-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Mon, Dec 01, 2014 at 11:26:30PM +0100, Reindl Harald wrote: > many people are using Linux because they hope to know to some degree what > their computer is doing instead "something magically does something" > > not that i personally don't have the knowledge to keep control but that's > not the point - to keep a difference between Linux and MS/Apple a Linux > distribution sometimes should follow "better safe than sorry" or in other > words "better ask instead get complaints why not asked" This makes a lot of sense. I still agree with sane defaults that don't allow dumb things to happen out of the box but we should also be looking at ways for people to determine whether or not their systems are setup in an insecure manner. Some of this already exists in the SCAP world but is mostly focused on compliance testing and not 'how to make sure I'm not going to get pwned'. Perhaps we need to make SCAP rules that check for obvious deficiencies and then make that increadibly easy for an admin to run. Then issues like allowing root access via ssh (directly) would come up on the admin's radar and the admin could fix it. There are many things I'm running on my server that I *hope* are configured appropriately. It would be great if there was a way for my system to be scanned to see if there are things I could be doing better. - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Red Hat, Inc - Product Security sparks@xxxxxxxxxx - sparks@xxxxxxxxxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJUfcqPAAoJEB/kgVGp2CYv8kkL/jjo6nSl0vI5Fh177I2NEJEX cJjScxbWko5j23v/k6EpiwjFlGKu7tSu8wVptfllwPrjZIujZFrKpb+H/Aw0Vjnn tq2zf3foNfry9WhC4fJEOXpDaJqCBGuQyXYHj/zcXthaSzpTPzSOxd1uBiLptlBr OHmBUhdRDBDd1zW0N+l/z9ByGLtqe/3k7DDuvUgPVA/Taiw7GzDEyg4Bi9j3i3uj by1Hv8WiLUcRET4QoU1VnhfaXshTkTb2VP0W5cOIvIe5napW2A5g80v8ZDTb9eis wzbDvJNdG+nkSmKRcVWnxSqdwhfcyXh62Ql0mN/zmIATq921XZDichFAgi7UTIiE PK4QS4PwzNxT83CIzHLEcGkzxO/GQbRH6q3FXjxnKQCc/eCLYVhw94VvBX+G5QZg PeCvdH7tGb6hjhtUdRScKYTq/n6jBWvAEiLo6HdCKm9JnYQWjv7ZWU/5Gi2ug/u4 CnuIdO/gY2zrW0XFVNGo4293KGlp7R6scN5wbPNbPA== =TLDU -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
