On Fri, 2003-12-05 at 14:59, bruce wrote:
> >From what you are saying, you're implying that security is simply a matter
> of not giving the user root access... I'm not sure I'm buying that. If
> security where that easy, there would be no real issues surrounding creating
> a secure system.
No, not really. But you have to consider what is your level of
paranoia.
> I'm trying to find information from guys who have created secure systems,
> who can provide insight into the issues with chroot, etc... Resources who
> can discuss the various pros/cons of a given security strategy... As I
> pointed out, I'm considering letting users into my machines, so I'd like to
> know what this really entails....
Normally, you only go through this type of exercise if you *really* need
to restrict others from going to different parts of the system and
getting at other people's data.
So, you need to sit down and decide what you want to protect, who you
want to protect if from, and why. If it is simply a matter of you don't
what people to change your httpd config files then you need to decided
how much effort and how many ways you want to protect it. It is quite
easy to go overboard is search of the ultimate in security.
Then, of course, you need to use something like "tripwire" so when your
security is defeated you will know what happened and when. :-)
Ed
--
"An opinion is like an asshole - everybody has one."
- Clint Eastwood as Harry Callahan, The Dead Pool - 1988.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
