Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] linux to linux shares


O Plameras wrote:

------SNIPPED---------
>But you still have to harden your total system.
>We learn from previous experience, it is a bad
>habit to leave a crow bar around when parking a
>car. Otherwise, some smart  hacker will find more
>and larger holes and tunnels in the complex
>laryrinths of kernel modules and components
>instead of limited, narrowed, and restricted pathways.
------SNIPPED---------

Hi,

May I share what we do at our company in general.

There is a standing policy at all our sites to recompile
Linux kernels before a new one is implemented.
This is done by removing unnecessary and unused modules.

Implementation is ensured by providing a copy of the
config-XXX-XXX to HQ.

Quality assurance engineers audit sites and ascertain
that config-XXX-XXX as submitted tallies with the running
system.

Config-XXX-XXX is decided before hand by our
IT Security Team.

Just one of the ways our company controls IT security.


PG