操作系統(tǒng)審計(jì)檢查表

然后操作系統(tǒng)審計(jì)檢查表WINDOWSspsp3平安審核被審核部門(mén)審核人員審核日期2013-12-21陪同人員序號(hào)審核工程審核步驟/方法審核結(jié)果補(bǔ)充說(shuō)明改良建議補(bǔ)丁安裝情況1securityupdatesaremissing.113securityupdatesaremissing.4servicepacksorupdaterollupsaremissing.沒(méi)有更新設(shè)置自動(dòng)更新主要帳戶策略審查密碼長(zhǎng)度最少8位，密碼周期最長(zhǎng)為90天0沒(méi)有設(shè)置密碼策略設(shè)置密碼策略，把密碼長(zhǎng)度最小值設(shè)置為8，密碼最長(zhǎng)存儲(chǔ)期設(shè)置為90審核策略對(duì)所有帳戶登錄事件進(jìn)行審核對(duì)所有的帳戶管理事件進(jìn)行審核對(duì)所有登錄事件進(jìn)行審核審核失敗訪問(wèn)的組件對(duì)策略更改事件進(jìn)行審核審核失敗的特權(quán)事件審核所有系統(tǒng)事件未審查沒(méi)有設(shè)置進(jìn)行策略審查平安設(shè)置帳戶策略最小密碼歷史：1天最長(zhǎng)密碼周期:90天最小密碼長(zhǎng)度:8個(gè)字符密碼復(fù)雜度:Enabled密碼歷史:24PasswordsRemembered存儲(chǔ)的密碼是否可用于可逆加密：Disabled最小密碼歷史：0天最長(zhǎng)密碼周期:0天最小密碼長(zhǎng)度:0個(gè)字符密碼復(fù)雜度:已停用密碼歷史:0PasswordsRemembered存儲(chǔ)的密碼是否可用于可逆加密：已停用沒(méi)有設(shè)置賬戶策略按照要求進(jìn)行賬戶策略設(shè)置帳戶鎖定策略帳戶鎖定周期:15Minutes(minimum)帳戶鎖定條件:3次失敗登錄復(fù)位時(shí)間:15Minutes(minimum)帳戶鎖定周期:不適用帳戶鎖定條件:0次失敗登錄復(fù)位時(shí)間:不適用沒(méi)有進(jìn)行用戶鎖定策略設(shè)置進(jìn)行平安設(shè)置事件日志審核對(duì)于系統(tǒng)、平安、應(yīng)用系統(tǒng)日志，審核下面的工程：最大日志容量:80Mb(minimum)限制GUEST帳戶訪問(wèn)日志:Enabled日志保持方法：“必要時(shí)候重寫(xiě)日志”最大日志容量:512kb(minimum)限制GUEST帳戶訪問(wèn)日志:Enabled日志保持方法：改寫(xiě)久于7天的日志按要求進(jìn)行事件查看器進(jìn)行主要平安設(shè)置審核對(duì)外在的匿名用戶禁止訪問(wèn)。Guest平安選項(xiàng)允許系統(tǒng)在未登錄前關(guān)閉計(jì)算機(jī)：Disabled允許格式化和彈出可移動(dòng)媒體：AdministratorsAmountofIdleTimeRequiredBeforeDisconnectingSession:30Minutes(maximum)在超過(guò)登錄時(shí)間后強(qiáng)制注銷(xiāo)：Enabled系統(tǒng)關(guān)閉時(shí)去除虛存頁(yè)面文件：Enabled數(shù)字簽名客戶端通信〔如可能〕：Enabled數(shù)字簽名效勞器端通信〔如可能〕：Enabled不需要按CTRL+ALT+Delete登錄取：Disabled不顯示上次登錄的用戶名：EnabledLANManagerAuthentication標(biāo)準(zhǔn)l:“SendNTLMv2responseonly”(最少)用戶登錄時(shí)顯示的消息文字：CustomMessageor“Thissystemisfortheuseofauthorizedusersonly.用戶登錄時(shí)顯示的消息標(biāo)題：“Warning:”orcustomtitle.可被緩存保存的前次登錄個(gè)數(shù)：0禁止用戶安裝打印驅(qū)動(dòng):Enabled在密碼到期前多少天提示用戶更改密碼:14Days(minimum)恢復(fù)控制臺(tái)〔允許自動(dòng)管理級(jí)登錄〕：Disabled恢復(fù)控制臺(tái)〔允許對(duì)所有的驅(qū)動(dòng)器和文件夾進(jìn)行軟盤(pán)拷貝和訪問(wèn)〕：Disabled重命名管理員帳戶：除‘Administrator’外的其它任何名稱(chēng)重命名Guest帳戶：除‘GUEST’外的其它任何名稱(chēng)限制只有本地登錄用戶才允許訪問(wèn)軟盤(pán)：Enabled對(duì)平安通道數(shù)據(jù)進(jìn)行數(shù)字加密(如可能):Enabled對(duì)平安通道數(shù)據(jù)進(jìn)行數(shù)字簽名〔如可能〕：Enabled發(fā)送為加密的密碼連接第三方SMB效勞器：Disabled智能卡移除操作：“鎖定工作站”6StrengthenDefaultPermissionsofGlobalSystemObjects(e.g.SymbolicLinks):Enabled對(duì)未經(jīng)過(guò)簽名的驅(qū)動(dòng)安裝行為：“警告,但允許安裝”或者“不允許安裝”.允許系統(tǒng)在未登錄前關(guān)閉計(jì)算機(jī)：已啟用允許格式化和彈出可移動(dòng)媒體：AdministratorsAmountofIdleTimeRequiredBeforeDisconnectingSession:15Minutes(maximum)在超過(guò)登錄時(shí)間后強(qiáng)制注銷(xiāo)：已停用系統(tǒng)關(guān)閉時(shí)去除虛存頁(yè)面文件：已停用數(shù)字簽名客戶端通信〔如可能〕：已停用數(shù)字簽名效勞器端通信〔如可能〕：已停用不需要按CTRL+ALT+Delete登錄?。簺](méi)有定義不顯示上次登錄的用戶名：已停用LANManagerAuthentication標(biāo)準(zhǔn)l:發(fā)送LM&NTML用戶登錄時(shí)顯示的消息文字：無(wú)用戶登錄時(shí)顯示的消息標(biāo)題：沒(méi)有定義可被緩存保存的前次登錄個(gè)數(shù)：10禁止用戶安裝打印驅(qū)動(dòng):已停用在密碼到期前多少天提示用戶更改密碼:14Days(minimum)恢復(fù)控制臺(tái)〔允許自動(dòng)管理級(jí)登錄〕：已停用恢復(fù)控制臺(tái)〔允許對(duì)所有的驅(qū)動(dòng)器和文件夾進(jìn)行軟盤(pán)拷貝和訪問(wèn)〕：已停用重命名管理員帳戶：除‘Administrator’外的其它任何名稱(chēng)重命名Guest帳戶：除‘GUEST’外的其它任何名稱(chēng)限制只有本地登錄用戶才允許訪問(wèn)軟盤(pán)：已停用對(duì)平安通道數(shù)據(jù)進(jìn)行數(shù)字加密(如可能):Enabled對(duì)平安通道數(shù)據(jù)進(jìn)行數(shù)字簽名〔如可能〕：已啟用發(fā)送為加密的密碼連接第三方SMB效勞器：Disabled智能卡移除操作：“鎖定工作站”6StrengthenDefaultPermissionsofGlobalSystemObjects(e.g.SymbolicLinks):Enabled對(duì)未經(jīng)過(guò)簽名的驅(qū)動(dòng)安裝行為：“警告,但允許安裝”或者“不允許安裝”.配置不完全按照要求進(jìn)行平安選項(xiàng)配置注冊(cè)表平安設(shè)置審核審核效勞Alerter–DisabledClipbook–DisabledComputerBrowser–DisabledFaxService–DisabledFTPPublishingService–Disabled–Warning:將禁止FTP效勞IISAdminService–Disabled–Warning:ThiswilldisableInternetInformationServices!InternetConnectionSharing–DisabledMessenger–DisabledNetMeetingRemoteDesktopSharing–DisabledRemoteRegistryService–DisabledRoutingandRemoteAccess–DisabledSimpleMailTransferProtocol(SMTP)–Disabled–Warning:禁止在IISServers上的SMTP效勞。SimpleNetworkManagementProtocol(SNMP)Service–DisabledSimpleNetworkManagementProtocol(SNMP)Trap–DisabledTelnet–DisabledWorldWideWebPublishingServices–Disabled–Warning:將禁止InternetInformationServices!AutomaticUpdates–NotDefinedBackgroundIntelligentTransferService–NotDefined無(wú)審核無(wú)審核無(wú)審核無(wú)審核無(wú)審核無(wú)審核無(wú)審核無(wú)審核無(wú)審核無(wú)審核無(wú)審核無(wú)審核用戶權(quán)利審核從網(wǎng)絡(luò)訪問(wèn)此計(jì)算機(jī):Users,Administrators(ornone)4.2.2Actaspartoftheoperatingsystem:None增加工作站到域：Notapplicable備份文件和目錄:Administrators4.2.5Bypasstraversechecking:Users更改系統(tǒng)時(shí)間:Administrators創(chuàng)立頁(yè)面文件：Administrators創(chuàng)立全局對(duì)象：None創(chuàng)立永久共享對(duì)象：None診斷程序：None拒絕從網(wǎng)絡(luò)訪問(wèn)此計(jì)算機(jī)：Guests拒絕作為批處理進(jìn)行登錄：Nonebydefault(othersallowableasappropriate)NotDefined拒絕作為效勞登錄：Nonebydefault(othersallowableasappropriate)NotDefined拒絕本地登錄:Nonebydefault(othersallowableasappropriate)NotDefined從遠(yuǎn)端強(qiáng)制關(guān)機(jī)：Administrators管理和審核平安日志：None增加內(nèi)存配額：Administrators增加進(jìn)度優(yōu)先級(jí)Administrators安裝和