GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SekCheck evaluation of hp-ux 11.0 system
Operating System - HP-UX
1855282
Members
4876
Online
104109
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Knowledge Base
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Knowledge Base
Forums
Discussions
- Cloud Mentoring and Education
- Software - General
- HPE OneView
- HPE Ezmeral Software platform
- HPE OpsRamp
Knowledge Base
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2002 08:01 PM
06-15-2002 08:01 PM
Would appreciate any comments on the system security evaluation provided by SekCheck from Deloitte and Touche.
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2002 05:57 AM
06-16-2002 05:57 AM
Solution
This is slightly off track, The Deloite & Touche audit that was presented to one of our customers was simply a list of "make sure" & "is xxx process secure" and so forth.
Personally I thought it was inadequate (i.e. left security loopholes) if only because it was written down and was subject to "interpretation". It certainly did not say "users passwords must be automatically changes every 90 days" or "users passwords must not be a dictonary wo0rk or ...". I thought it was simply an ill informed, non-technical effort at a security audit.
However, if there is a script I would imagine/guess it was made up of previously available scvripts such as SATAN and so forth.
Anyway that is my effordt at answering your question. Anyone else...?
Tim
Personally I thought it was inadequate (i.e. left security loopholes) if only because it was written down and was subject to "interpretation". It certainly did not say "users passwords must be automatically changes every 90 days" or "users passwords must not be a dictonary wo0rk or ...". I thought it was simply an ill informed, non-technical effort at a security audit.
However, if there is a script I would imagine/guess it was made up of previously available scvripts such as SATAN and so forth.
Anyway that is my effordt at answering your question. Anyone else...?
Tim
-
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2002 11:21 AM
06-16-2002 11:21 AM
Re: SekCheck evaluation of hp-ux 11.0 system
sekcheck is basically a large script that goes through most Unix systems checking that standard Unix security procedures are being adhered to and as such is a good starting point if you have just inherited a system of "unknown quality".
Deloite Touche are my companies auditors and this check was run on our systems and the output produced is along the lines of "You have 10 users with no passwords set" and then lists the users. For me it was a good starting point for re-checking the systems and got me thinking "well why do we have such and such situation" and therefore re-questioning earlier policies and procedures to see if anything needs updating. Arguably this should be an ongoing process for any sysadmin but for small sites asuch as my own its good to get an outside view and sekcheck or similar products can provide this. In any event I think that sekcheck can be downloaded for free from their website so why not give it a go. I posted the link to the website a couple of weeks ago so just do a search for sekcheck.
Deloite Touche are my companies auditors and this check was run on our systems and the output produced is along the lines of "You have 10 users with no passwords set" and then lists the users. For me it was a good starting point for re-checking the systems and got me thinking "well why do we have such and such situation" and therefore re-questioning earlier policies and procedures to see if anything needs updating. Arguably this should be an ongoing process for any sysadmin but for small sites asuch as my own its good to get an outside view and sekcheck or similar products can provide this. In any event I think that sekcheck can be downloaded for free from their website so why not give it a go. I posted the link to the website a couple of weeks ago so just do a search for sekcheck.
Hats ? We don't need no stinkin' hats !!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2004 12:52 AM
11-24-2004 12:52 AM
Re: SekCheck evaluation of hp-ux 11.0 system
Deloitte is also our auditing company. I would like to run sekcheck so I know what I am in for when the auditors visit.
Anyone know where I can get a copy?
Andy
Anyone know where I can get a copy?
Andy
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2026 Hewlett Packard Enterprise Development LP