the list of user accounts and verify whether a user is not active
still present in existing systems by comparing the user with the passwd file
created by Sigit
