Become a Linux Auditor: What to know?

Now open source software and platforms are very common, the need for knowledge in this area is increasing. Becoming a technical auditor with specialized knowledge about Linux, might be a clever move.

Technical

When specializing in Linux, the auditing area is already more technically oriented, instead of the processes. A true Linux auditor knows more than the basics of Linux. In-depth knowledge is required, like what file systems are common, how permissions are arranged, popular applications are common (at the presentation layer, middleware, backend).

Applications

Since most applications are used over and over, focusing on those is very helpful. Think about Apache, MySQL, PHP (LAMP stack), but also emerging alternatives. For example Nginx is a nice example of software taking its share in the area of web servers.

Users and Permissions

For each system where users can log in and auditor should be able to know who they are and what they can do. Not personally of course, but regarding identity and access management (IAM)

Network processes

To determine additional risks, focusing on network communications is useful. Starting with all daemons listening on a network interface and zooming in on server configurations. Additionally having knowledge and experience with iptables (or alternatives) is of value for one being a real Linux auditor.

Certifications

The CISA (Certified Information Systems Auditor) certification from ISACA is the one you definitely should have. It provides the basics and more of the auditing profession. Additionally technical certifications will be useful, like the ones from LPI (LPIC-1, LPIC-2 and LPIC-3). Also Comptia (Linux+) is an alternative, but more generic. For specialization in Red Hat, one might even become RHCE to truly understand how Linux systems, with Red Hat in particular, are working.

Tools

Knowing your tools is usually the key of making your life easier. Why do everything manually when specialized tools can do the trick? Use port scanners like nmap to scan the network, IDS set-ups like Snort to monitor for suspicious traffic. What about the auditing tool for a Linux auditor? Of course, our tool Lynis to help you performing an in-depth scan of Linux security.

Many pentesting distributions will be of help for seasoned Linux professionals, by combining all powerful tools into one system. No need for manual installation, as many tools are already installed and grouped per category.

Happy auditing!

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution.

Mastodon icon