A half of a day will be spent doing white box testing.
The process table will be examined. All processes will be identified, and categorized as to whether they are: essential, non-essential but probably harmless, or a security risk.
The network socket listen queue will be examined. All open sockets will be identified, and coorelated to active processes.
The file system will be examined for set user id programs. A list will be made and the programs will be categories into: essential, non-essential but convenient, and security risk. In addition, the permissions on all shared libraries will be examined and directories leading to them. Any setuid programs that use shared libraries will be flagged.
The password file will be examined for accounts. All accounts will be checked to make sure that they are either disabled, or have non-empty passwords. A password cracker will not be run at this time.
If already configured, a tripwire (or equivalent) program will be used to verify the integrity of all executables.