Quote:
Frequent (daily?)
1. Check all systems backup logs
2. Check all systems logs
3. Check all systems security logs
4. Check all systems mail logs
5. Check all systems disk usage
6. Check for CERT and similar announcements
7. Are all machines up?
8. Check UPS status
9. Check tunnel usage report
10. Check Virus Scan rpts
I'd have #7 moved to #1, hehe, right along with #8 next (battery levels, and such), and while I'm running the script that checks #1, #2, #3, #4, and #5, I'd be reading up on #6, #9, and #10. Automate everything!
Quote:
Less frequent (weekly or monthly?)
1. Verify that backups are restorable
2. Verify file system structure is valid
3. Check for undocumented system changes
4. Sniff networks for intrusion attempts
5. Check error counts on NICs
6. Check NFS errors
7. Audit router configs
8. Check for disused user-ids
9. Portscan
10. Look for weak passwords
11. Look for overly weak access controls
12. Setuid/setgid audit
13. Check available patches/service packs
14. Recall backup tapes
15. Inspect recalled tapes
16. Check for system or tool updates
17. Performance evaluation/audit
18. Printer audit/test
19. Check Conference Room / Speaker Phone operations
20. Verify system times
21. Check tape supply
22. Update documentation of network, machine configs, processess, other.
Just about everything in here, except for physical supplies can be automated into a series of scripts that I'd run every week (if not every day). Security with passwords is limited to your passwd binary and whether or not you want them to pick their own or be assigned automatically that vaguely looks like unpronounceable line-noise. Policy has a lot to do with passwords and such, whereas something arbitrary to users in dealing with setuid/gid progs is more along the lines of internal/external intrusion. Performance audits and such generally come along at the beginning of a box's inception (where they throw 9000000 users on it and expect it to fly). Documentation is superior to everything else. We set up two linux boxes with individual instructions on everything operations ran so they didn't have to remember every little thing.