Re: [SCIENTIFIC-LINUX-USERS] XFS vs Ext4

Tue, 05 Dec 2023 14:07:49 -0800

Although CIS compliance (for "security" of assets) may be a requirement, it is not infallible and often gives a false sense of being secure from compromises. Example: https://urldefense.proofpoint.com/v2/url?u=https-3A__techcrunch.com_2023_03_16_cisa-2Dnation-2Dstate-2Dhackers-2Dbreach-2Dfederal-2Dagency&d=DwIDaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=6PchYtJmUCDWyWETQdqlMWUVc480pT-DgabXWg_139Oa_NTleIYH_GXzCxcXwLCt&s=T_qwom_-eNAdMLSWz93PZyzR-ZfY2DhKqc79YZ4mCqE&e= and there are some discussions at Black Hat. Whenever a compromise on a CIS compliant system is accomplished (sometimes by a nation-state clandestine service operation/agent), vulnerabilities are discovered that have to be corrected in the compliance testing applications.
Given how ancient SL is at this time, I am curious under which situations it is still used -- dedicated systems that cannot be changed to a more "current" "enterprise" Linux (such as Ubuntu LTS)? 

-----Original Message-----
From: Nico Kadel-Garcia [mailto:nka...@gmail.com]
Sent: Tuesday, December 05, 2023 01:19 PM -08
To: Laura Hild
Cc: scientific-linux-users
Subject: [SCIENTIFIC-LINUX-USERS] XFS vs Ext4

On Tue, Dec 5, 2023 at 9:06 AM Laura Hild <l...@jlab.org> wrote:



No! No. No LVM! Bad admin, no biscuit!
[...]
*Bad* admin. Where's my squirt bottle?


Yeah, I wrote "if you're a slice-and-dicer" for a reason.  One big root is a 
fine option, but it's not the situation I was imagining where one is concerned with 
shrinkability.  I think having hard limits on the growth of certain subtrees can be 
helpful, and sometimes different mount options.  I'm Kickstarting rather than imaging, so 
I don't have a problem including the hostname in the name of the Volume Group.  Everyone 
has different objectives (and I'm skeptical lack of LVM would have adequately protected 
you from your predecessors' and colleagues' :)).


Various options for various filesystems is considered a big deal CIS
compliance. I consider it a completely destabilizing waste of time
better spent elsewhere.

Avoiding LVM and its tendency to  use identical volume names in VM
images is.... a problem in cloud or VM environments where you may wish
to mount and access a previous snapshot of the same VM. Itt's much
easier to cut sections off a long rope than try to tie a bunch of
short pieces to make the rope you need, when trying to tie up loose
ends.

























					Reply via email to