LINUX configuration check SERVER_VER : Linux =============================================================================== ####################################################################################### #################################### Start Time ##################################### ####################################################################################### date: invalid date '/t' WINS-UNIX-Linux_v1.7.sh: line 252: /t: No such file or directory ####################################################################################### ############################## Kernel Information ################################# ####################################################################################### Linux overtime 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux ####################################################################################### ################################ IP Information ################################### ####################################################################################### eno1: flags=4099 mtu 1500 ether 34:64:a9:95:ed:b0 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 17 eno2: flags=4163 mtu 1500 inet 192.168.100.137 netmask 255.255.255.0 broadcast 192.168.100.255 inet6 fe80::6580:b6b1:52ed:bee4 prefixlen 64 scopeid 0x20 ether 34:64:a9:95:ed:b1 txqueuelen 1000 (Ethernet) RX packets 464020 bytes 95630044 (91.1 MiB) RX errors 0 dropped 22 overruns 0 frame 0 TX packets 140914 bytes 12353986 (11.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 18 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX packets 745 bytes 60472 (59.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 745 bytes 60472 (59.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ####################################################################################### ################################# Network Status ################################## ####################################################################################### Active Internet connections (servers and established) tcp 0 0 0.0.0.0:50022 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 192.168.100.137:50022 192.168.39.123:7877 ESTABLISHED tcp 0 0 192.168.100.137:50022 192.168.39.123:7840 ESTABLISHED tcp 0 0 192.168.100.137:50022 192.168.39.135:7428 ESTABLISHED tcp 0 0 192.168.100.137:50022 192.168.39.123:5045 ESTABLISHED tcp6 0 0 :::50022 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN Active UNIX domain sockets (servers and established) unix 2 [ ACC ] STREAM LISTENING 10534 /run/lvm/lvmpolld.socket unix 2 [ ACC ] STREAM LISTENING 20093 public/pickup unix 2 [ ACC ] STREAM LISTENING 20097 public/cleanup unix 2 [ ACC ] STREAM LISTENING 20100 public/qmgr unix 2 [ ACC ] STREAM LISTENING 20104 private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 20107 private/rewrite unix 2 [ ACC ] STREAM LISTENING 20110 private/bounce unix 2 [ ACC ] STREAM LISTENING 20113 private/defer unix 2 [ ACC ] STREAM LISTENING 20116 private/trace unix 2 [ ACC ] STREAM LISTENING 20119 private/verify unix 2 [ ACC ] STREAM LISTENING 20122 public/flush unix 2 [ ACC ] STREAM LISTENING 20125 private/proxymap unix 2 [ ACC ] STREAM LISTENING 20128 private/proxywrite unix 2 [ ACC ] STREAM LISTENING 20131 private/smtp unix 2 [ ACC ] STREAM LISTENING 20134 private/relay unix 2 [ ACC ] STREAM LISTENING 20137 public/showq unix 2 [ ACC ] STREAM LISTENING 20140 private/error unix 2 [ ACC ] STREAM LISTENING 20143 private/retry unix 2 [ ACC ] STREAM LISTENING 20146 private/discard unix 2 [ ACC ] STREAM LISTENING 20149 private/local unix 2 [ ACC ] STREAM LISTENING 20152 private/virtual unix 2 [ ACC ] STREAM LISTENING 20155 private/lmtp unix 2 [ ACC ] STREAM LISTENING 20158 private/anvil unix 2 [ ACC ] STREAM LISTENING 20161 private/scache unix 2 [ ACC ] STREAM LISTENING 1420 /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 10153 /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 13493 /run/lvm/lvmetad.socket unix 2 [ ACC ] STREAM LISTENING 17597 /run/dbus/system_bus_socket unix 2 [ ACC ] SEQPACKET LISTENING 13538 /run/udev/control ####################################################################################### ############################### Routing Information ############################### ####################################################################################### Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 eno2 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eno2 ####################################################################################### ################################# Process Status ################################## ####################################################################################### UID PID PPID C STIME TTY TIME CMD root 1 0 0 19:54 ? 00:00:01 /usr/lib/systemd/systemd --switched-root --system --deserialize 22 root 2 0 0 19:54 ? 00:00:00 [kthreadd] root 3 2 0 19:54 ? 00:00:00 [ksoftirqd/0] root 5 2 0 19:54 ? 00:00:00 [kworker/0:0H] root 7 2 0 19:54 ? 00:00:00 [migration/0] root 8 2 0 19:54 ? 00:00:00 [rcu_bh] root 9 2 0 19:54 ? 00:00:02 [rcu_sched] root 10 2 0 19:54 ? 00:00:00 [lru-add-drain] root 11 2 0 19:54 ? 00:00:00 [watchdog/0] root 12 2 0 19:54 ? 00:00:00 [watchdog/1] root 13 2 0 19:54 ? 00:00:00 [migration/1] root 14 2 0 19:54 ? 00:00:00 [ksoftirqd/1] root 16 2 0 19:54 ? 00:00:00 [kworker/1:0H] root 17 2 0 19:54 ? 00:00:00 [watchdog/2] root 18 2 0 19:54 ? 00:00:00 [migration/2] root 19 2 0 19:54 ? 00:00:00 [ksoftirqd/2] root 21 2 0 19:54 ? 00:00:00 [kworker/2:0H] root 22 2 0 19:54 ? 00:00:00 [watchdog/3] root 23 2 0 19:54 ? 00:00:00 [migration/3] root 24 2 0 19:54 ? 00:00:00 [ksoftirqd/3] root 25 2 0 19:54 ? 00:00:00 [kworker/3:0] root 26 2 0 19:54 ? 00:00:00 [kworker/3:0H] root 27 2 0 19:54 ? 00:00:00 [watchdog/4] root 28 2 0 19:54 ? 00:00:00 [migration/4] root 29 2 0 19:54 ? 00:00:00 [ksoftirqd/4] root 31 2 0 19:54 ? 00:00:00 [kworker/4:0H] root 32 2 0 19:54 ? 00:00:00 [watchdog/5] root 33 2 0 19:54 ? 00:00:00 [migration/5] root 34 2 0 19:54 ? 00:00:00 [ksoftirqd/5] root 36 2 0 19:54 ? 00:00:00 [kworker/5:0H] root 37 2 0 19:54 ? 00:00:00 [watchdog/6] root 38 2 0 19:54 ? 00:00:00 [migration/6] root 39 2 0 19:54 ? 00:00:00 [ksoftirqd/6] root 40 2 0 19:54 ? 00:00:00 [kworker/6:0] root 41 2 0 19:54 ? 00:00:00 [kworker/6:0H] root 42 2 0 19:54 ? 00:00:00 [watchdog/7] root 43 2 0 19:54 ? 00:00:00 [migration/7] root 44 2 0 19:54 ? 00:00:00 [ksoftirqd/7] root 45 2 0 19:54 ? 00:00:00 [kworker/7:0] root 46 2 0 19:54 ? 00:00:00 [kworker/7:0H] root 48 2 0 19:54 ? 00:00:00 [kdevtmpfs] root 49 2 0 19:54 ? 00:00:00 [netns] root 50 2 0 19:54 ? 00:00:00 [khungtaskd] root 51 2 0 19:54 ? 00:00:00 [writeback] root 52 2 0 19:54 ? 00:00:00 [kintegrityd] root 53 2 0 19:54 ? 00:00:00 [bioset] root 54 2 0 19:54 ? 00:00:00 [kblockd] root 55 2 0 19:54 ? 00:00:00 [md] root 56 2 0 19:54 ? 00:00:00 [edac-poller] root 58 2 0 19:54 ? 00:00:00 [kworker/4:1] root 63 2 0 19:54 ? 00:00:00 [kswapd0] root 64 2 0 19:54 ? 00:00:00 [ksmd] root 65 2 0 19:54 ? 00:00:00 [khugepaged] root 66 2 0 19:54 ? 00:00:00 [crypto] root 74 2 0 19:54 ? 