Art Alexion on 14 Dec 2007 14:00:08 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] AV software for Linux


On Thursday 13 December 2007 16:04:45 brent saner wrote:
> Art Alexion wrote:
> > I'm thinking real root accounts instead of sudo, with no root passwords
> > distributed to regular users should solve this.  For years the users have
> > been told to save important data to a network drive.  That we are not
> > responsible for lost files on desktops.
>
> the nice thing about sudo though is that you can track activity if you
> really wanted to, to some degree. i get a little wary about multiple
> people knowing a root password. if someone gets any funny ideas, what's
> to stop them? it may be to late. with sudo, you can have at least some
> sort of cushion layer there...
>
> >> .
> >>
> >> If you're concerned about nefarious deeds, I'd recommend a HIDS (ie.
> >> Tripwire, AIDE), or if you use Debian, something like Debsums+Tiger. 
> >> That should reveal any monkey business.
>
> ditto, highly recommended.

Well, the way I look at it, I care less about the autopsy than preventing the 
death in the first place.  The people who will have the root password are the 
same people who have the windows domain administrator password.  You either 
trust them or you do the work of 5 people yourself.


>
> > Has anyone used/tried AppArmor?
>
> never bothered to give it a shot but from what i hear, much like SElinux
> it's "worth more trouble than it is good". again, YMMV; word of mouth.

Interesting.  I went to a Novell D 'n' P show where that was precisely the 
comparison.  Except, their pitch was that AppArmor accomplished the more 
realistic security aspects of SELinux without the difficulty of configuration 
and administration.  I haven't tried it.  That's why I wondered if anyone 
here has.


>
> and there aren't any viable linux virii, no... and they can't really
> propagate, but what happens if you contract one? that user can
> potentially be toast. true, it's easily fixed with an rm /home/<foo> and
> then restoring the backup but what if that user had sudo access (which
> DOES validate your concerns, stewart)? you're looking at a system-wide
> audit at that point.

Which is a reason not to use sudo.



Attachment: signature.asc
Description: This is a digitally signed message part.

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug