Re: Another Fedora decision

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, February 5, 2015 9:06 am, James B. Byrne wrote:
>
> On Wed, February 4, 2015 16:55, Warren Young wrote:
>>> On Feb 4, 2015, at 12:16 PM, Lamar Owen <lowen@xxxxxxxx> wrote:
>>>
>>> Again, the real bruteforce danger is when your /etc/shadow is
>>> exfiltrated by a security vulnerability
>>
>> Unless you have misconfigured your system, anyone who can copy
>> /etc/shadow already has root privileges.  They do not need to crack
>> your passwords now.  You are already boned.
>>
>>
>>
>
> My thought exactly.
>

After all this discussion about "is this enough for good security or
should we add something else" the last not requiring tremendously larger
effort, I'm left with the following feeling. I'm a "relict" left from long
time ago when security was considered paramount, when if something can be
done it had to be done, no matter that the same is allegedly covered by
something else already in place. We always considered the word "paranoia"
is in sysadmin's job description (I still do, yet I didn't check IT job
descriptions lately, - maybe I should take a look; there seem to be many
"Windows" brew people up on the top of IT ladder these days). I feel like
there is brave new world of admins who feel it right to have "iPad-like"
everything, i.e. boxes cooked up and sealed by vendor, and you have no way
even to look inside, not to say re-shape interior to your understanding
[of security or anything else]. Am I the only one?

Not that this my comment meant as contradiction to any particular post
(this post I'm replying to included). It is just the existence (and
length) of this discussion (whether one should, or shouldn't, or anything)
makes me think that what I was trained about security is not accepted by
many these days. Or maybe I simply got tired following it instead of
spending more time doing my own sysadmin's job ??

Good luck, everyone. Stay safe and keep your boxes secure!

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux