Richard_D_Levine@xxxxxxxxxxxx wrote: >You could look at what SELinux extensions now available in at least the Red >Hat (and Fedora) distro offer. I have never done anything with SELinux, >and a quick review of the archives indicates it is not a slam dunk to use. >It is designed to create the kind of restrictive environment you describe. i'm not sure it's the answer. SELinux is focused on suppressing privilege escallation problems. root is still root, it has to be. you can constrain root, but in order to be able to administer the system, root still needs to be able to modify security policy, otherwise it'd be trivially easy for a less-than-skilled sysadmin to render his machines unmanageable. even skilled sysadmins from time to time commit the good old fashioned oops, after all. the general problem of an environment where you do not choose to trust your sysadmins is a very hard one. i've spent some time thinking about how to handle it, and there are no easy solutions. building a secure, reliable audit trail system struck me as the way to go, but you literally need to get the audit logs off site into another facility with completely independent administration. richard ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
