We live in a world where compliance is king. Nevermind if compliance
doesn't actually make the system more secure.
Er .. re my previous post, I don't mean "lie to RH and claim to want to
buy RHEL to get free support". I mean that you should consider going to
management and getting approval fo
On 12/22/2010 02:05 AM, Kenneth Buckler wrote:
I find it very comforting that I am not the only one who finds this
requirement a bit "out there".
Unfortunately, these requirements are set in stone, and no matter how
hard I try, can not be altered.
We live in a world where compliance is king. Ne
On Mon, Dec 20, 2010 at 8:53 PM, Craig Ringer
wrote:
>
> Do you have a trusted boot path from BIOS to bootloader to kernel to init
> core userspace, where everything is digitally signed (by you or someone
> else) and verified before execution? Do you disable kernel module loading?
>
> If not, you'
On 12/21/2010 06:12 AM, Kenneth Buckler wrote:
Hello,
I am investigating security requirements for configuring a PostgreSQL
database on a Linux system.
One of the security requirements our organization would like to
implement is "trusted startup", in that PostgreSQL would verify the
authenticity
On Mon, Dec 20, 2010 at 3:31 PM, Scott Marlowe wrote:
>
>
> But, if the script is run on the same machine as postgresql is on, the
> scripts that check for changes could be compromised as well and then
> you'd never know.
>
I agree, if the system has been compromised, nothing will prevent the
scr
On Mon, Dec 20, 2010 at 1:43 PM, John R Pierce wrote:
> I would look into selinux. lock it down with this, and it will be much
> harder to compromise.
I agree. By the time you've got compromised binaries / config files
on the system, you've already lost.
--
Sent via pgsql-general mailing lis
On 12/20/10 11:12 AM, Kenneth Buckler wrote:
Hello,
I am investigating security requirements for configuring a PostgreSQL
database on a Linux system.
One of the security requirements our organization would like to
implement is "trusted startup", in that PostgreSQL would verify the
authenticit
On Mon, Dec 20, 2010 at 12:12 PM, Kenneth Buckler
wrote:
> Hello,
>
> I am investigating security requirements for configuring a PostgreSQL
> database on a Linux system.
> One of the security requirements our organization would like to implement is
> "trusted startup", in that PostgreSQL would ver
Hello,
I am investigating security requirements for configuring a PostgreSQL
database on a Linux system.
One of the security requirements our organization would like to implement is
"trusted startup", in that PostgreSQL would verify the authenticity of the
binaries and configuration files before m
