Ed... You're getting it!! But given that the enviornment that I envision will have literally strangers coming into my box... I need to be reasonable paranoid/secure... Which brings me to my original question... I think I've pretty well formed the basis of the issue/problem that I'm seeking to solve... Thanks.. -Bruce -----Original Message----- From: redhat-list-admin@xxxxxxxxxx [mailto:redhat-list-admin@xxxxxxxxxx]On Behalf Of Ed Greshko Sent: Thursday, December 04, 2003 11:30 PM To: Redhat-list@xxxxxxxxxx Subject: RE: Security Issues.... On Fri, 2003-12-05 at 14:59, bruce wrote: > >From what you are saying, you're implying that security is simply a matter > of not giving the user root access... I'm not sure I'm buying that. If > security where that easy, there would be no real issues surrounding creating > a secure system. No, not really. But you have to consider what is your level of paranoia. > I'm trying to find information from guys who have created secure systems, > who can provide insight into the issues with chroot, etc... Resources who > can discuss the various pros/cons of a given security strategy... As I > pointed out, I'm considering letting users into my machines, so I'd like to > know what this really entails.... Normally, you only go through this type of exercise if you *really* need to restrict others from going to different parts of the system and getting at other people's data. So, you need to sit down and decide what you want to protect, who you want to protect if from, and why. If it is simply a matter of you don't what people to change your httpd config files then you need to decided how much effort and how many ways you want to protect it. It is quite easy to go overboard is search of the ultimate in security. Then, of course, you need to use something like "tripwire" so when your security is defeated you will know what happened and when. :-) Ed -- "An opinion is like an asshole - everybody has one." - Clint Eastwood as Harry Callahan, The Dead Pool - 1988. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
