Re: [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Les Mikesell wrote:
John Summerfield wrote:

My point, for those who seem to have missed it, is that on the others security is considered a top goal and highlighted as such on the home page. I similarly excluded FreeBSD because it's not highlighted as a top requirement. I also excluded Debian - freeness drives the Debian project, usability drives Ubuntu.

Agreed, but you have enough experience to know that good intentions and strict attention to narrow goals don't produce the best results every

I didn't say anything about narrow goals, did I?

When you emphasize one, it usually comes at the expense of others. Or it's just meaningless hype.

Security is important to all of those projects, but if you don't highlight the key goals of your OS project, you aren't selling the project very well, and you will probably miss those goals.

I tend to ignore marketing hype.
I didn't say anything about marketing hype either. If you have a project, you want users and you may want people to help you. You have about one para to get people's attention.

Marketing hype takes longer than that. Remember, "hype" is short for "hyperbole" and asserts exaggeration.

I'm pretty happy with the security in RHEL's clones, but that still is not the first amongst its goals. The driver in RHEL is the Enterprise. Of course, security is important, but Red Hat Secure Linux would be a very different product, wouldn't you think?

I'm not sure how it could be different and still be useful. Maybe they would disable your ability to turn off SELinux and firewalling. And wouldn't the existence of a separate secure product imply that the stock one has known security flaws? As things are, I assume that
Why? Does the fact that GM sells big cars, small cars, cheap cars & expensive cars mean there's anrthing wrong with any of them? I see it as a recognition that different folk have different requirements.

vulnerabilities are always fixed in updates as they are discovered.

Might be more like this (from distrowatch):
EnGarde Secure Linux is a server-oriented open source operating system that provides services like web, DNS and email simply and securely while eliminating the need for time-consuming "hardening" by the user. EnGarde offers integrated intrusion detection, advanced kernel and network security features, and graphical auditing and reporting - all controlled through Guardian Digital WebTool, a simplified browser-based management system.
From its website:
Unprecedented Security. Unrivaled Manageability.

EnGarde is the first truly secure, open source Internet operating platform.
Simplified Web-based management and enterprise scalability combine to
deliver unprecedented security and a feature-rich Internet application
environment.

The first release I saw incorporated LIDS (before selinux was usable). I might have used it, but for the fact it used a 2.2 kernel.


I would expect RHSL to have more emphasis on keeping the bastards out and detecting their efforts to subvert the security measures, and maybe some self-repair. Running a secure server as a virtual server implies you _can_ check it with a trusted Linux - the host. Or another guest. Installing a service would imply all appropriate support packages - sendmail+spamassassin+mimedefang, and guidance on getting them up and running securely.

A default install would have the minimum required to boot and install other stuff, a GUI would be optional on a server (if provided). selinux would be enforcing, and maybe not able to be turned off without a reboot. Filesystems might be encrypted by default.


--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx  Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux