On Mon, 2009-11-30 at 15:17 -0500, Eric Christensen wrote: > Gene, > (Ahh... someone with a similar background...) > > So the biggest question, to me, is to what standard do we start? > There are plenty to choose from from DISA to NIST. I, personally, > find the NSA's "Guide to the Secure Configuration of Red Hat > Enterprise Linux 5" very good and might be a good place to start. I'm > not saying that we do everything that is in the guide but maybe take > the guide and strike things out that don't make sense and add stuff to > it that does make sense. Thanks for the thoughts, Gene and Eric. You seem to be running a long way ahead here :). I should probably say that I think I mistitled the thread: what I was really thinking about here is not 'security', but the more limited area of 'privilege escalation'. I'm not sure we're ready to bite off a comprehensive distro-wide security policy yet, to the extent you two are discussing. Where I'm currently at is that I'm going to talk to some Red Hat / Fedora security folks about the issues raised in all the discussions about this, including this thread, and then file a ticket to ask FESco to look at the matter, possibly including a proposed policy if the security folks help come up with one. And for the moment, only really concerned with the question of privileges. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
