UNIX Security Audit Work Program

Subscriber Content
Screenshot of the first page of UNIX Security Work Program
An In-Depth Evaluation of UNIX System Security Measures

This work program outlines steps for performing an audit of the security of systems running the UNIX operating system. It reviews general system administration issues, account groups, remote and root logins, passwords, super-users, and related services.

Sample work steps include: verify that only one user (normally “root”) has UID 0. If multiple users have UID 0, verify that each is a valid superuser account, and that “root” is disabled or restricted (except for emergency situations) and verify that a shadow password file is being used. If not, inform the auditee that encrypted passwords in a world-readable file can be “cracked” and review “system accounts” to ensure that they have been disabled.


Topics
IT Audit
IT Infrastructure
Internal Audit
Audit Testing
IT Controls
Fixed Assets

Related Resources

Policies & Procedures

IT System Access and Re-Certification Policy

Audit Programs

System Management Risk Assessment and Control Audit Work Program

Audit Programs

Network Infrastructure Audit Work Program

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It