Steve,
Thank you for your considerable patience. You're right, that the NSA
guide is a much better fit for RHEL5 that the corresponding CIS document.
I'd point out that the CIS version clearly aims for a certifiable security
configuration (CIS Level 1 security), whereas, as you seem to suggest,
On Thu, Feb 28, 2008 at 2:48 PM, Ed Brown [EMAIL PROTECTED] wrote:
I've asked RedHat to respond through our support channel, but I'd like
to raise this issue here too, for discussion, and to see if others see
a need for a response by RedHat.
There are third-party 'benchmarks' or
- Are RedHat's enterprise operating systems insecure as shipped?
No. For example, the sysctl.conf file doesn't really divulge any secret
information. If you want to set the permissions to 0600, go right ahead. It
won't hurt anything.
Steve,
The problem is that these publications aren't just
On Friday 29 February 2008 13:20:25 Edward F. Brown wrote:
The problem is that these publications aren't just helpful 'guides', they
are becoming authoritative reference standards for securely
configuring RHEL5, a mandate for some of your enterprise customers.
Its my understanding that its not
On Fri, Feb 29, 2008 at 12:40 PM, Steve Grubb [EMAIL PROTECTED] wrote:
On Friday 29 February 2008 13:20:25 Edward F. Brown wrote:
The problem is that these publications aren't just helpful 'guides', they
are becoming authoritative reference standards for securely
configuring RHEL5, a
On Thursday 28 February 2008 16:48:50 Ed Brown wrote:
There are third-party 'benchmarks' or configuration guides for RHEL5 that are
becoming standards, or mandates, at least for some government sites. E.g.:
Both of these you point to, I was involved in.
Each is over a hundred pages of
