Re: [PLUG] AV software for Linux

[brent saner <brent.saner@gmail.com>]

Art Alexion wrote:
> I'm thinking real root accounts instead of sudo, with no root passwords 
> distributed to regular users should solve this.  For years the users have 
> been told to save important data to a network drive.  That we are not 
> responsible for lost files on desktops.
>   
the nice thing about sudo though is that you can track activity if you 
really wanted to, to some degree. i get a little wary about multiple 
people knowing a root password. if someone gets any funny ideas, what's 
to stop them? it may be to late. with sudo, you can have at least some 
sort of cushion layer there...
> > . 
> >
> > If you're concerned about nefarious deeds, I'd recommend a HIDS (ie.
> > Tripwire, AIDE), or if you use Debian, something like Debsums+Tiger.  That
> > should reveal any monkey business.
> >     

ditto, highly recommended.
> Has anyone used/tried AppArmor?
never bothered to give it a shot but from what i hear, much like SElinux 
it's "worth more trouble than it is good". again, YMMV; word of mouth.


and there aren't any viable linux virii, no... and they can't really 
propagate, but what happens if you contract one? that user can 
potentially be toast. true, it's easily fixed with an rm /home/<foo> and 
then restoring the backup but what if that user had sudo access (which 
DOES validate your concerns, stewart)? you're looking at a system-wide 
audit at that point.

--
Brent Saner
215.264.0112(cell)
215.362.7696(residence)

http://www.thenotebookarmy.org

Bill Gates is to hacking as Sid Vicious was to the Sex Pistols: no talent, everyone hates him, and he's just in it for the fame and money.

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug