[2187] in linux-security and linux-alert archive
[linux-security] Re: You got some 'splaininn to do Lucy ;-)
daemon@ATHENA.MIT.EDU (John Summerfield)
Fri Jul 30 12:23:41 1999
To: linux-security@redhat.com
In-Reply-To: Your message of "Thu, 29 Jul 1999 00:36:39 MST."
<000101bed995$181f1fc0$72b61e18@m2.socal.rr.com>
Date: Fri, 30 Jul 1999 07:53:01 +0800
From: John Summerfield <summer@OS2.ami.com.au>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
> >
> > He is talking about audit trail. A subset of (the defunct)
> > POSIX.1e standard.
> > He is correct that Linux does not support auditing. Then again I've yet
> > to see many application that make use of audting.
> >
>
> I agree. I could be wrong but why would his company want to put out a
> product for Linux when there are plenty of free and open tools already out
> there? After all, their goal is to sell you a very expensive security
> solution. With Linux I don't really see that it is needed.
>
> This has been my personal experience. My Linux and FreeBSD boxes are very
> secure never had a single problem. The Win machines I'm amazed when they
Without an audit trail, how would you know?
Some versions of BIND had a bug allowed hackers root access. Other than
BIND mysteriously crashing, you'd never know it happened. Someone could
have made of with a copy of some sensitive information without you every
knowing it had been accessed: with an audit trail, you might at least
discover it had been read by someone who shouldn't.
--
Cheers
John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
