> You know, there's a flipness or arrogance in your comments on this > issue that is really disturbing. (The crack/snake oil thing was a > beaut.) Anyone who studies or takes system administration seriously > (again, probably not your average customer) is familiar with secure > configuration guidelines from CIS, NIST, SANS, NSA or possibly others. > The NSA's, specifically for RHEL5, is 170 pages (and supposedly was > developed with input from RedHat, though it still has some bad and/or > arbitrary advice, in my view). It seems like your biases, or lack of > familiarity with the issues that your government customers, at least, > are facing or going to be facing, with respect to these secure > configuration guides, allows you to dismiss them too easily. As I > said initially, some of us don't have that option, we are having to > assert compliance with some such standard. Apparently because it is > widely understood, outside of Redhat anyway, that RedHat's default > 'sensible security' isn't really so much about security as about > usability. I'm not saying usability's not important, I get that. But > it just seems like you're really not getting that security is a higher > priority for some of your customers. > Amen brother! ;-)
I just live with the "State of the Red Hat World". Which to me at least, a lot of the issues you smart guys bring up could be addressed in proper documentation. Which is what I would prefer; with a minimal install as possible but provide me the framework and documentation to add stuff later. I have grown tired of doing a security audit for every major Red Hat release. I don't get as in depth (I consume security guidelines and make decisions about the recommendations) as others on this thread, but if I *knew* that a "security focused minimal install" of Red Hat was driven by the types of people on this thread, I'd be using that install and telling all my friends to use it. Having come from OpenBSD, I just know enough that an out-of-the-box Red Hat install requires some sort of effort on my part to understand what has been installed and what has been configured. /allen _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
