On Wed, 30 Apr 2008 14:06:26 -0500, Stephen Frazier <[EMAIL PROTECTED] us> wrote:
>That will never get past an auditor who has read about but doesn't under stand REXEC. :) > >David Boyes wrote: >> >> Move his files to SFS, export the SFS directory via NFS to a Linux >> guest, and configure REXEC on the Linux guest via a private guest LAN >> that is not connected to external network to allow him to remotely >> execute SCP on Linux from CMS. Done. > >-- >Stephen Frazier >Information Technology Unit >Oklahoma Department of Corrections >3400 Martin Luther King >Oklahoma City, Ok, 73111-4298 >Tel.: (405) 425-2549 >Fax: (405) 425-2554 >Pager: (405) 690-1828 >email: stevef%doc.state.ok.us >======================== ========================= ========== ============== If FTP makes them freak, REXEC is even worse. I am presented with a document -- the Unix/Linux Security Baseline. No on e I have met yet really understands it. Someone bought a program to snoop around on all servers l ooking for "violations". My user is in violation. He knows nothing about VM, he just knows he send s data to a VM userid via FTP, and has been told to stop or use SFTP. I found another document on File Transfer Standards that says FTP over SS L is "most preferred". So I pointed out the apparent contradiction. They denied that there is a con tradiction, but someone has been asked to look into revising the Unix/Linux Security Baseline. I guess they get to consider the question of managing the certificates. This being the Bank, the vario us sloppinesses you all mention are probably against the rules. So maybe somewhere down the road they may decide to take advantage of FTP over SSL. Thanks very much for all the information! I know a lot more than when I s tarted out. Alan Ackerman Alan (dot) Ackerman (at) Bank of America (dot) com
