Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Auditing Script

Status
Not open for further replies.
jkc924

jkc924

MIS
Aug 5, 2002
35
US
Hi Guys,

Aix emergency...
Does anyone have a script to do security reporting for auditors on who can do what, what security levels are set at, etc? Found out today they want reporting on all 60 of my servers asap and I would really like to have something I can load on each one, run it and it would gather all the information they need.

Thanks in advance for any help you can give me..

Judy
 
Sort by date Sort by votes
hi ,

This isn't straight forward , it depends what is running on your system , and what services are required you can do simple checks such as running :-

usrck -n ALL
grpck -n ALL
pwdck -n ALL

find / -type f -perm 0666 -print ( you can do directories , files with suid ) and get a list

check permissions of /etc files i.e. passwd inetd.conf syslog.conf inittab sendmail.cf ( may be in /etc/mail onnew version )

if you are using nfs check exports files , what is being exported

find / -name ".rhosts" -print
( see who has .rhosts set and do they need it
also .netrc

These are some of the basic checks you can run , as you probably can gather the output can be huge depending on what is running on your system

Other checks you can run and if necessary turn off but requires a more investigation are:-


1. are you using SSH if so can you turn off telnet,ftp

2. what services can be stopped that are not being used i,e
lssrc -a
check /etc/rc.tcpip see which ones can be turned off if so insert a comment

3. run netstat -af inet
check which services are listening can you turn off timed,talkd.daytime etc..

4. Do you use the r commands and need them if not can
you cange permissions say to 444 e.g
chmod 444 /usr/bin/remsh
chmod 444 /usr/bin/rlogin
chmod 444 /usr/bin/ruptime
chmod 444 /usr/bin/rwho
chmod 444 /usr/sbin/rexecd
chmod 444 /usr/sbin/rlogind
chmod 444 /usr/sbin/rshd
chmod 444 /usr/sbin/rwhod
chmod 444 /usr/bin/rcp
chmod 444 /usr/bin/rdist
chmod 444 /usr/bin/rexec
chmod 444 /usr/bin/rsh

so users cannot run them

5. Do you allow users to login direct to servers or have individual accounts then can su to root ?

these are just some of the things you can check , and scripting the first bit about permissions is straight forwared but it depends on how you would solve the issues all depending on whether the application requires them or not

HTH
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

omonoiatis9
  • Locked
  • Question
Create Graphical script in AIX guide
Replies
0
Views
82
omonoiatis9
omonoiatis9
brittcams
  • Locked
  • Question
Need help with this script please 1
Replies
1
Views
88
w5000
w5000
pravin4batman
  • Locked
  • Question
Script to run a program and generate a text file from AIX
Replies
6
Views
150
pravin4batman
pravin4batman
sjcrane
  • Locked
  • Question
KSH script please help
Replies
4
Views
93
sjcrane
sjcrane
sjcrane
  • Locked
  • Question
Need help creating ksh script
Replies
1
Views
73
TSch
TSch

Part and Inventory Search

Sponsor

Back
Top