00:00:00 [kthrotld] root 76 2 0 19:54 ? 00:00:00 [kmpath_rdacd] root 77 2 0 19:54 ? 00:00:00 [kaluad] root 78 2 0 19:54 ? 00:00:00 [kpsmoused] root 80 2 0 19:54 ? 00:00:00 [ipv6_addrconf] root 93 2 0 19:54 ? 00:00:00 [deferwq] root 124 2 0 19:54 ? 00:00:00 [kworker/5:1] root 129 2 0 19:54 ? 00:00:00 [kauditd] root 141 2 0 19:54 ? 00:00:00 [kworker/2:1] root 314 2 0 19:54 ? 00:00:00 [kworker/6:2] root 320 2 0 19:54 ? 00:00:00 [scsi_eh_0] root 321 2 0 19:54 ? 00:00:00 [scsi_tmf_0] root 328 2 0 19:54 ? 00:00:00 [ata_sff] root 336 2 0 19:54 ? 00:00:00 [ttm_swap] root 337 2 0 19:54 ? 00:00:00 [scsi_eh_1] root 338 2 0 19:54 ? 00:00:00 [scsi_tmf_1] root 339 2 0 19:54 ? 00:00:00 [scsi_eh_2] root 340 2 0 19:54 ? 00:00:00 [scsi_tmf_2] root 341 2 0 19:54 ? 00:00:00 [scsi_eh_3] root 342 2 0 19:54 ? 00:00:00 [scsi_tmf_3] root 343 2 0 19:54 ? 00:00:00 [scsi_eh_4] root 344 2 0 19:54 ? 00:00:00 [scsi_tmf_4] root 345 2 0 19:54 ? 00:00:00 [scsi_eh_5] root 346 2 0 19:54 ? 00:00:00 [scsi_tmf_5] root 347 2 0 19:54 ? 00:00:00 [scsi_eh_6] root 348 2 0 19:54 ? 00:00:00 [scsi_tmf_6] root 351 2 0 19:54 ? 00:00:00 [kworker/u128:5] root 362 2 0 19:54 ? 00:00:00 [scsi_eh_7] root 363 2 0 19:54 ? 00:00:00 [scsi_tmf_7] root 364 2 0 19:54 ? 00:00:00 [usb-storage] root 432 2 0 19:54 ? 00:00:00 [kdmflush] root 433 2 0 19:54 ? 00:00:00 [bioset] root 442 2 0 19:54 ? 00:00:00 [kdmflush] root 443 2 0 19:54 ? 00:00:00 [bioset] root 460 2 0 19:54 ? 00:00:00 [jbd2/dm-0-8] root 461 2 0 19:54 ? 00:00:00 [ext4-rsv-conver] root 530 1 0 19:54 ? 00:00:00 /usr/lib/systemd/systemd-journald root 555 1 0 19:54 ? 00:00:00 /usr/sbin/lvmetad -f root 557 1 0 19:54 ? 00:00:00 /usr/lib/systemd/systemd-udevd root 642 2 0 19:54 ? 00:00:00 [kipmi0] root 651 2 0 19:54 ? 00:00:00 [kvm-irqfd-clean] root 671 2 0 19:54 ? 00:00:00 [jbd2/sda1-8] root 672 2 0 19:54 ? 00:00:00 [ext4-rsv-conver] root 695 2 0 19:54 ? 00:00:00 [kworker/0:1H] root 696 2 0 19:54 ? 00:00:00 [kworker/2:1H] root 707 1 0 19:54 ? 00:00:00 /sbin/auditd polkitd 742 1 0 19:54 ? 00:00:00 /usr/lib/polkit-1/polkitd --no-debug dbus 744 1 0 19:54 ? 00:00:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation chrony 750 1 0 19:54 ? 00:00:00 /usr/sbin/chronyd root 759 1 0 19:54 ? 00:00:00 /usr/lib/systemd/systemd-logind root 760 1 0 19:54 ? 00:00:00 /usr/sbin/irqbalance --foreground root 766 1 0 19:54 ? 00:00:00 /usr/sbin/crond -n root 775 1 0 19:54 ? 00:00:00 login -- root root 798 1 0 19:54 ? 00:00:00 /usr/sbin/NetworkManager --no-daemon root 935 2 0 19:54 ? 00:00:00 [kworker/1:1H] root 936 2 0 19:54 ? 00:00:00 [kworker/3:1H] root 1089 1 0 19:54 ? 00:00:01 /usr/bin/python -Es /usr/sbin/tuned -l -P root 2326 1 0 19:54 ? 00:00:00 /usr/libexec/postfix/master -w postfix 2452 2326 0 19:54 ? 00:00:00 qmgr -l -t unix -u root 9229 2 0 19:54 ? 00:00:00 [kworker/5:1H] root 10440 2 0 19:55 ? 00:00:00 [kworker/7:1H] root 10449 775 0 19:56 tty1 00:00:02 -bash root 10464 2 0 19:56 ? 00:00:00 [kworker/6:1H] root 10468 2 0 19:57 ? 00:00:00 [kworker/4:1H] root 10869 2 0 20:00 ? 00:00:03 [kworker/3:1] root 10888 2 0 20:01 ? 00:00:00 [bioset] root 10889 2 0 20:01 ? 00:00:00 [xfsalloc] root 10890 2 0 20:01 ? 00:00:00 [xfs_mru_cache] root 10906 2 0 20:03 ? 00:00:00 [kworker/5:2] root 10913 2 0 20:05 ? 00:00:00 [kworker/4:0] root 20915 1 0 20:27 ? 00:00:00 sshd: root@pts/0 root 20919 20915 0 20:27 pts/0 00:00:00 -bash root 21068 2 0 22:46 ? 00:00:00 [kworker/1:2] root 21092 2 0 22:49 ? 00:00:00 [kworker/u128:0] root 21094 1 0 22:49 ? 00:00:00 /usr/sbin/rsyslogd -n root 21120 1 0 22:51 ? 00:00:00 /usr/sbin/sshd -D root 21148 2 0 22:53 ? 00:00:00 [kworker/0:2] root 21253 21120 0 23:06 ? 00:00:00 sshd: wemin [priv] wemin 21257 21253 0 23:06 ? 00:00:00 sshd: wemin@notty wemin 21258 21257 0 23:06 ? 00:00:00 /usr/libexec/openssh/sftp-server root 21269 2 0 23:07 ? 00:00:00 [kworker/2:2] postfix 21484 2326 0 23:14 ? 00:00:00 pickup -l -t unix -u root 21558 2 0 23:22 ? 00:00:00 [kworker/7:1] root 21629 2 0 23:27 ? 00:00:00 [kworker/0:0] root 21630 2 0 23:31 ? 00:00:00 [kworker/1:0] root 21644 21120 0 23:46 ? 00:00:00 sshd: wemin [priv] wemin 21648 21644 0 23:46 ? 00:00:00 sshd: wemin@notty wemin 21649 21648 0 23:46 ? 00:00:00 /usr/libexec/openssh/sftp-server root 21675 2 0 23:46 ? 00:00:00 [kworker/0:1] root 21676 2 0 23:46 ? 00:00:00 [kworker/0:3] root 22644 2 0 23:47 ? 00:00:00 [kworker/1:1] root 22645 2 0 23:47 ? 00:00:00 [kworker/3:2] root 22659 21120 1 23:49 ? 00:00:00 sshd: wemin [priv] wemin 22663 22659 0 23:49 ? 00:00:00 sshd: wemin@notty wemin 22664 22663 0 23:49 ? 00:00:00 /usr/libexec/openssh/sftp-server root 22675 20919 0 23:49 pts/0 00:00:00 sh WINS-UNIX-Linux_v1.7.sh root 22695 22675 0 23:49 pts/0 00:00:00 ps -ef ####################################################################################### ################################## User Env ####################################### ####################################################################################### XDG_SESSION_ID=3 HOSTNAME=overtime SELINUX_ROLE_REQUESTED= SHELL=/bin/bash TERM=xterm HISTSIZE=1000 SSH_CLIENT=192.168.39.123 5045 50022 SELINUX_USE_CURRENT_RANGE= SSH_TTY=/dev/pts/0 USER=root LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin MAIL=/var/spool/mail/root PWD=/home/wemin/WSEC_RESULT_DIR_overtime_2020_07_20 LANG=C SELINUX_LEVEL_REQUESTED= HISTCONTROL=ignoredups HOME=/root SHLVL=2 LOGNAME=root SSH_CONNECTION=192.168.39.123 5045 192.168.100.137 50022 LESSOPEN=||/usr/bin/lesspipe.sh %s XDG_RUNTIME_DIR=/run/user/0 _=/usr/bin/env OLDPWD=/home/wemin ####################################################################################### ################################## lsof -i -P ####################################### ####################################################################################### WINS-UNIX-Linux_v1.7.sh: line 312: lsof: command not found ####################################################################################### ####################################################################################### ############################## 계정관리 ############################# ####################################################################################### ####################################################################################### ####################################################################################### [U-01] root 계정 원격 접속 제한 ####################################################################################### 결과 : telnet 서비스를 사용하지 않음 기준 : 원격 서비스를 사용하지 않거나, 사용 시 root 직접 접속을 차단한 경우 [U-01] : 양호 ####################################################################################### [U-02] 패스워드 복잡성 설정 ####################################################################################### 결과 : 인터뷰 /etc/pam.d/system-auth 설정 내용 없음 cat /etc/security/pwquality.conf =============================== 기준 : 영문, 숫자, 특수문자를 조합하여 2종류 조합 시 10자리 이상, 3종류 이상 조합 시 8자리 이상의 패스워드가 설정된 경우(공공기관 9자리 이상) [U-02] : 수동 ####################################################################################### [U-03] 계정 잠금 임계값 설정 ####################################################################################### 