Checklist version 1

Installer name:     _____________          Date (DD-MM-YYYY) ______________

Box: 
 Name:              _____________          IP:     .     .    .
 Domain name :      _____________
 Physical location: _____________

 Duties:
 ________________________________________________
 ________________________________________________
 ________________________________________________
 ________________________________________________
 ________________________________________________


 RAM: _____ MB      HD: ________ GB    Processor: ____________  Mhz: _______
 Other HW:
 _________________________________________________
 _________________________________________________
 _________________________________________________
 _________________________________________________
 _________________________________________________

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Install process (don't forget versions)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[ ] shadow passwords

[ ] Install programs
	[ ] pgp
	[ ] ssh
	[ ] sudo
	[ ] john the ripper
	[ ] nmap
	[ ] nc
	[ ] ffingerd
	[ ] tripwire
	[ ] rdate
	[ ] dnetc
	[ ] seti@home
	[ ] snort
	[ ] tcpdump
	[ ] uprecords

[ ] Upgrade all installed packages

[ ] recompile latest kerel
	Version:   .   .
	Patches:
	_______________
	_______________
	_______________

[ ] config files
	[ ] /etc/inetd.conf - turn off all but needed ones

	[ ] /etc/crontab
		[ ] config file verifying script
		[ ] john the ripper
		[ ] netstat -a | grep LISTEN | mail -s listen root

	[ ] /etc/sshd/config - disable root login

	[ ] /etc/motd - change it

	[ ] /etc/inittab
		[ ] turn off ctrl-alt-delete
		[ ] add terminals

	[ ] /etc/syslogd.conf
		[ ] *.* on /dev/tty11
		[ ] remote log, host: _______________

	[ ] /etc/{ttys,securetty}

	[ ] /etc/default/rcS
		[ ] autofix on fs check

	[ ] /etc/aliases
		[ ] remove script entries
		[ ] add abuse/security
		[ ] redir root mail

	[ ] nfs
		[ ] running nfs
		[ ] /etc/export export to fqdn only

	[ ] httpd
		[ ] running httpd:  ___________
		[ ] run as non-root

	[ ] named (/etc/bind/*)
		[ ] running, version: __________
		[ ] non-root
		[ ] chroot()

[ ] firewall
	[ ] block syn on low ports from outside
	[ ] SNAT
	[ ] DNAT

Extra:

____________________________________________
____________________________________________
____________________________________________
____________________________________________


-=-=-=-=-=-=-=-=-=-=-
  T e s t i n g
-=-=-=-=-=-=-=-=-=-=-
[ ] portscan
	open ports:

	__________
	__________
	__________
	__________
	__________
	__________
	__________

[ ] nessus
	[ ] No problems
 