SANSFire 2008, Audit 507, Day 6 – Unix

Day 6, auditing Unix. By this time, most of the class was pretty wiped. With a few exceptions, (myself included) the bulk of the class had little or no Unix experience, so having to do stuff on the Unix command line was… well, eye-opening.

We reviewed mostly the same things that we covered in Windows, what to audit, where to find it, and how to audit. The instructor provided many sample scripts which do a lot to establish a baseline for you automatically (collecting hardware info, software configuration, resource utilization, etc.). We also discussed how not all Unixes are the same, and some strategies on how to deal with Unix sysadmins (think “fuzzy guys in suspenders”).  All in all, it was a good wrap-up day.

Now I’m just waiting for my SANS.org portal to open up so I can review the training again online to prep for my test!

Leave a Reply