결과 : 수동 /etc/pam.d/system-auth =============================== auth required pam_tally2.so onerr=fail deny=4 unlock_time=120 account required pam_tally2.so 기준 : 계정 잠금 임계값이 5 이하의 값으로 설정되어 있는 경우 Tip : deny = 5이하일 경우 양호 [U-03] : 수동 ####################################################################################### [U-04] 패스워드 파일 보호 ####################################################################################### 결과 : 쉐도우파일에 패스워드를 암호화하여 저장하고 있음 /etc/passwd =============================== root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:998:User for polkitd:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:998:996::/var/lib/chrony:/sbin/nologin wemin:x:1000:1000:wemin:/home/wemin:/bin/bash 기준 : 쉐도우 패스워드를 사용하거나, 패스워드를 암호화하여 저장하는 경우 [U-04] : 양호 ####################################################################################### [U-44] root 이외의 UID가 '0' 금지 ####################################################################################### 결과 : root 계정과 동일한 UID를 갖는 계정이 존재하지 않음 /etc/passwd =============================== root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:998:User for polkitd:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:998:996::/var/lib/chrony:/sbin/nologin wemin:x:1000:1000:wemin:/home/wemin:/bin/bash 기준 : root 계정과 동일한 UID를 갖는 계정이 존재하지 않는 경우 [U-44] : 양호 ####################################################################################### [U-45] root 계정 su 제한 ####################################################################################### 결과 : su 명령어를 특정 그룹에 속한 사용자만 사용하도록 제한되어 있음 /ect/group =============================== wheel:x:10:root,wemin /ect/pam.d/su =============================== auth required pam_wheel.so use_uid 기준 : su 명령어를 특정 그룹에 속한 사용자만 사용하도록 제한되어 있는 경우 [U-45] : 양호 ####################################################################################### [U-46] 패스워드 최소 길이 설정 ####################################################################################### 결과 : 패스워드 최소 길이가 8자 이상으로 설정되어 있음 /etc/login.defs =============================== PASS_MIN_LEN 8 기준 : 패스워드 최소 길이가 8자 이상으로 설정되어 있는 경우(공공기관의 경우 9자리 이상) [U-46] : 양호 ####################################################################################### [U-47] 패스워드 최대 사용기간 설정 ####################################################################################### 결과 : 패스워드 최대 사용기간이 90일(12주) 이하로 설정되어 있음 /etc/login.defs =============================== PASS_MAX_DAYS 90 기준 : 패스워드 최대 사용기간이 90일(12주) 이하로 설정되어 있는 경우 [U-47] : 양호 ####################################################################################### [U-48] 패스워드 최소 사용기간 설정 ####################################################################################### 결과 : 패스워드 최소 사용기간이 1일으로 설정되어 있음 /etc/login.defs =============================== PASS_MIN_DAYS 1 기준 : 패스워드 최소 사용기간이 1일로 설정되어 있는 경우 [U-48] : 양호 ####################################################################################### [U-49] 불필요한 계정 제거 ####################################################################################### 결과 : 불필요한 계정이 존재하고 있음 /etc/passwd =============================== adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin 기준 : 불필요한 계정이 존재하지 않는 경우 [U-49] : 취약 ####################################################################################### [U-50] 관리자 그룹에 최소한의 계정 포함 ####################################################################################### 결과 : 관리자 그룹에 불필요한 계정이 등록되지 않음 /etc/group =============================== root:x:0: 기준 : 관리자 그룹에 불필요한 계정이 등록되어 있지 않은 경우 [U-50] : 양호 ####################################################################################### [U-51] 계정이 존재하지 않는 GID 금지 ####################################################################################### 결과 : 구성원이 없는 그룹이 존재하고 있음 /etc/group =============================== root:x:0: bin:x:1: daemon:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: mem:x:8: kmem:x:9: cdrom:x:11: man:x:15: dialout:x:18: floppy:x:19: games:x:20: tape:x:33: video:x:39: ftp:x:50: lock:x:54: audio:x:63: nobody:x:99: users:x:100: utmp:x:22: utempter:x:35: input:x:999: systemd-journal:x:190: systemd-network:x:192: dbus:x:81: polkitd:x:998: ssh_keys:x:997: sshd:x:74: postdrop:x:90: postfix:x:89: chrony:x:996: 기준 : 존재하지 않는 계정에 GID 설정을 금지한 경우 [U-51] : 취약 ####################################################################################### [U-52] 동일한 UID 금지 ####################################################################################### 결과 : 동일한 UID로 설정된 사용자 계정이 존재하지 않음 /etc/passwd =============================== root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:998:User for polkitd:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:998:996::/var/lib/chrony:/sbin/nologin wemin:x:1000:1000:wemin:/home/wemin:/bin/bash 기준 : 동일한 UID로 설정된 사용자 계정이 존재하지 않는 경우 [U-52] : 양호 ####################################################################################### [U-53] 사용자 shell 점검 ####################################################################################### 결과 : 로그인이 필요하지 않은 계정에 /bin/false(nologin) 쉘이 부여되어 있음 bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin 기준 : 로그인이 필요하지 않은 계정에 /bin/false(nologin) 쉘이 부여되어 있는 경우 [U-53] : 양호 ####################################################################################### [U-54] Session Timeout 설정 ####################################################################################### 결과 : Timeout 설정이 설정되어 있음 /etc/profile =============================== TMOUT=600 export TMOUT 기준 : Session Timeout이 600초(10분) 이하로 설정되어 있는 경우 [U-54] : 양호 ####################################################################################### ####################################################################################### ######################## 파일 및 디렉토리 관리 ###################### ####################################################################################### ####################################################################################### ####################################################################################### [U-05] root 홈, 패스 디렉토리 권한 및 패스 설정 ####################################################################################### 결과 : PATH 환경변수에 “.”, :: 이 맨 앞이나 중간에 포함되지 않음 /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin 기준 : PATH 환경변수에 “.” ::이 맨 앞이나 중간에 포함되지 않은 경우 [U-05] : 양호 ####################################################################################### [U-06] 파일 및 디렉토리 소유자 설정 ####################################################################################### 결과 : 소유자가 존재하지 않은 파일 및 디렉토리가 없음 기준 : 소유자가 존재하지 않은 파일 및 디렉토리가 존재하지 않는 경우 [U-06] : 양호 ####################################################################################### [U-07] /etc/passwd 파일 소유자 및 권한 설정 ####################################################################################### 결과 : /etc/passwd 파일의 소유자가 root이고, 권한이 644 이하로 설정되어 있음 -rw-r--r--. 1 root root 892 2020-07-20 19:49 /etc/passwd 기준 : /etc/passwd 파일의 소유자가 root이고, 권한이 644 이하인 경우 [U-07] : 양호 ####################################################################################### [U-08] /etc/shadow 파일 소유자 및 권한 설정 ####################################################################################### 결과 : /etc/shadow 파일의 소유자가 root이고, 권한이 400 이하로 설정되어 있음 ----------. 