All,
One of my projects we use a lot of RHEL 3 servers for many large
customers. The question comes up all the time about how do we secure
the systems. The answer is essentially "We start with the minimal
server, install only what is needed, further remove what we don't
use, turn off and remove the software of all unused network listening
services, and apply our own lock downs. This a documented checklist
which is available for your review".
What we are aiming for is something like "We start with a fully
<insert standard here> and perform only the changes we need to for
functionality". The question is, what choices of standard are there
? The NSA has a template for Windows, but makes SELinux for Linux.
That's not really a standard. There are lockdown scripts like
Bastille... but still not a standard. If there was a template for
Bastille that was a well known or defacto standard... that might be something.
Thoughts ? Suggestions ?
Thanks,
Mike
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
