...
- Check the /etc/shadow file
- No default passwords are set, and default accounts that are not needed disabled
- Only root should have a password entry
- Check the /etc/passwd file
- Compare the list of users with what the admins expect. For hosts that use LDAP this should be an empty file. Disable unneeded system accounts here, or at least remove login shells.
- Check for users with id of 0
- Check /etc/group
- Check for users in the wheel or admin groups
- Check root escalation
- Check configuration of /etc/sudoers if that is used for escalation
- If this is a host that does not allow root escalation then make sure there is no /root/.k5login files or sudo access (/etc/sudoers or the /etc/group wheel group).
- Root escalation requires or Multi-factor authentication is non-administrators are allowed on the system
- Utilize Multi-factor or Aurhenitcation or an bastion with OTP for any administrative interfaces
- Cerberos Cerberus 1 to 4 are available for most machines to use in conjunction with firewall rules and wrappers.
- Check .ssh folders for authorized_keys files
- Accounts with ssh_keys should have precautions for the use of the key. e.g. 'from' directives, user matching in sshd_config to limit access, etc.
...
Make sure the system is up-to-date on security patches and set to auto-update if possible. For a price we offer regular vulnerability scanning.