SLUG Mailing List Archives
Re: [SLUG] linux to linux shares
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] linux to linux shares
- From: "Philip Greggs" <png320@xxxxxxxxx>
- Date: Tue, 21 Feb 2006 05:32:16 +1100
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=eTiRa88+0SaGCdE5gA3d/iKPEx4qr7S4TCI5nepi1qLsEMJUkLpQeJUa6oXV70+2z8iNcvaiWaWpu1gdkzNgXDhl7YEeJHlem5nnv5TpqCKVhbCKmCfof4mombNHxulsNi3LeFq6RIsB+WNGWwPNNx9tSYGgyPffkfrNw4vbzyw=
O Plameras wrote:
>But you still have to harden your total system.
>We learn from previous experience, it is a bad
>habit to leave a crow bar around when parking a
>car. Otherwise, some smart hacker will find more
>and larger holes and tunnels in the complex
>laryrinths of kernel modules and components
>instead of limited, narrowed, and restricted pathways.
May I share what we do at our company in general.
There is a standing policy at all our sites to recompile
Linux kernels before a new one is implemented.
This is done by removing unnecessary and unused modules.
Implementation is ensured by providing a copy of the
config-XXX-XXX to HQ.
Quality assurance engineers audit sites and ascertain
that config-XXX-XXX as submitted tallies with the running
Config-XXX-XXX is decided before hand by our
IT Security Team.
Just one of the ways our company controls IT security.