1 root root 709 2020-07-20 22:53 /etc/shadow 기준 : /etc/shadow 파일의 소유자가 root이고, 권한이 400인 경우 [U-08] : 양호 ####################################################################################### [U-09] /etc/hosts 파일 소유자 및 권한 설정 ####################################################################################### 결과 : /etc/hosts 파일의 소유자가 root가 아니거나, 권한이 600 이하로 설정되지 않음 -rw-r--r--. 1 root root 158 2013-06-07 23:31 /etc/hosts 기준 : /etc/hosts 파일의 소유자가 root이고, 권한이 600인 경우 [U-09] : 취약 ####################################################################################### [U-10] /etc/(x)inetd.conf 파일 소유자 및 권한 설정 ####################################################################################### 결과 : /etc/xinetd.d/ 하위 파일의 소유자가 root가 아니거나, 권한이 600 이하로 설정되지 않음 total 8 drwxr-xr-x. 2 root root 4096 2018-04-11 13:59 . drwxr-xr-x. 79 root root 4096 2020-07-20 23:13 .. 기준 : /etc/xinetd.d/ 하위 모든 파일의 소유자가 root이고, 권한이 600인 경우 [U-10] : 취약 ####################################################################################### [U-11] /etc/syslog.conf 파일 소유자 및 권한 설정 ####################################################################################### 결과 : /etc/rsyslog.conf 파일의 소유자가 root이고, 권한이 644 이하로 설정되어 있음 -rw-r--r--. 1 root root 3138 2020-07-20 22:49 /etc/rsyslog.conf 기준 : /etc/syslog.conf 파일의 소유자가 root이고, 권한이 644인 경우 [U-11] : 양호 ####################################################################################### [U-12] /etc/services 파일 소유자 및 권한 설정 ####################################################################################### 결과 : /etc/services 파일의 소유자가 root이고, 권한이 644 이하로 설정되어 있음 -rw-r--r--. 1 root root 670293 2013-06-07 23:31 /etc/services 기준 : /etc/services 파일의 소유자가 root이고, 권한이 644인 경우 [U-12] : 양호 ####################################################################################### [U-13] SUID, SGID, Sticky bit 설정 파일 점검 ####################################################################################### 결과 : 주요 파일의 권한에 SUID와 SGID에 대한 설정이 부여되지 않음 기준 : 주요 파일의 권한에 SUID와 SGID에 대한 설정이 부여되어 있지 않은 경우 [U-13] : 양호 ####################################################################################### [U-14] 사용자, 시스템 시작파일 및 환경파일 소유자 및 권한 설정 ####################################################################################### 결과 : 홈 디렉토리 환경변수 파일 소유자가 root 또는, 해당 계정으로 지정되어 있고, 홈 디렉토리 환경변수 파일에 root와 소유자만 쓰기 권한이 부여되어 있음 -rw-r--r--. 1 wemin wemin 193 2018-04-11 09:53 /home/wemin/.bash_profile -rw-r--r--. 1 wemin wemin 231 2018-04-11 09:53 /home/wemin/.bashrc -rw-------. 1 wemin wemin 492 2020-07-20 23:27 /home/wemin/.bash_history -rw-r--r--. 1 root root 100 2013-12-29 11:26 /root/.cshrc -rw-r--r--. 1 root root 176 2013-12-29 11:26 /root/.bash_profile -rw-r--r--. 1 root root 176 2013-12-29 11:26 /root/.bashrc -rw-------. 1 root root 1108 2020-07-20 23:27 /root/.bash_history 기준 : 홈 디렉토리 환경변수 파일 소유자가 root 또는, 해당 계정으로 지정되어 있고, 홈 디렉토리 환경변수 파일에 root와 소유자만 쓰기 권한이 부여된 경우 [U-14] : 양호 ####################################################################################### [U-15] world writable 파일 점검 ####################################################################################### 결과 : world writable 파일이 존재하고 있음 srw-rw-rw- : postfix : postfix : /var/spool/postfix/public/cleanup srw-rw-rw- : postfix : postfix : /var/spool/postfix/public/flush srw-rw-rw- : postfix : postfix : /var/spool/postfix/public/showq srw-rw-rw- : postfix : postfix : /var/spool/postfix/public/pickup srw-rw-rw- : postfix : postfix : /var/spool/postfix/public/qmgr srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/relay srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/discard srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/trace srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/scache srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/anvil srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/virtual srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/smtp srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/lmtp srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/tlsmgr srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/verify srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/retry srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/local srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/bounce srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/rewrite srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/defer srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/error srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/proxywrite srw-rw-rw- : postfix : postfix : /var/spool/postfix/private/proxymap 기준 : world writable 파일이 존재하지 않거나, 존재 시 설정 이유를 확인하고 있는 경우 [U-15] : 취약 ####################################################################################### [U-16] /dev에 존재하지 않는 device 파일 점검 ####################################################################################### 결과 : device 파일이 존재하지 않음 기준 : dev에 대한 파일 점검 후 존재하지 않은 device 파일을 제거한 경우 [U-16] : 양호 ####################################################################################### [U-17] $HOME/.rhosts, hosts.equiv 사용 금지 ####################################################################################### 결과 : r 서비스를 사용하지 않음 기준 : login, shell, exec 서비스를 사용하지 않거나, 사용 시 아래와 같은 설정이 적용된 경우 1. /etc/hosts.equiv 및 /root/.rhosts 파일 소유자가 root 또는, 해당 계정인 경우 2. /etc/hosts.equiv 및 /root/.rhosts 파일 권한이 600 이하인 경우 3. /etc/hosts.equiv 및 /root/.rhosts 파일 설정에 ‘+’ 설정이 없는 경우 [U-17] : 양호 ####################################################################################### [U-18] 접속 IP 및 포트 제한 ####################################################################################### 결과 : iptables를 통하여 all deny 설정을 사용하고 있음 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 기준 : /etc/hosts.deny 파일에 ALL Deny 설정 후, /etc/hosts.allow 파일에 접근을 허용할 특정 호스트를 등록한 경우 또는 iptables를 이용하여 허가된 IP 외의 통신은 DROP,REJECT 설정이된 경우 [U-18] : 양호 ####################################################################################### [U-55] hosts.lpd 파일 소유자 및 권한 설정 ####################################################################################### 결과 : /etc/hosts.lpd 파일이 존재하지 않음 기준 : 파일의 소유자가 root이고 Other에 쓰기 권한이 부여되어 있지 않는 경우 [U-55] : 양호 ####################################################################################### [U-56] NIS 서비스 비활성화 ####################################################################################### 결과 : 불필요한 NIS 서비스가 비활성화 되어있음 기준 : 불필요한 NIS 서비스가 비활성화 되어있는 경우 [U-56] : 양호 ####################################################################################### [U-57] UMASK 설정 관리 ####################################################################################### 결과 : UMASK 값이 022 이상으로 설정되어 있음 /etc/profile =============================== umask 022 umask 022 기준 : UMASK 값이 022 이상으로 설정된 경우 [U-57] : 양호 ####################################################################################### [U-58] 홈디렉토리 소유자 및 권한 설정 ####################################################################################### 결과 : 홈디렉토리 소유자가 해당 계정이고, 일반 사용자 쓰기 권한이 제거되어 있음 dr-xr-x---. 