操作系统审计检查表

1、然后操作系统审计检查表WINDOWS sp sp3安全审核被审核部门审核人员审核日期2013-12-21序审核步骤 /方法审核结果审核项目号补丁安装情况1 security updates are1missing.113 security updates are missing. 4 servicepacks or update rollups are missing.主要帐户密码长度最少 8 位，密码周期最长为 90 天策略审查20审核策略对所有帐户登录事件进行审核对所有的帐户管理事件进行审核对所有登录事件进行审核3审核失败访问的组件未审查对策略更改事件进行审核审核失败的特权事件审核所有系统

2、事件陪同人员补充说改进建议明没 有 更设置自动更新新设置密码策略，把没 有 设密码长度最小值设置 密 码置为8，密码最长策略存储期设置为90没 有 设进行策略审查安全置设置被审核部门序审核项目号WINDOWS sp sp3安全审核审核人员审核日期2013-12-21审核步骤 /方法审核结果陪同人员补充说改进建议明帐户策略4帐户锁定策略5事件日志审核6最小密码历史：1天最长密码周期 : 90 天最小密码长度 : 8个字符密码复杂度 : Enabled密码历史 : 24 Passwords Remembered存储的密码是否可用于可逆加密：Disabled帐户锁定周期 : 15 Minutes (

3、minimum)帐户锁定条件 : 3 次失败登录复位时间 : 15 Minutes (minimum)对于系统、安全、应用系统日志， 审核下面的项目：最大日志容量 : 80 Mb (minimum)限制 GUEST帐户访问日志 : Enabled日志保持方法：“必要时候重写日志 ”最小密码历史：0天最长密码周期 : 0天最小密码长度 : 0个字符密码复杂度 : 已停用密码历史 :0 Passwords Remembered 存储的密码是否可用于可逆加密： 已停用帐户锁定周期 : 不适用帐户锁定条件 :次失败登录复位时间 : 不适用最大日志容量 : 512kb (minimum)限制 GUEST

4、帐户访问日志 : Enabled 日志保持方法： 改写久于 7天的日志没 有 设按照要求进行账户置 账 户策略设置策略没 有 进行 用 户进行安全设置锁 定 策略设置按要求进行事件查看器进行主要安全7设置审核安全选项8对外在的匿名用户禁止访问。Guest允许系统在未登录前关闭计算机： Disabled允许系统在未登录前关闭计算机：已启用允许格式化和弹出可移动媒体： Administrators允许格式化和弹出可移动媒体：Administrators配 置 不按照要求进行安全完全选项配置Amount of Idle Time Required Before DisconnectingAmount

5、 of Idle Time Required Before DisconnectingWINDOWS sp sp3安全审核被审核部门审核人员审核日期序审核项目审核步骤 /方法号Session:30 Minutes (maximum)在超过登录时间后强制注销：Enabled系统关闭时清除虚存页面文件：Enabled数字签名客户端通信（如可能）： Enabled数字签名服务器端通信（如可能）：Enabled不需要按 CTRL+ALT+Delete登录取： Disabled不显示上次登录的用户名：EnabledLAN Manager Authentication标准 l: “ SendNTLMv2

6、response only ”(最少 )用户登录时显示的消息文字：Custom Message or“This system is for the use of authorized users only.用户登录时显示的消息标题：“Warning: ” orcustom title .0可被缓存保存的前次登录个数：禁止用户安装打印驱动 : Enabled: 14 Days在密码到期前多少天提示用户更改密码(minimum)恢复控制台（允许自动管理级登录）：Disabled恢复控制台（允许对所有的驱动器和文件夹进行软盘拷贝和访问）： Disabled重命名管理员帐户： 除Administrat

7、or 外的其它任陪同人2013-12-21员补充说审核结果改进建议明Session: 15 Minutes (maximum)在超过登录时间后强制注销：已停用系统关闭时清除虚存页面文件：已停用数字签名客户端通信（如可能）：已停用数字签名服务器端通信（如可能）：已停用不需要按CTRL+ALT+Delete登录取：没有定义不显示上次登录的用户名：已停用LAN Manager Authentication标准 l: 发送LM&NTML用户登录时显示的消息文字：无用户登录时显示的消息标题：没有定义可被缓存保存的前次登录个数：10禁止用户安装打印驱动: 已停用在密码到期前多少天提示用户更改密码: 14

8、Days(minimum)恢复控制台（允许自动管理级登录）：已停用恢复控制台（允许对所有的驱动器和文件夹进行软盘拷贝和访问）：已停用重命名管理员帐户：除Administrator外的其第3页共21页WINDOWS sp sp3安全审核被审核部门审核人员审核日期序审核项目审核步骤 /方法号何名称重命名 Guest 帐户：除 GUEST 外的其它任何名称限制只有本地登录用户才允许访问软盘： Enabled 对安全通道数据进行数字加密 (如可能 ): Enabled 对安全通道数据进行数字签名 （如可能）： Enabled 发送为加密的密码连接第三方 SMB 服务器：Disabled智能卡移除操作：

