This work program outlines steps for performing an audit of the security of systems running the UNIX operating system. It reviews general system administration issues, account groups, remote and root logins, passwords, super-users, and related services.
Sample work steps include: verify that only one user (normally “root”) has UID 0. If multiple users have UID 0, verify that each is a valid superuser account, and that “root” is disabled or restricted (except for emergency situations) and verify that a shadow password file is being used. If not, inform the auditee that encrypted passwords in a world-readable file can be “cracked” and review “system accounts” to ensure that they have been disabled.