Linux Audit

Linux Audit / Once Off Health Check.

Work in progress

Related notes for review:

• AI generated snippets
• Red Hat subscription audit

Azul Tasks

Typical tasks in a Linux system audit / once off health check include:

• Subscription compliance
  • Inventory software subscriptions
    • Compile a complete inventory of relevant all software subscriptions owned by the organization
  • Gather data on installed software
    • Obtain available data from existing vendor tools like Red Hat Subscription Watch, Red Hat Satellite, SUSE Manager, etc where applicable
    • Obtain a list of Linux systems from sources like VM hosts, network scans, etc
    • Obtain details about each system using tools like Red Hat Subscription Manager and SUSEConnect
  • Analyze usage data
    • Review software usage data to ensure that they align with the number of subscriptions
    • Review applicable details like subscription types (like VM vs bare metal) for possible improvements / optimizations / costs savings
• Software version review
  • Collect information
    • Gather details of Operating System versions
    • Optionally gather details on key other software components like databases, web servers, application servers, etc
  • Review information
    • Review the versions in use, comparing them to supported versions and latest versions
    • Optionally perform a more detailed analysis of know vulnerabilities
• Security compliance
  • Discuss compliance requirements, including:
    • Industry standard benchmarks like CIS, FIPS, PCI DSS etc
    • Client specific standards and/or requirements
  • Tool installation and policy configuration
    • Install scanning tools such as OpenSCAP and SCAP Workbench if no tool is deployed
    • Define security policies tailored to organizational needs
  • Scan systems for compliance
    • Run the scanning tools
    • Collect output data
    • Generate detailed reports that outline compliance status and identify any vulnerabilities or misconfigurations
  • Remediation
    • Discuss any findings from the reports, and agree on remediation actions
    • Configure remediation tools where applicable
    • Develop automated remediation solutions for finds not handled appropriately by existing tools
    • Remediate findings
  • Ongoing Compliance Management
    • Establish an automated schedule for compliance checks and remediation
• System Resource Monitoring
  • CPU Usage: Check for CPU load and identify any processes consuming excessive resources
  • Memory Usage: Monitor RAM usage to ensure there is adequate memory available
  • Disk Usage: Assess disk space utilization and check for disk I/O performance
• Hardware Health Checks
  • SMART Data: Analyze hard drive health through SMART data to detect potential failures
  • Temperature Monitoring: Monitor hardware temperatures and ensure components are operating within safe limits
• Log File Analysis
  • Review system logs for errors or warnings that could indicate underlying issues
  • Check logs for critical services (e.g., web server, database) to ensure they are functioning correctly
• Service Status Verification
  • Ensure critical services are running as expected by checking their status with systemd
• Configuration File Review
  • Review configuration files for important services to ensure they adhere to best practices and organizational policies