Classnotes | UNIX03 | RecentChanges | Preferences Check each and every major and semi-major application on your system. Be sure that it is not an insecure version (see previous Deadly Sin) and that it has been configured properly.
Most programs are very versatile and may or may not have default configurations you will want.
For example, many versions of Sendmail still in use come default as open relays. On most systems, FTP daemons still run as non-chrooted root. SAMBA comes pre-configured to allow connections to it from anywhere on the internet (whereas you will almost always want SAMBA restricted to one or more IP spaces).
Security audits must include auditting of software and configurations.
