Disk
- Adequate free blocks on local filesystems.
- Adequate free inodes on local filesystems.
- No change in the filesystems mount table.
File
- All GIDs in /etc/group are unique.
- All Group Names in /etc/group are unique.
- All files are owned by valid users.
- Every /etc/passwd GID is a valid group.
- Every /etc/passwd home directory is valid.
- Every /etc/passwd shell is an expected value.
- Every user in /etc/group is a valid user.
- There are 4 fields in every record in /etc/group.
- There are 7 fields in every record in /etc/passwd.
- There are no errors in /etc/fstab
- There are no new huge directories.
- There are no new large files.
- There is nothing unusual about the content of a log.
- Verify that certain files do exist.
- Verify that certain files do not exist.
Network
- All defined hosts can be pinged.
- No change in the network port services.
- No change in the network routing tables.
- No user has .rhosts in their home directory.
- No users have .netrc in their home directory.
- Untrusted network services are disabled.
Performance
- System load average is less than threshold.
- All defined URLs are responding.
- All traffic on network devices is nominal.
- MySQL is responding.
- No performance problems with network interface cards.
- No problems with swap space usage.
- The Alert Manager is working.
- The size of the mail queue is nominal.
Process
- All daemons are up.
- All processes are owned by a current user.
- There are no runaway processes.
- There are no stalled processes.
- There are no unwanted processes.
Security
- All defined URLs have not changed.
- No change to secured directories/files.
- No one is using ssh to attack this system.
- Clamscan reports no viruses.
- There are no rootkits installed.
- No sticky bit directory has lost the sticky bit.
- There are no new SUID/SGID files.
- There are no new world writable files.
- There are no patterns of failed logins of concern.
- There are no patterns of failed su attempts of concern.
- There are no rogue device files.
- All NFS exported dirs are configured to be secure.
System
- Mail is being delivered.
- Size of each system log is nominal.
- No recent system reboot.
- RPMs are current.
- System clock is reasonable.
- The hostname has not changed.
- There are no trash files on the system.
User
- Every user has a password.
- All /etc/passwd login names are unique.
- All UIDs in /etc/passwd are unique.
- All mailboxes are owned and permissioned correctly.
- All passwords are shadowed.
- All users have password aging.
- Certain logins are not in /etc/passwd.
- Every user has a unique home directory.
- Root can only log in from console.
- There are no SUID/SGID login shells.
- There are no new users logged in.