[Leaplist] Security Audit Advice
John Kramer
jakramer at ascenditsolutions.com
Mon Dec 17 13:35:14 GMT 2007
Aaron,
Lots of great of advice for securing the linux box. You also need to
consider the web application istelf and possible vulnerabilities there. I'm
in a similar situation and have been utilizing ScanAlert scanning service -
which I find to be a high value proposition. However, maybe the group here
is aware of a very comprehensive suite of web app scanning scripts that are
up to date and agressively maintained.
I'm assuming worst case in which you have publicly exposed web services.
John
-----Original Message-----
From: leaplist-bounces at leap-cf.org [mailto:leaplist-bounces at leap-cf.org] On
Behalf Of Aaron Morrison
Sent: Friday, December 14, 2007 10:01 PM
To: This is the Leap Main List
Subject: Re: [Leaplist] Security Audit Advice
On 14 Dec 2007, at 20:40, Aaron Morrison wrote:
> Ok.
>
> Looks like I may have a small gig doing a security audit for a
> company.
>
> Other than port scanning (which will be authorized, BTW), checking
> running services/processes, checking usernames, and the odd setuid
> root app, what kinds of things should a good audit be checking for?
>
> Opinions? Tool recommendations?
>
> --am
Oh yeah, this is a colocated Linux box[en] running web services.
--am
_______________________________________________
Leaplist mailing list
Leaplist at leap-cf.org
http://lists.leap-cf.org/mailman/listinfo/leaplist
More information about the Leaplist
mailing list