Our methodology to pentest Unix/Linux systems

Security audits of UNIX and Linux systems are divided into two distinct approaches, each with a specific objective:

  1. The privilege escalation search aims to put yourself in the shoes of an attacker who has already compromised part of the system and now seeks to gain full control. The initial area is limited and the attacker will target the most profitable compromission vectors.
  2. The configuration audit aims to analyze the entire system. The goal is to target configuration mistakes and provide concrete recommendations to strengthen system security. The audit carried out complies with the standards issued by the Center for Internet Security.

The audits we offer can be performed on a large number of the most common systems: RedHat, CentOS, Debian, AIX, Solaris, HP-UX.

Privilege escalation

  • Searching fos OS exploits
    • Type of distribution
    • Kernel version and architecture
  • User environments
    • Use of the "sudo" utility
    • Sensitive files (history, private keys)
    • Environment variables and aliases
  • Compromise of scheduled tasks
    • Scheduled task file permissions
    • Analysis of scripts and binaries called
  • File system scan
    • "SUID" and "SGID" files
    • Files and folders accessible in writing and reading for all
    • Sensitive scripts and configuration
  • Hacking of applications and services
    • Running process
    • Listening services
    • Service configuration and permissions
    • Version of installed packages
  • Spreading in the network
    • Network architecture discovery
    • Replay of identifiers (passwords, private keys)
    • Port forwarding and data exfiltration

Configuration attack

  • Users and permissions
    • Account file permissions
    • Password cracking
    • Files without owners or groups
    • Accounts without password
  • Authentication and authorization
    • Password policy
    • Robustness of hash algorithms
    • SSH configuration
    • Activation and configuration of Crons
  • File system configuration
    • Secured partitioning
    • File system integrity
    • Securing processes and the "Secure Boot"
    • Mandatory Access Control
  • Configuration of services
    • Limitation of local services
    • Listing dangerous services
  • Network configuration
    • Firewall rules
    • IPv4 network settings
    • IPv6 network settings
  • Logging system
    • Activation of logging tools
    • Logged data policy
    • Export of log files