9、 “锁定工作站 ”System Objects (e.g. Symbolic Links):Enabled对未经过签名的驱动安装行为 ： “警告 , 但允许安装”或者 “不允许安装 ”.陪同人2013-12-21员补充说审核结果改进建议明它任何名称重命名 Guest 帐户：除 GUEST 外的其它任何名称限制只有本地登录用户才允许访问软盘：已停用对安全通道数据进行数字加密( 如可能 ): Enabled对安全通道数据进行数字签名（如可能）：已启用发送为加密的密码连接第三方SMB服务器：Disabled智能卡移除操作：“锁定工作站”System Objects (e.g. Symbolic Li

10、nks): Enabled对未经过签名的驱动安装行为： “警告 , 但允许安装”或者“不允许安装”.注册表安全设置审核WINDOWS sp sp3安全审核被审核部门审核人员审核日期2013-12-21陪同人员序审核项目审核步骤 /方法审核结果补充说改进建议号明审核服务Alerter Disabled无审核Clipbook Disabled无审核Computer Browser Disabled无审核Fax ServiceDisabled无审核FTP Publishing Service Disabled Warning:将无审核禁止 FTP 服务IIS Admin Service Disabl

11、ed Warning: This willdisable Internet Information Services! Internet Connection SharingDisabled MessengerDisabled10NetMeeting Remote Desktop SharingDisabled Remote Registry ServiceDisabledRouting and Remote AccessDisabledSimple Mail Transfer Protocol (SMTP) Disabled Warning: 禁止在 IIS Servers 上的 SMTP

12、服务。 Simple Network Management Protocol (SNMP) Service DisabledSimple Network Management Protocol (SNMP) TrapDisabledTelnet DisabledWorld Wide Web Publishing Services Disabled 无审核无审核无审核无审核无审核无审核无审核第5页共21页WINDOWS sp sp3安全审核被审核部门审核人员审核日期2013-12-21陪同人员序审核项目审核步骤 /方法审核结果补充说改进建议号明Warning:将禁止 Internet Infor

13、mation Services!Automatic Updates Not DefinedBackground Intelligent Transfer ServiceNotDefined用户权利审核11从网络访问此计算机 : Users, Administrators (or none)增加工作站到域： Not applicable备份文件和目录 : Administrators更改系统时间 : Administrators创建页面文件：Administrators创建全局对象：None创建永久共享对象：None诊断程序：None拒绝从网络访问此计算机： Guests 拒绝作为批处理进行登录

14、：None by default (others allowable as appropriate) Not Defined拒绝作为服务登录：None by default (othersAdministrators,BackupOperators,Everyone,PowerUsers,UsersAdministrators,Backup OperatorsAdministrators,PowerUsersAdministratorsAdministrators,INTERACTIVE,SERVICRGuestWINDOWS sp sp3被审核部门审核人员审核日期序审核项目审核步骤 /方法号

15、allowable as appropriate) Not Defined拒绝本地登录 : None by default (others allowableas appropriate) Not Defined从远端强制关机： Administrators管理和审核安全日志：None增加内存配额：Administrators增加进度优先级 Administrators安装和卸载设备驱动程序：Administrators内存中锁定页：None作为批作业登录： None ( “Not Defined ”)作为服务登录： None ( “Not Defined ”)本地登录： Administra

16、tors (other specific users allowable)管理审核和安全日志：Administrators更改防火墙环境选项： Administrators配置单一进程：Administrators配置系统性能：Administrators从插接工作站中取出计算机：Administrators替换进程级记号：None恢复文件和目录：Administrators关闭系统：Administrators安全审核陪同人2013-12-21员补充说审核结果改进建议明GuestAdministratorsAdministratorsAdministratorsAdministratorEE

17、TWORK SERVICEAdministratorsAdministrators,Power UsersAdministratorsAdministrators,Power Users,UsersLOCAL SERVICE,NETWORKSERVICE第7页共21页WINDOWS sp sp3安全审核被审核部门审核人员审核日期2013-12-21陪同人员序审核项目审核步骤 /方法审核结果补充说改进建议号明同步目录服务数据： Not ApplicableAdministrators,Backup Operators取得文件和其他对象的所有权： AdministratorsAdministrat

18、ors,BackupOperators,Power Users,UsersAdministrators其他系统12 需求确保磁盘卷为 NTFS 文件系统。是 ntfs;文件权限%SystemDrive% - Administrators: Full; System:%SystemDrive%ntbootdd.sys：缺省Full; Creator Owner: Full; Users: Read and%SystemDrive%Documents andExecute, ListSettingsAll UsersDocuments%SystemDrive%autoexec.batAdminis

19、trators:DrWatson：缺省Full; System: Full%SystemDrive%Temp：缺省%SystemDrive%boot.ini Administrators: Full;%SystemDrive%Program13System: FullFilesResource Kit：缺省%SystemDrive%config.sys - Administrators: Full;%SystemRoot%$NtServicePackUninstSystem: Fullall$：缺省%SystemDrive%io.sys Administrators: Full;%System

20、Root%CSC:缺省System: Full%SystemRoot%system32Ntbackup.ex%SystemDrive%msdos.sysAdministrators: Full;e：缺省System: Full%SystemRoot%system32secedit.exe：建议使用NTFS 文件系统按照审核方法进行文件权限设置WINDOWS sp sp3安全审核被审核部门审核人员审核日期2013-12-21陪同人员序审核项目审核步骤 /方法审核结果补充说改进建议号明%SystemDrive%ntbootdd.sys -Administrators:不能打开文件Full; Sys

21、tem: Full%SystemRoot%system32DTCLog：缺%SystemDrive%Administrators:省Full; System: Full%SystemRoot%system32NTMSData：%SystemDrive%ntldr - Administrators: Full;缺省System: Full%SystemDrive%Documents and SettingsAdministrators: Full; System: Full; Users: Readand Execute, List%SystemDrive%Documents andSettin

22、gsAdministrator Administrators: Full;System: Full%SystemDrive%Documents and SettingsAll UsersAdministrators: Full; System: Full; Users: Readand Execute,List%SystemDrive%Documents and SettingsAllUsersDocuments DrWatsonAdministrators:Full; System: Full;Creator Owner: Full; Users: TraverseFolder/Execut

23、e File, List Folder/Read Data, Read第9页共21页WINDOWS sp sp3被审核部门审核人员审核日期序审核项目审核步骤 /方法号Attributes, Read ExtendedAttributes, Read Permissions (This folder,subfolders, and files); Users: TraverseFolder/Execute Files, CreateFiles/Write Data, Create Folder/Append Data(Subfolders and files only)%SystemDrive%

24、Documents and SettingsDefaultUser Administrators: Full; System: Full; Users:Read and Execute, List%SystemDrive%System Volume Information (Donot allow permissions on this folder to be replaced)%SystemDrive%Temp - Administrators: Full;System: Full; Creator Owner: Full; Users:Traverse Folders/ExecuteFi

25、les, Create Files/Write Data, CreateFolders/Append Data%ProgramFiles% - Administrators: Full; System:Full; Creator Owner: Full; Users: Read and Execute, List%SystemDrive%Program FilesResource Kit Administrators: Full; System: Full安全审核陪同人2013-12-21员补充说审核结果改进建议明WINDOWS sp sp3安全审核被审核部门审核人员审核日期2013-12-2

26、1陪同人员序审核项目审核步骤 /方法审核结果补充说改进建议号明%SystemRoot% Administrators: Full; System:Full; Creator Owner: Full; Users: Read andExecute, List%SystemRoot%$NtServicePackUninstall$Administrators: Full; System: Full%SystemRoot%CSCAdministrators: Full;System: Full%SystemRoot%Debug -Administrators: Full;System: Full;

27、Creator Owner: Full; Users: Readand Execute, List%SystemRoot%DebugUserMode -Administrators:Full; System: Full; Users: Traverse Folder/ExecuteFile, Listfolder/Read data, Create files/Write data (Thisfolder, only); Create files/Write data, Createfolders/Append data(Files only)%SystemRoot%Offline Web P

28、ages(Do not allowpermissions on this key to be replaced)%SystemRoot%Registration -Administrators: Full;System: Full; Users: Read第11页共21页WINDOWS sp sp3安全审核被审核部门审核人员审核日期2013-12-21陪同人员序审核项目审核步骤 /方法审核结果补充说改进建议号明%SystemRoot%repair - Administrators: Full;System: Full%SystemRoot%security - Administrators:

29、Full;System: Full; Creator Owner: Full%SystemRoot%system32 -Administrators: Full;System: Full; Creator Owner: Full; Users: Readand Execute, List%SystemRoot%system32at.exeAdministrators:Full; System: FullAdministrators: Full; System: FullAdministrators: Full; System: FullAdministrators: Full; System:

30、 Full%SystemRoot%system32regedt32.exeAdministrators: Full; System: Full%SystemRoot%system32rexec.exeAdministrators: Full; System: Full%SystemRoot%system32rsh.exeAdministrators:Full; System: FullWINDOWS sp sp3安全审核被审核部门审核人员审核日期2013-12-21陪同人员序审核项目审核步骤 /方法审核结果补充说改进建议号明%SystemRoot%system32secedit.exeAdmi

