Hi,
Thank you. RSBAC looks rather interesting. Rule-based like NSA's attempt,
but it looks more "open" as you suggest. I'll take a proper look rather
than comment any more.
Your comments on Bastille. I must admit I do likewise. I examine these
hardening scripts for strategies and ideas, rather than as a means to do
the work. Scripting has its place but it can be heavyhanded and it may not
work the way you expect.
Thanks for the feedback,
regards,
Robyn Mills
(independent contractor)
At 09:11 PM 31-01-01 -0500, Paul D. Robertson wrote:
>On Thu, 1 Feb 2001, Robyn Mills wrote:
>
> > ***
> > I'd be interested to hear anyone's opinions of:
>
> > - NSA's secure linux
>
>I much prefer RSBAC in terms of maturing and openness as well as
>flexibility and complete feature set. http://www.rsbac.de.
>
> > Bastille (hardening script for RH)
>
>I haven't looked in several months, but last time I did a "tell me what
>you'd do" run of Bastille, it looked to be sufficient for getting to the
>same place I generally manually arrive at the first two or three minutes
>with a new system. If I had to deploy a large number of systems, I'd
>probably use it as my basis instead of writing my own script unless I had
>something else in mind design-wise.
>
>Paul
>-----------------------------------------------------------------------------
>Paul D. Robertson "My statements in this message are personal opinions
>[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
