Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Unix's 40th Birthday
- Date: Tue, 25 Aug 2009 18:54:32 +0900
- From: Edward Middleton <emiddleton@example.com>
- Subject: Re: [tlug] Unix's 40th Birthday
- References: <4A8D530A.9020901@example.com> <873a7m611b.fsf@example.com> <20090820153054.GA30282@example.com> <871vn659mm.fsf@example.com> <20090821005532.GB17967@example.com> <87ws4x50ia.fsf@example.com> <20090821093044.GA1520@example.com> <4A8E6B71.70003@example.com> <20090821122215.GD1520@example.com> <4A8EBAD2.9090108@example.com> <20090822033006.GC4581@example.com>
- User-agent: Thunderbird 2.0.0.22 (X11/20090731)
Curt Sampson wrote: > Edward Middleton wrote: > >> Well if security is a priority over ease of use Hardened Gentoo offers >> a number of pretty good combinations. I have used PAX hardened SELinux >> installs on servers.... > > See my previous post for why SELinux is more likely, for most people, to > reduce than increase your security. > > (How well have you audited your SELinux configuration?) Sufficiently for the application they were being applied. SELinux (like any other MAC[1] systems) can be complicated and requires tuning for the particular application. They are also only a component of a secure system which is why I used hardened Gentoo which comes with stack smashing protection[2], PAX[3] (i.e. PAX_KERNEXEC). The "AllowPasswords no" issue is pretty stupid, but it is in the OpenSSH configuration file (a part of the OpenSSH application) not PAM. Perhaps you should create a serious secure distribution without ssh ;) Edward 1. http://en.wikipedia.org/wiki/Mandatory_access_control 2. http://en.wikipedia.org/wiki/Stack-smashing_protection 3. http://en.wikipedia.org/wiki/PaX
- Follow-Ups:
- Re: [tlug] Unix's 40th Birthday
- From: Curt Sampson
- Re: [tlug] Unix's 40th Birthday
- References:
- Re: [tlug] Unix's 40th Birthday
- From: Sotaro Kobayashi
- [tlug] Unix's 40th Birthday
- From: Stephen J. Turnbull
- Re: [tlug] Unix's 40th Birthday
- From: Curt Sampson
- Re: [tlug] Unix's 40th Birthday
- From: Stephen J. Turnbull
- Re: [tlug] Unix's 40th Birthday
- From: Curt Sampson
- Re: [tlug] Unix's 40th Birthday
- From: Stephen J. Turnbull
- Re: [tlug] Unix's 40th Birthday
- From: Curt Sampson
- Re: [tlug] Unix's 40th Birthday
- From: Edward Middleton
- Re: [tlug] Unix's 40th Birthday
- From: Curt Sampson
- Re: [tlug] Unix's 40th Birthday
- From: Edward Middleton
- Re: [tlug] Unix's 40th Birthday
- From: Curt Sampson
- Re: [tlug] Unix's 40th Birthday
- Prev by Date: Re: [tlug] search for encrypted information exchange
- Next by Date: Re: [tlug] Unix's 40th Birthday
- Previous by thread: Re: [tlug] Unix's 40th Birthday
- Next by thread: Re: [tlug] Unix's 40th Birthday
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |