You have been shafted. There is a HUGE amount of material available like you describe. I'd suggest that you start at the SANS and NSA sites, which a try at the vendor security pages for the major products of each flavor.
Good luck! V/R Jim tony toni wrote: > > Folks, > > I recently was assigned the project of developing security standards for our > Unix environment. We have about 400 unix box's (HP-UX, Sun Solaris, AIX, > etc)and the admins do their *own thing* with these boxes. > > This is not a project I exactly like...I am buried with 20 other > projects...and I am not Unix guru. For each Unix *flavor*, I need to develop > Unix security standards that will cover areas like configuration settings, > defaults, permissions, admin. account, password file, shells, trusts, root, > patch's, logging, etc. > > These are my questions: > > (1) Does anyone know where I can quickly get my hands on some high quality, > concise security standards/templates/checklists? for each Unix *flavor*? > > (2) What about good books/sites on Unix Security? > > (3) What about user friendly software tool(s) that I can periodically use > to audit the Unix boxes for compliance to the new security standards I > developed? > > Thanks > > Tony > IT Security Manager > Major Telecommunications Company > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
