2.2.3.a Interview system administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components.
Sysadmins may/must have related certifications. They also may attend in security policy creation or at least know and understand these policies.
2.2.3.c For a sample of system components, verify that common security parameters are set appropriately.
We need to check, that most important security settings are in place on a system - usually based on security standart for this system and system passport.
6.2.b Verify that processes to identify new security vulnerabilities include using outside sources for security vulnerability information and updating the system configuration standards reviewed in Requirement 2.2 as new vulnerability issues are found.
Check if admins are regulary notified by vendor about security updates and react on these alerts with due diligence. They also have to be subscribed to best practises, magazine, vendor blog or something like this, to be always aware of best security configuration practises and news.
10.2.6 Verify initialization of audit logs is logged.
Try to change audit options, it must be logged.
10.2.7 Verify creation and deletion of system level objects are logged.
For windows try to create registry key. For linux try to create a process.
Friday, 29 April 2011
Sunday, 17 April 2011
Nagios tips
Plugins, addons, sites and other great stuff for Nagios:
Good plugin for check CPU:
To make it work you need to install some Perl modules:
cpan -i Nagios::Plugin Getopt:Compact
I usually use this plugin with the fillowing parametres:
$USER1$/check_nrpe -H $HOSTADDRESS$ -c check_cpu -a -w 50 -c 80
Another plugin for checking CPU is check_cpu.sh.
It is more accurate because it produces two CPU checks, using -i (interval) option. When there is only one check, false aletrts may happen. For example, if one program occupies 100% of CPU for 2 seconds and exactly at this time Nagios checks CPU, critical alert would be sent.
Memory plugin, that I usually use:
Send SMS with gammu
~/.gammurc
[gammu]
port = /dev/ttyUSB0
model = connection = at19200
synchronizetime = yes
logfile =
logformat = nothing
use_locking =
gammuloc =
gammu sendsms text 07874454543
Thursday, 7 April 2011
Sharepoint tips
Backup family of sites:
Stsadm -o backup -url http://site -filename \\srv\SHARE2010\%DATE%.bak
Restore family of sites:
Stsadm -o restore -url http://site -filename \\srv\sharepoint\site.bak -overwrite
Before this operation you have to create "site" web application.
stsadm program must be launched as administrator.
Stsadm -o backup -url http://site -filename \\srv\SHARE2010\%DATE%.bak
Restore family of sites:
Stsadm -o restore -url http://site -filename \\srv\sharepoint\site.bak -overwrite
Before this operation you have to create "site" web application.
stsadm program must be launched as administrator.
Subscribe to:
Comments (Atom)