-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 30/12/12 12:00, [email protected] wrote: > Send dorset mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://mailman.lug.org.uk/mailman/listinfo/dorset > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of dorset digest..." > > > Today's Topics: > > 1. Re: Can you elaberate on how ksh is more secure? (Ralph Corderoy) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 29 Dec 2012 17:48:47 +0000 > From: Ralph Corderoy <[email protected]> > To: Dorset Linux User Group <[email protected]> > Subject: Re: [Dorset] Can you elaberate on how ksh is more secure? > Message-ID: <[email protected]> > Content-Type: text/plain; charset=utf-8 > > Hi Peter, > >> The source of ksh is not available > > I think AT&T have made the source available now along with other parts > of their `AT&T Software Technology', ast, collection, e.g. sfio, a > replacement for C's stdio. > > Cheers, Ralph. > > > > ------------------------------ > > _______________________________________________ > dorset mailing list > [email protected] > https://mailman.lug.org.uk/mailman/listinfo/dorset > > End of dorset Digest, Vol 466, Issue 4 > ************************************** > > Ralph, I was not aware of that. Thanks.
Using ksh is only 1 small part of my general hardening of our servers, but anything that decreases the security is always a worry. I shall investigate making the shell 'immutable' so it can not be changed, and then monitor its md5 checksum. Also, I guess I could remove the compilers and all source code but I am trying to keep a complete system so I can clone it, or rather have a consistent - read - - up to date - copy so that I can do an off-site clone should it be necessary - having everything available means that on new hardware I can bring up the system quickly. My application server, also RHEL 5 is a VM, so its not a problem, but the database server is a physical system - although it is already cloned at the DR site. I guess security and system lockdown is a continous process.... ;-) cheers pwl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlDgj+sACgkQnbH2cLovUvKPuACeNcmmp4w1dRT79BZWvnGxf3yb VJ0AoJnQxZvDPPTX+9VrZwP7uDSKZIdW =fD9z -----END PGP SIGNATURE-----
-- Next meeting: Bournemouth, Tuesday, 2013-01-08 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread on mailing list: mailto:[email protected] How to Report Bugs Effectively: http://goo.gl/4Xue