卸載設(shè)備驅(qū)動(dòng)程序：Administrators內(nèi)存中鎖定頁(yè)：None作為批作業(yè)登錄：None(“NotDefined”)作為效勞登錄：None(“NotDefined”)本地登錄：Administrators(otherspecificusersallowable)管理審核和平安日志：Administrators更改防火墻環(huán)境選項(xiàng)：Administrators配置單一進(jìn)程：Administrators配置系統(tǒng)性能：Administrators從插接工作站中取出計(jì)算機(jī)：Administrators替換進(jìn)程級(jí)記號(hào)：None恢復(fù)文件和目錄：Administrators關(guān)閉系統(tǒng)：Administrators同步目錄效勞數(shù)據(jù)：NotApplicable取得文件和其他對(duì)象的所有權(quán)：AdministratorsAdministrators,BackupOperators,Everyone,PowerUsers,UsersAdministrators,BackupOperatorsAdministrators,PowerUsersAdministratorsAdministrators,INTERACTIVE,SERVICRGuestGuestAdministratorsAdministratorsAdministratorsAdministratorEETWORKSERVICEAdministratorsAdministrators,PowerUsersAdministratorsAdministrators,PowerUsers,UsersLOCALSERVICE,NETWORKSERVICEAdministrators,BackupOperatorsAdministrators,BackupOperators,PowerUsers,UsersAdministrators其他系統(tǒng)需求確保磁盤(pán)卷為NTFS文件系統(tǒng)。是ntfs;建議使用NTFS文件系統(tǒng)文件權(quán)限%SystemDrive%\-Administrators:Full;System:Full;CreatorOwner:Full;Users:ReadandExecute,List%SystemDrive%\autoexec.bat–Administrators:Full;System:Full%SystemDrive%\boot.ini–Administrators:Full;System:Full%SystemDrive%\config.sys-Administrators:Full;System:Full%SystemDrive%\io.sys–Administrators:Full;System:Full%SystemDrive%\msdos.sys–Administrators:Full;System:Full%SystemDrive%\ntbootdd.sys-Administrators:Full;System:Full%SystemDrive%\ntdetect–Administrators:Full;System:Full%SystemDrive%\ntldr-Administrators:Full;System:Full%SystemDrive%\DocumentsandSettings–Administrators:Full;System:Full;Users:ReadandExecute,List%SystemDrive%\DocumentsandSettings\Administrator–Administrators:Full;System:Full%SystemDrive%\DocumentsandSettings\AllUsers–Administrators:Full;System:Full;Users:ReadandExecute,List%SystemDrive%\DocumentsandSettings\AllUsers\Documents\DrWatson–Administrators:Full;System:Full;CreatorOwner:Full;Users:TraverseFolder/ExecuteFile,ListFolder/ReadData,ReadAttributes,ReadExtendedAttributes,ReadPermissions(Thisfolder,subfolders,andfiles);Users:TraverseFolder/ExecuteFiles,CreateFiles/WriteData,CreateFolder/AppendData(Subfoldersandfilesonly)%SystemDrive%\DocumentsandSettings\DefaultUser–Administrators:Full;System:Full;Users:ReadandExecute,List%SystemDrive%\SystemVolumeInformation–(Donotallowpermissionsonthisfoldertobereplaced)%SystemDrive%\Temp-Administrators:Full;System:Full;CreatorOwner:Full;Users:TraverseFolders/ExecuteFiles,CreateFiles/WriteData