<div>
<div class="content wysiwyg-content">
What are the key checks to perform when doing a security audit of a red hat linux server? And how do you check them, i.e users, user permissions, password polciies, audit policies, patches, share/export permissions etc. Please give some pointers on how to check the aforementioned areas. &nbsp;What are the common security mistakes/weak spots found on Linux systems?
</div>
</div>


What are the key checks to perform when doing a security audit of a red hat linux server? And how do you check them, i.e users, user permissions, password polciies, audit policies, patches, share/export permissions etc. Please give some pointers on how to check the aforementioned areas.  What are the common security mistakes/weak spots found on Linux systems?

linux audit

Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.

Linux

A Linux distribution is an operating system made as a software collection based on the Linux kernel and, often, on a package management system and are available for a variety of systems. A typical Linux distribution comprises a Linux kernel, GNU tools and libraries, additional software, documentation, a window system (the most common being the X Window System), a window manager, and a desktop environment. Most Linux systems are open-source software made available both as compiled binaries and in source code form, allowing modifications to the original software. Over three hundred distributions are in active development, including commercially backed distributions (such as Fedora, openSUSE and Ubuntu) and community-driven distributions (such as Debian, Slackware, Gentoo and Arch Linux).

Linux Distributions

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.