31、nistrators: Full; System: Full%SystemRoot%system32appmgmtAdministrators: Full; System: Full; Users: Readand Execute, List%SystemRoot%config Administrators: Full;System: Full%SystemRoot%system32dllcacheAdministrators: Full; System: Full; CreatorOwner: Full%SystemRoot%system32DTCLog -Administrators: F

32、ull; System: Full; CreatorOwner: Full; Users: Read andExecute, List%SystemRoot%system32GroupPolicy -Administrators: Full; System: Full; AuthenticatedUsers: Read andExecute, List%SystemRoot%system32ias -Administrators:Full; System: Full; Creator Owner: FullThe Center for Internet Security第13页共21页WIND

33、OWS sp sp3被审核部门审核人员审核日期序审核项目审核步骤 /方法号Windows 2000 Server - Level 2 Benchmark forStand-Alone and Domain-Member ServersPage 18 of 56%SystemRoot%system32NTMSDataAdministrators: Full; System: Full %SystemRoot%system32reinstallbackups Administrators: Full; System: Full; CreatorOwner: Full%SystemRoot%syst

34、em32SetupAdministrators: Full; System: Full; Users: Read and Execute, List %SystemRoot%system32spoolprinters Administrators: Full; System: Full; Creator Owner: Full; Users:Traverse Folder, Execute File, Read, Read Extended Attributes, Create folders, Append Data %SystemRoot%Tasks -(Do not allow perm

35、issions on this key to be replaced) %SystemRoot%Temp - Administrators: Full; System: Full; Creator Owner: Full; Users: Traverse Folders/ExecuteFiles, Create Files/Write Data, Create安全审核陪同人2013-12-21员补充说审核结果改进建议明WINDOWS sp sp3安全审核被审核部门审核人员审核日期2013-12-21陪同人员序审核项目审核步骤 /方法审核结果补充说改进建议号明Folders/Append Dat

36、a文件和注%SystemDrive% - Everyone: Failures (this folder,册表审核propagate inheritable permissions to all subfoldersand files)%SystemDrive%：Everyone: Success14HKLMSoftware Everyone: Failures (this key,HKLMSoftware ：Everyone: Successpropagate inheritable permission to all subkeys)HKLMSystem ：Everyone: Succes

37、sHKLMSystem Everyone: Failures (this key,propagate inheritable permission to all subkeys)注册表权限15HKLMSoftwareClasses - Administrators: Full;不满足： Creator Owner:缺省System: Full; Creator Owner: Full; Users: ReadHKLMSoftware Administrators Full; System:不满足： Creator Owner:缺省Full; Creator Owner: Full; Users

38、: ReadHKLMSoftwareMicrosoftNetDDE 满足Administrators: Full; System: Full将管理访问注册表权限设置到最高，其他用户不拥有此权限访问，修改注册表第15页共21页WINDOWS sp sp3安全审核被审核部门审核人员审核日期2013-12-21陪同人员序审核项目审核步骤 /方法审核结果补充说改进建议号明HKLMSoftwareMicrosoftOS/2 Subsystem for NT ?Administrators: Full; System: Full; CreatorOwner: FullHKLMSoftwareMicroso

39、ftWindows不满足： Creator Owner:缺省 ;NTCurrentVersionAsrCommands Administrators: Full;System: Full;Creator Owner: Full;Users: Read;Backup Operators: Query Value, Set Value,Create Subkey, EnumerateSubkeys, Notify, Delete, Read (this key andsubkeys)WINDOWS sp sp3被审核部门审核人员审核日期序审核项目审核步骤 /方法号HKLMSoftwareMicro

40、softWindows NTCurrentVersionPerflib Administrators: Full;System: Full; CreatorOwner: Full; Interactive: Read (this key and subkeys)HKLMSoftwareMicrosoftWindowsCurrentVersion Group Policy - Administrators: Full; System: Full;Authenticated Users: ReadHKLMSoftwareMicrosoftWindowsCurrentVersion Installe

41、r - Administrators Full; System: Full; Users: ReadHKLMSoftwareMicrosoftWindowsCurrentVersion Policies - Administrators: Full; System: Full;AuthenticatedUsers: Read安全审核陪同人2013-12-21员补充说审核结果改进建议明不满足： Creator Owner:缺省 ;满足满足满足第17页共21页WINDOWS sp sp3安全审核被审核部门审核人员审核日期2013-12-21陪同人员序审核项目审核步骤 /方法审核结果补充说改进建议号

42、明HKLMSystem - Administrators Full; System: Full;Creator Owner: Full; Users: ReadHKLMSystemClone Allow inheritable permissions to propagate to this objectHKLMSystemControlSet001 - AdministratorsFull; System: Full; Creator Owner: Full; Users:ReadHKLMSystemControlSet00 x - AdministratorsFull; System: Full; Creator Owner: F