On 2/28/08, Steve Grubb <[EMAIL PROTECTED]> wrote: > > On Thursday 28 February 2008 16:48:50 Ed Brown wrote: > >There are third-party 'benchmarks' or configuration guides for RHEL5 that > are > >becoming standards, or mandates, at least for some government sites. E.g > .: > > Both of these you point to, I was involved in. > > > >Each is over a hundred pages of configuration recommendations, from the > >common sense (turn off services you don't need) to the micro-managed and > >essentially arbitrary (chmod /etc/sysctl.conf from 0644 to 0600). > > The micromanaged one comes from the CIS guide. :) > > > >- Are RedHat's "enterprise" operating systems insecure as shipped? > > No. For example, the sysctl.conf file doesn't really divulge any secret > information. If you want to set the permissions to 0600, go right ahead. > It > won't hurt anything. There is a balance that has to be achieved between > people want the machine to work vs I'm paranoid and I don't trust anyone. > Some people want USB flash drives to work so they can copy files, some > people > see them as a way to let govt documents out the door. It all depends on > your > context as to whether something needs to be tightened or not.
I was surprised by some of those recommendations since redhat linux has always used the UPG scheme, so users are their own groups anyways. There was no mention of that or how some of the recommendations including how custom SSL in each place was supposed to be useful. It just seemed to come across as: of course redhat linux cant be secure, here's how to try and deal with it. There was still lots of useful info though, including the description of services.
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