3 root root 4096 2020-07-20 23:45 /root drwx------. 3 wemin wemin 4096 2020-07-20 23:49 /home/wemin 기준 : 홈디렉토리 소유자가 해당 계정이고, 일반 사용자 쓰기 권한이 제거된 경우 [U-58] : 양호 ####################################################################################### [U-59] 홈디렉토리로 지정한 디렉토리의 존재 관리 ####################################################################################### 결과 : 홈디렉토리가 존재하지 않는 계정이 발견되지 않음 root = /root wemin = /home/wemin 기준 : 홈디렉토리가 존재하지 않는 계정이 발견되지 않는 경우 [U-59] : 양호 ####################################################################################### [U-60] 숨겨진 파일 및 디렉토리 검색 및 제거 ####################################################################################### 결과 : 인터뷰 /tmp/.XIM-unix /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix /tmp/.Test-unix /etc/.pwd.lock /etc/skel/.bash_logout /etc/skel/.bashrc /etc/skel/.bash_profile /etc/selinux/targeted/.policy.sha512 /etc/.updated /.readahead /var/lib/rpm/.rpm.lock /var/lib/rpm/.dbenv.lock /var/.updated /home/wemin/.bash_logout /home/wemin/.bashrc /home/wemin/.bash_profile /home/wemin/.bash_history /root/.cshrc /root/.bash_logout /root/.bashrc /root/.bash_profile /root/.bash_history /root/.tcshrc /usr/lib/i386-linux-gnu/firmware-system-j05-2019.04.04-1.1/.setup /usr/lib/i386-linux-gnu/firmware-system-j05-2019.04.04-1.1/.cpq_package.inc /usr/lib/i386-linux-gnu/firmware-ilo4-2.73-1.1/.setup /usr/lib/i386-linux-gnu/firmware-ilo4-2.73-1.1/.cpq_package.inc /usr/lib/debug/usr/.dwz /usr/share/kde4/apps/kdm/themes/CentOS7/.colorlsCZ1 /usr/share/man/man5/.k5identity.5.gz /usr/share/man/man5/.k5login.5.gz /usr/share/man/man1/..1.gz /usr/lib64/.libssl.so.10.hmac /usr/lib64/.libssl.so.1.0.2k.hmac /usr/lib64/.libcrypto.so.6.hmac /usr/lib64/.libssl.so.6.hmac /usr/lib64/.libcrypto.so.0.9.8e.hmac /usr/lib64/.libssl.so.0.9.8e.hmac /usr/lib64/.libgcrypt.so.11.hmac /usr/lib64/.libcrypto.so.10.hmac /usr/lib64/.libcrypto.so.1.0.2k.hmac 기준 : 디렉토리 내 숨겨진 파일을 확인하여, 불필요한 파일 삭제를 완료한 경우 Tip : 의심스런 숨겨진 파일 및 디렉토리가 없을시 양호 [U-60] : 수동 ####################################################################################### ####################################################################################### ############################# 서비스관리 ############################ ####################################################################################### ####################################################################################### ####################################################################################### [U-19] Finger 서비스 비활성화 ####################################################################################### 결과 : finger 서비스가 설치되지 않음 기준 : Finger 서비스가 비활성화 되어 있는 경우 [U-19] : 양호 ####################################################################################### [U-20] Anonymous FTP 비활성화 ####################################################################################### 결과 : FTP 서비스가 비활성화 되어 있음 기준 : Anonymous FTP (익명 ftp) 접속을 차단한 경우 [U-20] : 양호 ####################################################################################### [U-21] r 계열 서비스 비활성화 ####################################################################################### 결과 : r 계열 서비스가 비활성화 되어 있음 /etc/xinetd.d에 파일이 존재하지 않음 /etc/inetd.conf 파일이 존재하지 않음 기준 : r 계열 서비스가 비활성화 되어 있는 경우 [U-21] : 양호 ####################################################################################### [U-22] cron 파일 소유자 및 권한 설정 ####################################################################################### 결과 : cron 접근제어 파일 소유자가 root가 아니거나, 권한이 640 이하로 설정되지 않음 /etc/cron.allow 파일이 없음 -rw-------. 1 root root 0 2018-04-11 10:48 /etc/cron.deny 기준 : cron 접근제어 파일 소유자가 root이고, 권한이 640 이하인 경우 [U-22] : 취약 ####################################################################################### [U-23] DoS 공격에 취약한 서비스 비활성화 ####################################################################################### 결과 : Dos 공격에 취약한 echo, discard, daytime, chargen 서비스가 비활성화 되어 있음 Dos 공격에 취약한 echo, discard, daytime, chargen 서비스가 존재하지 않음 기준 : Dos 공격에 취약한 echo, discard, daytime, chargen 서비스가 비활성화 된 경우 [U-23] : 양호 ####################################################################################### [U-24] NFS 서비스 비활성화 ####################################################################################### 결과 : NFS 서비스 관련 데몬이 비활성화 되어 있음 기준 : NFS 서비스 관련 데몬이 비활성화 되어 있는 경우 [U-24] : 양호 ####################################################################################### [U-25] NFS 접근 통제 ####################################################################################### 결과 : NFS 서비스 관련 데몬이 비활성화 되어 있음 기준 : NFS 서비스를 사용하지 않거나, 사용 시 everyone 공유를 제한한 경우 [U-25] : 양호 ####################################################################################### [U-26] automountd 제거 ####################################################################################### 결과 : automountd 서비스가 비활성화 되어 있음 기준 : automountd 서비스가 비활성화 되어 있는 경우 [U-26] : 양호 ####################################################################################### [U-27] RPC 서비스 확인 ####################################################################################### 결과 : 불필요한 RPC 서비스가 비활성화 되어 있음 /etc/xinetd.d 디렉토리에 불필요한 서비스가 없습니다. /etc/inetd.conf 파일이 존재하지 않습니다. 기준 : 불필요한 RPC 서비스가 비활성화 되어 있는 경우 [U-27] : 양호 ####################################################################################### [U-28] NIS, NIS+ 점검 ####################################################################################### 결과 : NIS 서비스가 비활성화 되어 있음 기준 : NIS 서비스가 비활성화 되어 있거나, 필요 시 NIS+를 사용하는 경우 [U-28] : 양호 ####################################################################################### [U-29] tftp, talk 서비스 비활성화 ####################################################################################### 결과 : tftp, talk, ntalk 서비스가 비활성화 되어 있음 /etc/xinetd.d 디렉토리에 불필요한 서비스가 없습니다. /etc/inetd.conf 파일이 존재하지 않습니다. 기준 : tftp, talk, ntalk 서비스가 비활성화 되어 있는 경우 [U-29] : 양호 ####################################################################################### [U-30] Sendmail 버전 점검 ####################################################################################### 결과 : Sendmail 서비스가 비활성화 되어 있음 기준 : Sendmail 버전이 8.13.8 이상인 경우 [U-30] : 양호 ####################################################################################### [U-31] 스팸 메일 릴레이 제한 ####################################################################################### 결과 : SMTP 서비스가 비활성화 되어 있음 기준 : SMTP 서비스를 사용하지 않거나 릴레이 제한이 설정되어 있는 경우 [U-31] : 양호 ####################################################################################### [U-32] 일반사용자의 Sendmail 실행 방지 ####################################################################################### 결과 : SMTP 서비스가 비활성화 되어 있음 기준 : SMTP 서비스 미사용 또는, 일반 사용자의 Sendmail 실행 방지가 설정된 경우 [U-32] : 양호 ####################################################################################### [U-33] DNS 보안 버전 패치 ####################################################################################### 결과 : DNS 서비스를 사용하지 않음 기준 : DNS 서비스를 사용하지 않거나 주기적으로 패치를 관리하고 있는 경우 [U-33] : 양호 ####################################################################################### [U-34] DNS Zone Transfer 설정 ####################################################################################### 결과 : DNS 서비스를 사용하지 않음 기준 : DNS 서비스를 사용하지 않거나 주기적으로 패치를 관리하고 있는 경우 [U-34] : 양호 ####################################################################################### [U-35] Apache 디렉토리 리스팅 제거 ####################################################################################### 결과 : Apache 서비스가 구동중이지 않음 기준 : 디렉토리 검색 기능을 사용하지 않는 경우 [U-35] END [U-35] : 양호 ####################################################################################### [U-36] Apache 웹 프로세스 권한 제한 ####################################################################################### 결과 : Apache 서비스가 구동중이지 않음 기준 : Apache 프로세스가 별도의 WEB/WAS 계정으로 구동되는 경우 [U-36] : 양호 ####################################################################################### [U-37] Apache 상위 디렉토리 접근 금지 ####################################################################################### 결과 : Apache 서비스가 구동중이지 않음 기준 : 상위 디렉토리에 이동제한을 설정한 경우 [U-37] END [U-37] : 양호 ####################################################################################### [U-38] Apache 불필요한 파일 제거 ####################################################################################### 결과 : Apache 서비스가 구동중이지 않음 기준 : 매뉴얼, 샘플 파일 및 디렉토리가 제거되어 있는 경우 [U-38] END [U-38] : 양호 ####################################################################################### [U-39] Apache 링크 사용 금지 ####################################################################################### 결과 : Apache 서비스가 구동중이지 않음 기준 : 심볼릭 링크 사용을 제한한 경우 [U-39] : 양호 ####################################################################################### [U-40] Apache 파일 업로드 및 다운로드 제한 ####################################################################################### 결과 : Apache 서비스가 구동중이지 않음 기준 : 파일 업로드 및 다운로드를 제한한 경우 [U-40] END [U-40] : 양호 ####################################################################################### [U-41] Apache 웹 서비스 영역의 분리 ####################################################################################### 결과 : Apache 서비스가 구동중이지 않음 기준 : 웹 루트 디렉토리를 별도의 디렉토리로 지정한 경우 [U-41] END [U-41] : 양호 ####################################################################################### [U-61] ssh 원격접속 허용 ####################################################################################### 결과 : 원격 접속 시 SSH 프로토콜을 사용하고 있음 root 20915 1 0 20:27 ? 00:00:00 sshd: root@pts/0 root 21120 1 0 22:51 ? 00:00:00 /usr/sbin/sshd -D root 21253 21120 0 23:06 ? 00:00:00 sshd: wemin [priv] wemin 21257 21253 0 23:06 ? 00:00:00 sshd: wemin@notty wemin 21258 21257 0 23:06 ? 00:00:00 /usr/libexec/openssh/sftp-server root 21644 21120 0 23:46 ? 00:00:00 sshd: wemin [priv] wemin 21648 21644 0 23:46 ? 00:00:00 sshd: wemin@notty wemin 21649 21648 0 23:46 ? 00:00:00 /usr/libexec/openssh/sftp-server root 22659 21120 1 23:49 ? 00:00:00 sshd: wemin [priv] wemin 22663 22659 0 23:49 ? 00:00:00 sshd: wemin@notty wemin 22664 22663 0 23:49 ? 00:00:00 /usr/libexec/openssh/sftp-server 기준 : 원격 접속 시 SSH 프로토콜을 사용하는 경우 [U-61] : 양호 ####################################################################################### [U-62] ftp 서비스 확인 ####################################################################################### 결과 : FTP 서비스가 비활성화 되어 있음 기준 : FTP 서비스가 비활성화 되어 있는 경우 [U-62] : 양호 ####################################################################################### [U-63] ftp 계정 shell 제한 ####################################################################################### 결과 : FTP 서비스가 비활성화 되어 있음 기준 : FTP 계정에 /bin/false 쉘이 부여되어 있는 경우 [U-63] : 양호 ####################################################################################### [U-64] Ftpusers 파일 소유자 및 권한 설정 ####################################################################################### 결과 : FTP 서비스가 비활성화 되어 있음 기준 : ftpusers 파일의 소유자가 root이고, 권한이 640 이하인 경우 [U-64] : 양호 ####################################################################################### [U-65] Ftpusers 파일 설정 ####################################################################################### 결과 : FTP 서비스가 비활성화 되어 있음 기준 : FTP 서비스가 비활성화 되어 있거나, 활성화 시 root 계정 접속을 차단한 경우 [U-65] : 양호 ####################################################################################### [U-66] at 파일 소유자 및 권한 설정 ####################################################################################### 결과 : at 접근제어 파일 소유자가 root이고, 권한이 640 이하로 설정되어 있음 -rw-r-----. 1 root root 5 2020-07-20 22:46 /etc/at.allow -rw-r-----. 1 root root 0 2020-07-20 22:46 /etc/at.deny 기준 : at 접근제어 파일 소유자가 root이고, 권한이 640 이하인 경우 [U-66] : 양호 ####################################################################################### [U-67] SNMP 서비스 구동 점검 ####################################################################################### 결과 : SNMP 서비스를 사용하지 않음 기준 : SNMP 서비스를 사용하지 않는 경우 [U-67] : 양호 ####################################################################################### [U-68] SNMP 서비스 커뮤니티스트링의 복잡성 설정 ####################################################################################### 결과 : SNMP 서비스를 사용하지 않음 기준 : SNMP Community 이름이 public, private 이 아닌 경우 [U-68] : 양호 ####################################################################################### [U-69] 로그온 시 경고 메시지 제공 ####################################################################################### 결과 : 수동 로그인 배너 =============================== Telnet 서비스를 사용하지 않음 FTP 배너 =============================== FTP설정 파일이 존재하지 않습니다. 다른 경로를 점검해야 합니다. SMTP 서비스를 사용하지 않음 DNS 서비스를 사용하지 않음 기준 : 서비스에 로그온 메시지가 설정되어 있는 경우 [U-69] : 수동 ####################################################################################### [U-70] NFS 설정파일 접근 제한 ####################################################################################### 결과 : NFS 서비스 관련 데몬이 비활성화 되어 있음 기준 : NFS 접근제어 설정파일의 소유자가 root 이고, 권한이 644 이하인 경우 [U-70] : 양호 ####################################################################################### [U-71] expn, vrfy 명령어 제한 ####################################################################################### 결과 : SMTP 서비스가 비활성화 되어 있음 기준 : SMTP 서비스 미사용 또는, noexpn, novrfy 옵션이 설정되어 있는 경우 [U-71] : 양호 ####################################################################################### [U-72] Apache 웹 서비스 정보 숨김 ####################################################################################### 결과 : Apache 서비스가 구동중이지 않음 기준 : 서버 정보가 노출되지 않게 설정되어 있는 경우 [U-72] : 양호 ####################################################################################### ####################################################################################### ############################## 패치관리 ############################# ####################################################################################### ####################################################################################### ####################################################################################### [U-42] 최신 보안패치 및 벤더 권고사항 적용 ####################################################################################### 결과 : 인터뷰 Linux overtime 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux GeoIP-1.5.0-11.el7.x86_64 NetworkManager-1.10.2-13.el7.x86_64 NetworkManager-libnm-1.10.2-13.el7.x86_64 NetworkManager-team-1.10.2-13.el7.x86_64 NetworkManager-tui-1.10.2-13.el7.x86_64 acl-2.2.51-14.el7.x86_64 aic94xx-firmware-30-6.el7.noarch alsa-firmware-1.0.28-2.el7.noarch alsa-lib-1.1.4.1-2.el7.x86_64 alsa-tools-firmware-1.1.0-1.el7.x86_64 audit-2.8.1-3.el7.x86_64 audit-libs-2.8.1-3.el7.x86_64 authconfig-6.2.8-30.el7.x86_64 basesystem-10.0-7.el7.centos.noarch bash-4.2.46-30.el7.x86_64 bind-libs-lite-9.9.4-61.el7.x86_64 bind-license-9.9.4-61.el7.noarch binutils-2.27-27.base.el7.x86_64 biosdevname-0.7.3-1.el7.x86_64 btrfs-progs-4.9.1-1.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 ca-certificates-2017.2.20-71.el7.noarch centos-logos-70.0.6-3.el7.centos.noarch centos-release-7-5.1804.el7.centos.x86_64 chkconfig-1.7.4-1.el7.x86_64 chrony-3.2-2.el7.x86_64 compat-db-headers-4.7.25-28.el7.noarch compat-db47-4.7.25-28.el7.x86_64 compat-glibc-2.12-4.el7.centos.x86_64 compat-glibc-headers-2.12-4.el7.centos.x86_64 compat-libcap1-1.10-7.el7.x86_64 compat-libf2c-34-3.4.6-32.el7.x86_64 compat-libgfortran-41-4.1.2-44.el7.x86_64 compat-libtiff3-3.9.4-11.el7.x86_64 compat-openldap-2.3.43-5.el7.x86_64 copy-jdk-configs-3.3-2.el7.noarch coreutils-8.22-21.el7.x86_64 cpio-2.11-27.el7.x86_64 cracklib-2.9.0-11.el7.x86_64 cracklib-dicts-2.9.0-11.el7.x86_64 cronie-1.4.11-19.el7.x86_64 cronie-anacron-1.4.11-19.el7.x86_64 crontabs-1.11-6.20121102git.el7.noarch cryptsetup-libs-1.7.4-4.el7.x86_64 curl-7.29.0-46.el7.x86_64 cyrus-sasl-lib-2.1.26-23.el7.x86_64 dbus-1.10.24-7.el7.x86_64 dbus-glib-0.100-7.el7.x86_64 dbus-libs-1.10.24-7.el7.x86_64 dbus-python-1.1.1-9.el7.x86_64 device-mapper-1.02.146-4.el7.x86_64 device-mapper-event-1.02.146-4.el7.x86_64 device-mapper-event-libs-1.02.146-4.el7.x86_64 device-mapper-libs-1.02.146-4.el7.x86_64 device-mapper-persistent-data-0.7.3-3.el7.x86_64 dhclient-4.2.5-68.el7.centos.x86_64 dhcp-common-4.2.5-68.el7.centos.x86_64 dhcp-libs-4.2.5-68.el7.centos.x86_64 diffutils-3.3-4.el7.x86_64 dmidecode-3.0-5.el7.x86_64 dracut-033-535.el7.x86_64 dracut-config-rescue-033-535.el7.x86_64 dracut-network-033-535.el7.x86_64 e2fsprogs-1.42.9-11.el7.x86_64 e2fsprogs-libs-1.42.9-11.el7.x86_64 ebtables-2.0.10-16.el7.x86_64 elfutils-default-yama-scope-0.170-4.el7.noarch elfutils-libelf-0.170-4.el7.x86_64 elfutils-libs-0.170-4.el7.x86_64 ethtool-4.8-7.el7.x86_64 expat-2.1.0-10.el7_3.x86_64 file-5.11-33.el7.x86_64 file-libs-5.11-33.el7.x86_64 filesystem-3.2-25.el7.x86_64 findutils-4.5.11-5.el7.x86_64 fipscheck-1.4.1-6.el7.x86_64 fipscheck-lib-1.4.1-6.el7.x86_64 firewalld-0.4.4.4-14.el7.noarch firewalld-filesystem-0.4.4.4-14.el7.noarch firmware-ilo4-2.73-1.1.i386 firmware-system-j05-2019.04.04-1.1.i386 fontconfig-2.10.95-11.el7.x86_64 fontpackages-filesystem-1.44-8.el7.noarch freetype-2.4.11-15.el7.x86_64 fxload-2002_04_11-16.el7.x86_64 gawk-4.0.2-4.el7_3.1.x86_64 gdbm-1.10-8.el7.x86_64 gettext-0.19.8.1-2.el7.x86_64 gettext-libs-0.19.8.1-2.el7.x86_64 giflib-4.1.6-9.el7.x86_64 glib2-2.54.2-2.el7.x86_64 glibc-2.17-222.el7.x86_64 glibc-common-2.17-222.el7.x86_64 gmp-6.0.0-15.el7.x86_64 gnupg2-2.0.22-4.el7.x86_64 gobject-introspection-1.50.0-1.el7.x86_64 gpgme-1.3.2-5.el7.x86_64 grep-2.20-3.el7.x86_64 groff-base-1.22.2-8.el7.x86_64 grub2-2.02-0.65.el7.centos.2.x86_64 grub2-common-2.02-0.65.el7.centos.2.noarch grub2-pc-2.02-0.65.el7.centos.2.x86_64 grub2-pc-modules-2.02-0.65.el7.centos.2.noarch grub2-tools-2.02-0.65.el7.centos.2.x86_64 grub2-tools-extra-2.02-0.65.el7.centos.2.x86_64 grub2-tools-minimal-2.02-0.65.el7.centos.2.x86_64 grubby-8.28-23.el7.x86_64 gzip-1.5-10.el7.x86_64 hardlink-1.0-19.el7.x86_64 hostname-3.13-3.el7.x86_64 hwdata-0.252-8.8.el7.x86_64 info-5.1-5.el7.x86_64 initscripts-9.49.41-1.el7.x86_64 iproute-4.11.0-14.el7.x86_64 iprutils-2.4.15.1-1.el7.x86_64 ipset-6.29-1.el7.x86_64 ipset-libs-6.29-1.el7.x86_64 iptables-1.4.21-24.el7.x86_64 iptables-services-1.4.21-24.el7.x86_64 iputils-20160308-10.el7.x86_64 irqbalance-1.0.7-11.el7.x86_64 ivtv-firmware-20080701-26.el7.noarch iwl100-firmware-39.31.5.1-62.el7.noarch iwl1000-firmware-39.31.5.1-62.el7.noarch iwl105-firmware-18.168.6.1-62.el7.noarch iwl135-firmware-18.168.6.1-62.el7.noarch iwl2000-firmware-18.168.6.1-62.el7.noarch iwl2030-firmware-18.168.6.1-62.el7.noarch iwl3160-firmware-22.0.7.0-62.el7.noarch iwl3945-firmware-15.32.2.9-62.el7.noarch iwl4965-firmware-228.61.2.24-62.el7.noarch iwl5000-firmware-8.83.5.1_1-62.el7.noarch iwl5150-firmware-8.24.2.2-62.el7.noarch iwl6000-firmware-9.221.4.1-62.el7.noarch iwl6000g2a-firmware-17.168.5.3-62.el7.noarch iwl6000g2b-firmware-17.168.5.2-62.el7.noarch iwl6050-firmware-41.28.5.1-62.el7.noarch iwl7260-firmware-22.0.7.0-62.el7.noarch iwl7265-firmware-22.0.7.0-62.el7.noarch jansson-2.10-1.el7.x86_64 java-1.8.0-openjdk-1.8.0.161-2.b14.el7.x86_64 java-1.8.0-openjdk-devel-1.8.0.161-2.b14.el7.x86_64 java-1.8.0-openjdk-headless-1.8.0.161-2.b14.el7.x86_64 javapackages-tools-3.4.1-11.el7.noarch kbd-1.15.5-13.el7.x86_64 kbd-legacy-1.15.5-13.el7.noarch kbd-misc-1.15.5-13.el7.noarch kernel-3.10.0-862.el7.x86_64 kernel-headers-3.10.0-862.el7.x86_64 kernel-tools-3.10.0-862.el7.x86_64 kernel-tools-libs-3.10.0-862.el7.x86_64 kexec-tools-2.0.15-13.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 kmod-20-21.el7.x86_64 kmod-libs-20-21.el7.x86_64 kpartx-0.4.9-119.el7.x86_64 krb5-libs-1.15.1-18.el7.x86_64 less-458-9.el7.x86_64 libICE-1.0.9-9.el7.x86_64 libSM-1.2.2-2.el7.x86_64 libX11-1.6.5-1.el7.x86_64 libX11-common-1.6.5-1.el7.noarch libXau-1.0.8-2.1.el7.x86_64 libXcomposite-0.4.4-4.1.el7.x86_64 libXext-1.3.3-3.el7.x86_64 libXfont-1.5.2-1.el7.x86_64 libXi-1.7.9-1.el7.x86_64 libXrender-0.9.10-1.el7.x86_64 libXtst-1.2.3-1.el7.x86_64 libacl-2.2.51-14.el7.x86_64 libaio-0.3.109-13.el7.x86_64 libassuan-2.1.0-3.el7.x86_64 libattr-2.4.46-13.el7.x86_64 libblkid-2.23.2-52.el7.x86_64 libcap-2.22-9.el7.x86_64 libcap-ng-0.7.5-4.el7.x86_64 libcom_err-1.42.9-11.el7.x86_64 libcroco-0.6.11-1.el7.x86_64 libcurl-7.29.0-46.el7.x86_64 libdaemon-0.14-7.el7.x86_64 libdb-5.3.21-24.el7.x86_64 libdb-utils-5.3.21-24.el7.x86_64 libdrm-2.4.83-2.el7.x86_64 libedit-3.0-12.20121213cvs.el7.x86_64 libestr-0.1.9-2.el7.x86_64 libfastjson-0.99.4-2.el7.x86_64 libffi-3.0.13-18.el7.x86_64 libfontenc-1.1.3-3.el7.x86_64 libgcc-4.8.5-28.el7.x86_64 libgcrypt-1.5.3-14.el7.x86_64 libgomp-4.8.5-28.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libidn-1.28-4.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libmnl-1.0.3-7.el7.x86_64 libmount-2.23.2-52.el7.x86_64 libndp-1.2-7.el7.x86_64 libnetfilter_conntrack-1.0.6-1.el7_3.x86_64 libnfnetlink-1.0.1-4.el7.x86_64 libnl3-3.2.28-4.el7.x86_64 libnl3-cli-3.2.28-4.el7.x86_64 libpciaccess-0.14-1.el7.x86_64 libpipeline-1.2.3-3.el7.x86_64 libpng-1.5.13-7.el7_2.x86_64 libpng12-1.2.50-10.el7.x86_64 libpwquality-1.2.3-5.el7.x86_64 libseccomp-2.3.1-3.el7.x86_64 libselinux-2.5-12.el7.x86_64 libselinux-python-2.5-12.el7.x86_64 libselinux-utils-2.5-12.el7.x86_64 libsemanage-2.5-11.el7.x86_64 libsepol-2.5-8.1.el7.x86_64 libss-1.42.9-11.