ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > The Need for Auditing Linux Operating Systems: A Practical Approach

The Need for Auditing Linux Operating Systems:  A Practical Approach

Muhammad Mushfiqur Rahman, CISA, CEH, CHFI, CCNA, ISO 27001 LA, ITIL V3, MCITP, MCP, MCSE, MCTS, OCP, SCSA
| Published: 7/27/2015 3:06 PM | Permalink | Email this Post | Comments (1)
It is important for an auditor to ascertain the audit objective, business goal and criticality of the system for the organization at the beginning of an audit.
An information system is an assimilated set of business components used for collecting, storing and processing data, and for delivering business information, knowledge and digital products. It is important that business firms and other organizations rely on information systems to carry out and manage their operations, interact with their customers and suppliers, and compete in the marketplace.
To perform these tasks, it is important for information assurance and audit professionals to perform the system audit discussed here with respect to Linux system auditing.
There are different operating systems (OS) used in IT infrastructures. These are quickly changing with regard to their technological capabilities. The OS is the crucial part of IT infrastructure implementation, management and operations. Advanced technology provides a wide range of flexibility when using different OSs, but it also increases the likelihood of attacks. These OS advances also drive massive and rapid increases in the number of people with access to them. The speed of these changes has no precedent in human history, and the power of these technologies has transformed the work environment and our personal lives and brought with it many positive contributions.
It is important for an auditor to know about the different operating systems and changes of the systems, otherwise a set of undetected vulnerabilities may cause a distortion of the company image, reputation and business goals. Technology is never perfect; by design, hardware vulnerabilities and software errors can be impossible to totally avoid.
In my recent Journal article, I discuss the Linux operating system and auditing steps of it, which can help ensure the penetration of the Linux operating complies with the organization’s security policy. The users or Linux operating administrators who use sophisticated services technologies have limited knowledge or awareness of security issues and what their roles are in managing them. In this article, I identify the security issues to be aware of and hope to initiate a discussion with peers around the globe.
Read Muhammad Mushfiqur Rahman's recent Journal article:
Auditing Linux/Unix Server Operating Systems,” ISACA Journal, volume 4, 2015.


Helpful Hint

As an auditor, I was not familiar with Linux and could not find material worth looking at. The best thing I found was to get to know the Linux administrators and have them provide an overview. Most of them have their own lab environments on premise or at home that they are happy to brag about.
GregZimmerman at 7/30/2015 7:02 PM