[2177] in linux-security and linux-alert archive
[linux-security] Re: You got some 'splaininn to do Lucy ;-)
daemon@ATHENA.MIT.EDU (Brent Sims)
Thu Jul 29 03:04:18 1999
Date: Wed, 28 Jul 1999 18:04:51 -0600 (MDT)
From: Brent Sims <brent@rmi.net>
To: Kirwan Marty <Kirwan_Marty@prc.com>
cc: linux-security@redhat.com, recipient list not shown: ;
In-Reply-To: <A09D16EC48EED211ACF000902732D1D84F4750@MCL6.prc.com>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Wed, 28 Jul 1999, Kirwan Marty so wrote:
> We just had a security application vendor come in. We asked about Linux
> support and he said that putting a security application on top of an
> insecure OS was useless. When I asked what he meant by insecure he replied
> that Linux does not have a true Auditing capability - as opposed to HP-UX &
> Solaris which they do support. Can anyone explain to me what he was talking
> about?
>
He's blowing smoke out of his ... Linux is different, and by
default Red Hat installs a bit loose, but I can clamp down a Linux box
just as tight, perhaps tighter than can be done with HP-UX and Solaris.
The biggest advantage that HP-UX and Solaris have is a lot less users and
a lot less open source - Its called Security by Obscurity and while it is
effective, only a raving lunatic would leave it at that.
More than likely he bailed out simply because he hasn't figured
out how to compete in the open source market.
Send him my way...
Peace be with you,
Brent Sims
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
