On Sunday 07 December 2008 11:51:33 Jesse Keating wrote: > I have yet to see anything in your definition of CAPP that adds real > security to our system. I didn't attempt to explain CAPP, that would be a book or at least a big chapter in a book. What I attempted to explain is the parts of it that apply to user account management. > What I get out of it so far is "If all the admins play nice, we can track > what they're doing". But if admins stop playing nice, all bets are off. True. To track a hostile admin requires meeting yet another Security Target. You need 1) Remote audit logging - we have that 2) Separation of roles such that a security officer and an admin role exist - we have that. 3) keystroke logging - we have that These are called out for in higher security standards. The higher standards typically extend the lower standards. > What value does that add to Fedora systems? CAPP basically says you have a normal unix system. As the threat increases, you have to take different steps to counter it. We have a layered security approach that lets you tailor the counter-measures to the perceived threat. -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
