Gregory K. Ruiz-Ade wrote:
On May 20, 2008, at 10:13 AM, David Brown wrote:
I agree with the security code being a problem, but do you expect to be
able to do the scanning without being root?
See, there's that now-seemingly-arbitrary "you must be root to do
special things" idea that's a holdover from when there were, what, 5
unix hosts on the internet ([D]ARPANET)?
I'm still not sure the "you must be root" metric is appropriate
anymore. MACs and other capabilities/roles methods are much better.
Yes you do need root in order to do a complete, competent security scan.
root access is required for many functions required for performing such
scans and audits. Even sudo is not good enough.
I too agree with the security code BS.
That said, I used to use both Nessus and SARA (http://www-arc.com/sara/)
for security audits.
PGA
--
Paul G. Allen, BSIT/SE
Owner, Sr. Engineer
Random Logic Consulting Services
www.randomlogic.com
--
KPLUG-List@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
