Health Checking Commands

Health Checking Commands

1.Userids that are defined as having Security & System Administrative Authority:
- Users with access to the 'root' user account
- Usuries in the 'system' or 'security' groups
Is there a process in place to verify that these users have a valid business need?
grep -i system /etc/group
grep -i security /etc/group
grep -i root /etc/group
2.Do only approved users have root authority?
lsuser -a sugroups ALL | grep "sugroups=suroot" | pg
3.Do only approved users have access to the system group?
lsuser -a groups ALL | grep system | pg
4.Are only approved users’ members of the security group?
lsuser -a groups ALL | grep security | pg
5. If Anonymous write is allowed, the -u option on /etc/ftpd must be used.
Is this true?
NA -Anonymous not used.
6. Does only one uid of 0 exist? lsuser -a id ALL | grep "id=0" | pg
7. TO check whether NFS is running in the server? ps –ef | grep nfsd , after this we need to check more /etc/exports
8. To check whether anonymous users are present in /etc/passwd?
grep – i anonymous /etc/passwd
9. To log in to the server with other id using ssh :- ssh - i id server name
10. POP daemons must be configured to require users to authenticate.Confirm POP daemons not used grep pop /etc/inetd.conf
11. NNTP must be configured to require authentication and identification of all users if any of the newsgroups on the server are classified confidential.Confirm NNTP not used.
grep nntp /etc/inetd.conf
12. Confirm TFTP disabled. grep tftp /etc/inetd.conf
13. NIS maps must not be used to store confidential data, including user passwords or other authentication credentials in any form. Confirm NIS maps not used.
lssrc -g yp & lslpp -l | grep -i nis
14. The following file may be world-writeable :socket (s) Is this the case?
find / -type s | more & then ls -ld file name
15. The following file may be world-writeable :named pipe (p) Is this the case?
find / -type p | more & then ls –ld filename
16. The following file may be world-writeable :block special file (b) Is this the case?
find / -type b | more & then ls –ld filename
17. The following file may be world-writeable :character special file (c) Is this the case?
find / -type c | more & then ls –ld filename
18. The following file may be world-writeable :symbolic links (l) Is this the case?
find / -type l | more & then ls –ld filename
19. To find if any users have non expiring passwords.
'lsuser -a maxage ALL|grep 0'
20. Confirm that the Business Use Notice is displayed to users during the identification and authentication process ?
cat /etc/motd'
21. The Common Desktop Environment must use dthello program to display the Business Use Notice. Is this the case?
ls –ld /usr/dt/bin/dthello
22. To get a list of users with UMASK not equal to x77
'lsuser -a umask ALL|grep -v "=77"
23. For OSR File type *.o , the setting for other must be r-x or more stringent. Is this the case?
Find / -name *.a –print
24. A password must be assigned to the ‘root’ userid is this the case?
grep root /etc/passwd
25.To check rlogin for root.
lsuser –a rlogin root
26. Does only one uid of 0 exist
lsuser -a id ALL | grep "id=0" | pg
27. Do only approved users have root authority
lsuser -a sugroups ALL | grep "sugroups=suroot" | pg
28. Do only approved users have access to the system group?
Command Tips lsuser -a groups ALL | grep system | pg
29. Are only approved users members of the security group
lsuser -a groups ALL | grep security | pg
30.To check anonymous FTP
ftp 0 21 ; name – anonymous
(or)
Grep anonymous /etc/passwd
31. For User default home directory /$HOME the permission setting is not defined.
Is this the case?
all IN and GB users home directory permission should be 700 . apart from normal users we should not change database users directories and the application users directories. we need to confirm with them. ls -ld /$HOME
32. .netrc files, file permissions must grant access only to the owner of the file.
Is this the case?
ls -lrt /.netrc
33. /.rhosts must have read and write access only by root. Is this the case?
ls –lrt /.rhosts