Re: [PLUG] AV software for Linux

Art Alexion on 14 Dec 2007 14:00:08 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] AV software for Linux

From: Art Alexion <art.alexion@verizon.net>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] AV software for Linux

Date: Fri, 14 Dec 2007 08:59:27 -0500

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: KMail/1.9.6 (enterprise 0.20070907.709405)

On Thursday 13 December 2007 16:04:45 brent saner wrote: > Art Alexion wrote: > > I'm thinking real root accounts instead of sudo, with no root passwords > > distributed to regular users should solve this. For years the users have > > been told to save important data to a network drive. That we are not > > responsible for lost files on desktops. > > the nice thing about sudo though is that you can track activity if you > really wanted to, to some degree. i get a little wary about multiple > people knowing a root password. if someone gets any funny ideas, what's > to stop them? it may be to late. with sudo, you can have at least some > sort of cushion layer there... > > >> . > >> > >> If you're concerned about nefarious deeds, I'd recommend a HIDS (ie. > >> Tripwire, AIDE), or if you use Debian, something like Debsums+Tiger. > >> That should reveal any monkey business. > > ditto, highly recommended. Well, the way I look at it, I care less about the autopsy than preventing the death in the first place. The people who will have the root password are the same people who have the windows domain administrator password. You either trust them or you do the work of 5 people yourself. > > > Has anyone used/tried AppArmor? > > never bothered to give it a shot but from what i hear, much like SElinux > it's "worth more trouble than it is good". again, YMMV; word of mouth. Interesting. I went to a Novell D 'n' P show where that was precisely the comparison. Except, their pitch was that AppArmor accomplished the more realistic security aspects of SELinux without the difficulty of configuration and administration. I haven't tried it. That's why I wondered if anyone here has. > > and there aren't any viable linux virii, no... and they can't really > propagate, but what happens if you contract one? that user can > potentially be toast. true, it's easily fixed with an rm /home/<foo> and > then restoring the backup but what if that user had sudo access (which > DOES validate your concerns, stewart)? you're looking at a system-wide > audit at that point. Which is a reason not to use sudo.
Attachment: signature.asc
Description: This is a digitally signed message part.

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] AV software for Linux
From: "Steve Morgan" <stevem.firefly@gmail.com>

References:

[PLUG] AV software for Linux
From: Art Alexion <art.alexion@verizon.net>

Re: [PLUG] AV software for Linux
From: Art Alexion <art.alexion@verizon.net>

Re: [PLUG] AV software for Linux
From: brent saner <brent.saner@gmail.com>

Prev by Date: [PLUG] OT - self-publishing

Next by Date: Re: [PLUG] AV software for Linux

Previous by thread: Re: [PLUG] AV software for Linux

Next by thread: Re: [PLUG] AV software for Linux

Index(es):

Date

Thread