Practical audit advice you can use today.
Determining and Identifying UNIX Services
Published: 2013-10-14 (Length: 10:46)
It's pretty important that any system baseline include a list of all network services that are running on the system. Additionally, the baseline should include information on which binary, possibly even which process, is using each port. This information allows system administrators to automatically detect possible compromises in addition to being a very simple system for detecting undocumented changes to systems by the auditors.
In this webcast we'll take a fast look at Netstat, the /etc/services file and lsof to see how we can quickly and easily extract the network service information that is particularly relevant for a baseline.
File Integrity Testing
Published: 2013-10-14 (Length: 20:27)
The installation of a file integrity testing tool should be a part of the standard install of any server class system in your environment. Not only does it allow for simple continuous monitoring and detection of unauthorized configuration changes, but it also allows for rapid damage assessment in the face of a compromise.
This episode will take a fast look at the open source version of Tripwire. We'll examine common configuration errors in addition to discussing how to automate reporting for an auditor effectively without having to give the auditor or security officer root access to the system.
AWK, Backticks and Friends!
Published: 2013-10-14 (Length: 14:53)
In this short webcast we take a look at how to create a very basic shell script that will identify the initial run level of any Linux based system.
Linux systems today have two primary mechanisms that are used to start services during startup. The more traditional system (using inittab) and the more modern Upstart system. This screencast demonstrates logical testing for files, extracting output from a command and assigning it into an environment variable and basic AWK usage.
A Brief Introduction to the UNIX Command Line
Published: 2013-10-07 (Length: 17:22)
If you're an auditor or security administrator and you have UNIX systems in your environment then you will eventually have to learn how to use the UNIX command line. Unlike Microsoft Windows, UNIX graphical interfaces are really GUIs lying on top of command lines. In Windows you have a graphical operating system that happens to have a command line interface as well; quite different.
This video gives you a very basic crash course of a few commands and information on how to use the built-in UNIX manual to look up additional information. This video also mirrors the first few introductory pages of the UNIX lab material for students in the Audit 507 course offered through SANS.
A Brief Introduction
Published: 2013-10-07 (Length: 10:40)
Of all of the editors that are available in the UNIX environment, two are ubiquitous. One, the 'Ed' editor, is very unfriendly since it was really designed for use on a teletype. The second, "VI", or the Visual editor, is much better. In fact, despite its age, the vi editor remains extremely popular.
Part of what makes the editor so popular are the many commands and shortcuts designed to make large scale editing of virtually any size file very fast and very easy... At least relatively easy once you learn all of the shortcuts!
This video is intended to give you just enough of an introduction to make your way around and get started using the editor to do useful tasks.
© 2011, David Hoelzer & EnclaveForensics