I’m just back from the last ISACA Belgian Chapter meeting. Topic of today was about the UNIX OS security audit process. A very large topic! The speaker was Sanjay Vaid.
For years now, Linux is deployed in business environment. Linux systems can take several forms: applications servers (print, files, web, mail) but also firewalls, routers, identity management or storage servers! Other UNIX servers (commercial versions) are deployed to run large applications like relational databases, ERP, CRM, …). That’s why, in a correct governance process, UNIX systems must be audited. To perform an audit, it’s important to define the scope. Even more in this case where they are so many different usage of UNIX/Linux.
ISACA proposes a document (available for free to ISACA members and available against a few bucks for the others). This document was covered today by Sanjay’s presentation. With a huge background of several UNIX flavors, l expected a great event.
Unfortunately, let’s start with a negative point, IMHO the document provided by ISACA is too old to cover the more recent UNIX features. Example: it still contains references to very old configuration files like /etc/hosts.equiv used by the r* deprecated commands (rsh, rcp, rlogin). On the other side, now to defend the document, it does not attempt to cover all the technical aspects of the operating system and is much more a “roadmap”. The target audience of this document is clearly the auditors who will do their job and grab useful information from the system administrators!
During the event, more and more questions and discussions raised. Lot of interesting topics. I was pleasantly surprised of the interest for UNIX audits!
To close the event, I received a five-minutes time window to present the BruCON event!