Aix Audit Check List
AIX CHECKLIST
By: Frank W. Lyons President of Entellus Technology Group, Inc. 407-774-8397 EntellusFL@aol.com
I. Preliminary Steps
A. Obtain an organizational chart of the group responsible for the operating environment.
B. Obtain any existing security and control procedures
C. Obtain a description of the network configuration
D. Obtain a listing of the various systems (applications) supported by the operating system
E. Obtain a job description of the System Administrator
II. Installation Audit Steps
A. Review any design criteria for system security.
B. Determine whether the user access is controlled through the operating system, the database management system, or the application front-end menu system.
C. Determine what documentation standards exist and whether they are being followed.
D. Determine who acts as the Security Administrator for the operating environment.
E. Determine the standards for password management and construction.
F. Review any existing security guidelines for users, groups, and functions.
III. Physical Security
A. Review the network configuration to ensure that all network components are physically secured.
These include File Servers, Bridges, Routers, Hubs/Concentrators, Gateways, Terminal Servers, and Modems.
B. Determine who is responsible and what documentation is required for configuration changes to the physical network.
Are these procedures effective?
Are the changes to the network documented?
Are users and other impacted parties properly notified?
C. Ensure that only the System Administrator or other authorized personnel have physical access to the file server console as the system can be rebooted from the ‘A’ drive and a new root password can be supplied.
IV. System Administration
A. Identify all the System Administrators.
$grep :0: /etc/passwd
B. Determine that each administrator requires this
By: Frank W. Lyons President of Entellus Technology Group, Inc. 407-774-8397 EntellusFL@aol.com
I. Preliminary Steps
A. Obtain an organizational chart of the group responsible for the operating environment.
B. Obtain any existing security and control procedures
C. Obtain a description of the network configuration
D. Obtain a listing of the various systems (applications) supported by the operating system
E. Obtain a job description of the System Administrator
II. Installation Audit Steps
A. Review any design criteria for system security.
B. Determine whether the user access is controlled through the operating system, the database management system, or the application front-end menu system.
C. Determine what documentation standards exist and whether they are being followed.
D. Determine who acts as the Security Administrator for the operating environment.
E. Determine the standards for password management and construction.
F. Review any existing security guidelines for users, groups, and functions.
III. Physical Security
A. Review the network configuration to ensure that all network components are physically secured.
These include File Servers, Bridges, Routers, Hubs/Concentrators, Gateways, Terminal Servers, and Modems.
B. Determine who is responsible and what documentation is required for configuration changes to the physical network.
Are these procedures effective?
Are the changes to the network documented?
Are users and other impacted parties properly notified?
C. Ensure that only the System Administrator or other authorized personnel have physical access to the file server console as the system can be rebooted from the ‘A’ drive and a new root password can be supplied.
IV. System Administration
A. Identify all the System Administrators.
$grep :0: /etc/passwd
B. Determine that each administrator requires this