Steve,
Thank you for your considerable patience. You're right, that the NSA
guide is a much better fit for RHEL5 that the corresponding CIS document.
I'd point out that the CIS version clearly aims for a certifiable security
configuration ("CIS Level 1 security"), whereas, as you seem to suggest,
the
NSA guide is arguably less proscriptive, certainly less arbitrary, and
easier to work with (despite it being even longer).
Of course common sense and site-appropriateness have to be used in
implementation of any guide. But to assert best-effort compliance with
either of these, a lot of work is involved, especially as numbers and
diversity of systems increases. That said, I'm going to work toward
adoption of the NSA guide as a reference standard, where one is required.
I'd still like to see RHEL much closer to the recommendations out of the
box, and provide it's own hardening options/tools, so that its customers
don't have to implement so much change themselves. I'm glad to know
RedHat IS closely involved in the development of the NSA guide.
thank you again,
Ed
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