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 libstdc++-4.8.5-28.el7.x86_64 libsysfs-2.1.0-16.el7.x86_64 libtasn1-4.10-1.el7.x86_64 libteam-1.27-4.el7.x86_64 libunistring-0.9.3-9.el7.x86_64 libuser-0.60-9.el7.x86_64 libutempter-1.1.6-4.el7.x86_64 libuuid-2.23.2-52.el7.x86_64 libverto-0.2.5-4.el7.x86_64 libxcb-1.12-1.el7.x86_64 libxml2-2.9.1-6.el7_2.3.x86_64 libxslt-1.1.28-5.el7.x86_64 linux-firmware-20180220-62.git6d51311.el7.noarch lksctp-tools-1.0.17-2.el7.x86_64 logrotate-3.8.6-15.el7.x86_64 lshw-B.02.18-12.el7.x86_64 lsscsi-0.27-6.el7.x86_64 lua-5.1.4-15.el7.x86_64 lvm2-2.02.177-4.el7.x86_64 lvm2-libs-2.02.177-4.el7.x86_64 lz4-1.7.5-2.el7.x86_64 lzo-2.06-8.el7.x86_64 make-3.82-23.el7.x86_64 man-db-2.6.3-9.el7.x86_64 mariadb-libs-5.5.56-2.el7.x86_64 microcode_ctl-2.1-29.el7.x86_64 mozjs17-17.0.0-20.el7.x86_64 ncurses-5.9-14.20130511.el7_4.x86_64 ncurses-base-5.9-14.20130511.el7_4.noarch ncurses-libs-5.9-14.20130511.el7_4.x86_64 net-tools-2.0-0.22.20131004git.el7.x86_64 newt-0.52.15-4.el7.x86_64 newt-python-0.52.15-4.el7.x86_64 nspr-4.17.0-1.el7.x86_64 nss-3.34.0-4.el7.x86_64 nss-pem-1.0.3-4.el7.x86_64 nss-softokn-3.34.0-2.el7.x86_64 nss-softokn-freebl-3.34.0-2.el7.x86_64 nss-sysinit-3.34.0-4.el7.x86_64 nss-tools-3.34.0-4.el7.x86_64 nss-util-3.34.0-2.el7.x86_64 numactl-libs-2.0.9-7.el7.x86_64 openldap-2.4.44-13.el7.x86_64 openssh-7.4p1-16.el7.x86_64 openssh-clients-7.4p1-16.el7.x86_64 openssh-server-7.4p1-16.el7.x86_64 openssl-1.0.2k-12.el7.x86_64 openssl-libs-1.0.2k-12.el7.x86_64 openssl098e-0.9.8e-29.el7.centos.3.x86_64 os-prober-1.58-9.el7.x86_64 p11-kit-0.23.5-3.el7.x86_64 p11-kit-trust-0.23.5-3.el7.x86_64 pam-1.1.8-22.el7.x86_64 parted-3.1-29.el7.x86_64 passwd-0.79-4.el7.x86_64 pciutils-libs-3.5.1-3.el7.x86_64 pcre-8.32-17.el7.x86_64 pinentry-0.8.1-17.el7.x86_64 pkgconfig-0.27.1-4.el7.x86_64 plymouth-0.8.9-0.31.20140113.el7.centos.x86_64 plymouth-core-libs-0.8.9-0.31.20140113.el7.centos.x86_64 plymouth-scripts-0.8.9-0.31.20140113.el7.centos.x86_64 policycoreutils-2.5-22.el7.x86_64 polkit-0.112-14.el7.x86_64 polkit-pkla-compat-0.1-4.el7.x86_64 popt-1.13-16.el7.x86_64 postfix-2.10.1-6.el7.x86_64 procps-ng-3.3.10-17.el7.x86_64 pth-2.0.7-23.el7.x86_64 pygpgme-0.3-9.el7.x86_64 pyliblzma-0.5.3-11.el7.x86_64 python-2.7.5-68.el7.x86_64 python-configobj-4.7.2-7.el7.noarch python-decorator-3.4.0-3.el7.noarch python-firewall-0.4.4.4-14.el7.noarch python-gobject-base-3.22.0-1.el7_4.1.x86_64 python-iniparse-0.4-9.el7.noarch python-javapackages-3.4.1-11.el7.noarch python-libs-2.7.5-68.el7.x86_64 python-linux-procfs-0.4.9-3.el7.noarch python-lxml-3.2.1-4.el7.x86_64 python-perf-3.10.0-862.el7.x86_64 python-pycurl-7.19.0-19.el7.x86_64 python-pyudev-0.15-9.el7.noarch python-schedutils-0.4-6.el7.x86_64 python-slip-0.4.0-4.el7.noarch python-slip-dbus-0.4.0-4.el7.noarch python-urlgrabber-3.10-8.el7.noarch pyxattr-0.5.1-5.el7.x86_64 qrencode-libs-3.4.1-3.el7.x86_64 readline-6.2-10.el7.x86_64 rootfiles-8.1-11.el7.noarch rpm-4.11.3-32.el7.x86_64 rpm-build-libs-4.11.3-32.el7.x86_64 rpm-libs-4.11.3-32.el7.x86_64 rpm-python-4.11.3-32.el7.x86_64 rsyslog-8.24.0-16.el7.x86_64 sed-4.2.2-5.el7.x86_64 selinux-policy-3.13.1-192.el7.noarch selinux-policy-targeted-3.13.1-192.el7.noarch setup-2.8.71-9.el7.noarch sg3_utils-1.37-12.el7.x86_64 sg3_utils-libs-1.37-12.el7.x86_64 shadow-utils-4.1.5.1-24.el7.x86_64 shared-mime-info-1.8-4.el7.x86_64 slang-2.2.4-11.el7.x86_64 snappy-1.1.0-3.el7.x86_64 sqlite-3.7.17-8.el7.x86_64 stix-fonts-1.1.0-5.el7.noarch sudo-1.8.19p2-13.el7.x86_64 systemd-219-57.el7.x86_64 systemd-libs-219-57.el7.x86_64 systemd-sysv-219-57.el7.x86_64 sysvinit-tools-2.88-14.dsf.el7.x86_64 tar-1.26-34.el7.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 teamd-1.27-4.el7.x86_64 traceroute-2.0.22-2.el7.x86_64 ttmkfdir-3.0.9-42.el7.x86_64 tuned-2.9.0-1.el7.noarch tzdata-2018c-1.el7.noarch tzdata-java-2018c-1.el7.noarch ustr-1.0.4-16.el7.x86_64 util-linux-2.23.2-52.el7.x86_64 vim-minimal-7.4.160-4.el7.x86_64 virt-what-1.18-4.el7.x86_64 which-2.20-7.el7.x86_64 wpa_supplicant-2.6-9.el7.x86_64 xfsprogs-4.5.0-15.el7.x86_64 xorg-x11-font-utils-7.5-20.el7.x86_64 xorg-x11-fonts-Type1-7.5-9.el7.noarch xz-5.2.2-1.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 yum-3.4.3-158.el7.centos.noarch yum-metadata-parser-1.1.4-10.el7.x86_64 yum-plugin-fastestmirror-1.1.31-45.el7.noarch zlib-1.2.7-17.el7.x86_64 기준 : 패치 적용 정책을 수립하여 주기적으로 패치를 관리하고 있는 경우 [U-42] : 수동 ####################################################################################### [U-43] 로그의 정기적 검토 및 보고 ####################################################################################### 결과 : 인터뷰 total 300 drwxr-xr-x. 7 root root 4096 2020-07-20 20:05 . drwxr-xr-x. 20 root root 4096 2020-07-20 23:16 .. drwxr-xr-x. 2 root root 4096 2020-07-20 19:49 anaconda drwx------. 2 root root 4096 2020-07-20 19:54 audit -rw-------. 1 root root 10184 2020-07-20 20:27 boot.log -rw-------. 1 root utmp 5376 2020-07-20 23:06 btmp drwxr-xr-x. 2 chrony chrony 4096 2018-04-13 02:37 chrony -rw-------. 1 root root 2076 2020-07-20 22:01 cron -rw-r--r--. 1 root root 62649 2020-07-20 19:54 dmesg -rw-r--r--. 1 root root 0 2020-07-20 19:54 firewalld -rw-r--r--. 1 root root 193 2020-07-20 19:46 grubby_prune_debug -rw-r--r--. 1 root root 292292 2020-07-20 23:42 lastlog -rw-------. 1 root root 196 2020-07-20 19:54 maillog -rw-------. 1 root root 133618 2020-07-20 22:47 messages drwxr-xr-x. 2 root root 4096 2020-07-20 19:49 rhsm -rw-------. 1 root root 10753 2020-07-20 22:49 secure -rw-------. 1 root root 0 2020-07-20 19:47 spooler -rw-------. 1 root root 64 2020-07-20 23:08 tallylog drwxr-xr-x. 2 root root 4096 2020-07-20 19:54 tuned -rw-rw-r--. 1 root utmp 6912 2020-07-20 23:44 wtmp -rw-------. 1 root root 2062 2020-07-20 23:11 yum.log 기준 : 로그 기록의 검토, 분석, 리포트 작성 및 보고 등이 정기적으로 이루어지는 경우 [U-43] : 수동 ####################################################################################### [U-73] 정책에 따른 시스템 로깅 설정 ####################################################################################### 결과 : 로그 기록 정책이 정책에 따라 설정되어 수립되어 있음 /var/lib/rsyslog RSYSLOG_TraditionalFileFormat /etc/rsyslog.d/*.conf on imjournal.state kern.* /var/log/kern.log *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg * uucp,news.crit /var/log/spooler local7.* /var/log/boot.log *.alert /dev/console 기준 : 로그 기록 정책이 정책에 따라 설정되어 수립되어 있는 경우 [U-73] : 양호 ####################################################################################### [DB-1] 디폴트 ID 및 패스워드 변경 및 잠금 ####################################################################################### 결과 : DBMS가 설치되지 않음 기준 : 디폴트 ID에 패스워드를 설정하거나 잠금설정이 되어있는 경우 [DB-1] : 양호 ####################################################################################### [DB-2] 불필요한 계정 삭제 및 잠금 ####################################################################################### 결과 : DBMS가 설치되지 않음 기준 : 불필요한 계정이 존재하지 않거나 잠금설정이 되어있는 경우 [DB-2] : 양호 ####################################################################################### [DB-3] 원격에서 DB 서버로의 접속 제한 ####################################################################################### 결과 : DBMS가 설치되지 않음 기준 : 원격에서 DB접근 제한이 되어있는 경우 [DB-3] : 양호