,CreateFolders/AppendData%ProgramFiles%-Administrators:Full;System:Full;CreatorOwner:Full;Users:ReadandExecute,List%SystemDrive%\ProgramFiles\ResourceKit–Administrators:Full;System:Full%SystemRoot%–Administrators:Full;System:Full;CreatorOwner:Full;Users:ReadandExecute,List%SystemRoot%\$NtServicePackUninstall$–Administrators:Full;System:Full%SystemRoot%\CSC–Administrators:Full;System:Full%SystemRoot%\Debug-Administrators:Full;System:Full;CreatorOwner:Full;Users:ReadandExecute,List%SystemRoot%\Debug\UserMode-Administrators:Full;System:Full;Users:TraverseFolder/ExecuteFile,Listfolder/Readdata,Createfiles/Writedata(Thisfolder,only);Createfiles/Writedata,Createfolders/Appenddata(Filesonly)%SystemRoot%\OfflineWebPages–(Donotallowpermissionsonthiskeytobereplaced)%SystemRoot%\Registration-Administrators:Full;System:Full;Users:Read%SystemRoot%\repair-Administrators:Full;System:Full%SystemRoot%\security-Administrators:Full;System:Full;CreatorOwner:Full%SystemRoot%\system32-Administrators:Full;System:Full;CreatorOwner:Full;Users:ReadandExecute,List%SystemRoot%\system32\at.exe–Administrators:Full;System:Full0%SystemRoot%\system32\Ntbackup.exe–Administrators:Full;System:Full1%SystemRoot%\system32\rcp.exe–Administrators:Full;System:Full2%SystemRoot%\regedit.exe–Administrators:Full;System:Full%SystemRoot%\system32\regedt32.exe–Administrators:Full;System:Full%SystemRoot%\system32\rexec.exe–Administrators:Full;System:Full%SystemRoot%\system32\rsh.exe–Administrators:Full;System:Full%SystemRoot%\system32\secedit.exe–Administrators:Full;System:Full%SystemRoot%\system32\appmgmt–Administrators:Full;System:Full;Users:ReadandExecute,List%SystemRoot%\config–Administrators:Full;System:Full%SystemRoot%\system32\dllcache–Administrators:Full;System:Full;CreatorOwner:Full%SystemRoot%\system32\DTCLog-Administrators:Full;System:Full;CreatorOwner:Full;Users:ReadandExecute,List%SystemRoot%\system32\GroupPolicy-Administrators:Full;System:Full;AuthenticatedUsers:ReadandExecute,List%SystemRoot%\system32\ias-Administrators:Full;System:Full;CreatorOwner:FullTheCenterforInternetSecurityWindows2000Server-Level2BenchmarkforStand-AloneandDomain-MemberServersPage18of56%SystemRoot%\system32\NTMSData–Administrators:Full;System:Full%SystemRoot%\system32\reinstallbackups–Administrators:Full;System:Full;CreatorOwner:Full%SystemRoot%\system32\Setup–Administrators:Full;System:Full;Users:ReadandExecute,List%SystemRoot%\system32\spool\printers–Administrators:Full;System:Full;CreatorOwner:Full;Users:TraverseFolder,ExecuteFile,Read,ReadExtendedAttributes,Createfolders,AppendData%SystemRoot%\Tasks-(Donotallowpermissionsonthiskeytobereplaced)%SystemRoot%\Temp-Administrators:Full;System:Full;CreatorOwner:Full;Users:TraverseFolders/ExecuteFiles,CreateFiles/WriteData,CreateFolders/AppendData%SystemDrive%\ntbootdd.sys：缺省%SystemDrive%\DocumentsandSettings\AllUsers\Documents\DrWatson：缺省%SystemDrive%\Temp：缺省%SystemDrive%\ProgramFiles\ResourceKit：缺省%SystemRoot%\$NtServicePackUninstall$：缺省%SystemRoot%\CSC:缺省%SystemRoot%\system32\Ntbackup.exe：缺省%SystemRoot%\system32\secedit.exe：不能翻開(kāi)文件%SystemRoot%\system32\DTCLog：缺省%SystemRoot%\system32\NTMSData：缺省按照審核方法進(jìn)行文件權(quán)限設(shè)置文件和注冊(cè)表審核%SystemDrive%-Everyone:Failures(thisfolder,propagateinheritablepermissionstoallsubfoldersandfiles)HKLM\Software–Everyone:Failures(thiskey,propagateinheritablepermissiontoallsubkeys)HKLM\System–Everyone:Failures(thiskey,propagateinheritablepermissiontoallsubkeys)%SystemDrive%：Everyone:SuccessHKLM\Software：Everyone:SuccessHKLM\System：Everyone:Success注冊(cè)表權(quán)限HKLM\Software\Classes-Administrators:Full;System:Full;CreatorOwner:Full;Users:ReadHKLM\Software–AdministratorsFull;System:Full;CreatorOwner:Full;Users:ReadHKLM\Software\Microsoft\NetDDE–Administrators:Full;System:FullHKLM\Software\Microsoft\OS/2SubsystemforNT–Administrators:Full;System:Full;CreatorOwner:FullHKLM\Software\Microsoft\WindowsNT\CurrentVersion\Asr\Commands–Administrators:Full;System:Full;CreatorOwner:Full;Users:Read;BackupOperators:QueryValue,SetValue,CreateSubkey,EnumerateSubkeys,Notify,Delete,Read(thiskeyandsubkeys)HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Perflib–Administrators:Full;System:Full;CreatorOwner:Full;Interactive:Read(thiskeyandsubkeys)HKLM\Software\Microsoft\Windows\CurrentVersion\GroupPolicy-Administrators:Full;System:Full;AuthenticatedUsers:ReadHKLM\Software\Microsoft\Windows\CurrentVersion\Installer-AdministratorsFull;System:Full;Users:ReadHKLM\Software\Microsoft\Windows\CurrentVersion\Policies-Administrators:Full;System:Full;AuthenticatedUsers:ReadHKLM\System-AdministratorsFull;System:Full;CreatorOwner:Full;Users:ReadHKLM\System\Clone–AllowinheritablepermissionstopropagatetothisobjectHKLM\System\ControlSet001-AdministratorsFull;System:Full;CreatorOwner:Full;Users:ReadHKLM\System\ControlSet00x-AdministratorsFull;System:Full;CreatorOwner:Full;Users:Read*Applythesepermissionst