[1994] in linux-security and linux-alert archive
[linux-security] Re: RedHat 5.X Security Book
daemon@ATHENA.MIT.EDU (Christopher Hicks)
Sat Jul 18 05:59:53 1998
Date: Sun, 12 Jul 1998 18:42:43 -0400 (EDT)
From: Christopher Hicks <chicks@chicks.net>
Reply-To: Christopher Hicks <chicks@chicks.net>
To: Rogier Wolff <R.E.Wolff@BitWizard.nl>
cc: Scott Doty <scott@sonic.net>, linux-security@redhat.com
In-Reply-To: <199807121827.UAA00675@cave.BitWizard.nl>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Sun, 12 Jul 1998, Rogier Wolff wrote:
> However besides that, you need to create an understanding in the
> audience. Line-by-line howtos don't help if they are a week out-of-date.
I'm all for encouraging admins to read bugtraq, learn C, and read their
logs every day. But the weakest link argument won't convince a lot of
people who have managers who don't understand these things. It all breaks
down to a set of priorities. If you're not going to take the car in for
regular maintenance, at least change the oil twice a year. If you don't
have time (or the ability) to read Bugtraq, then at least apply the
updates provided by your vendor. If you have a little more time, decide
if you can uninstall or disable anything. If you have a little more time,
set up stuff to monitor your logs. It's all a question of priorities.
I feel guilty for not reading every line of code that installed on my
machines. (I know some of you remember when it was practical to do that.)
But there are lots of people who aren't capable of doing any of that. And
that's only a minor tragedy.
Doing what you can is reality. Having helpful guides that will make that
effort more worthwhile is a good thing.
</chris>
--
load average: 1.00, 1.00, 1.00
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null