Mark Cox - líder do Red Hat Security Response Team - fala sobre problemas de segurança, políticas de atualizações na RHN, e dicas para manter o Linux mais seguro.
Episode 1: The Vendor
Episode 2: Policies
Episode 3: Tips for a secure system
Episode 4: Security issues and metrics
Fonte: Red Hat Magazine
sábado, fevereiro 23, 2008
sexta-feira, fevereiro 22, 2008
quarta-feira, fevereiro 06, 2008
Post muito engraçado (ou não, depende do seu ponto de vista) feito por Spencer Shimko em http://beyondabstraction.net/2008/01/10/selinux-slogans
- SELinux - Because users do weird shit.
- SELinux - Fuck root.
- SELinux - Hampering administrators since before it was cool.
- SELinux - High-security gone haywire.
- SELinux - Turning it off is like removing the batteries from a smoke detector. Sure it sounds better but you might get burned.
- SELinux - Because life is too simple.
- SELinux - AppArmor sucks.
- SELinux - It’s too early in the morning to be cleaning up after 11-year old kiddies.
- SELinux - Too powerful for our own good.
- SELinux - Here’s our root password, what’s yours?
- SELinux - Didn’t they teach you about using protection in high-school?
- SELinux - Blind faith not required
- SELinux will save you tons of money, your TCO will go down and your ROI will go up.
- SELinux supports 3-letter acronyms out of the box, no complex policy changes required.
- Zero day vulnerabilities are a fact. Do something about it.
- Trusted Solaris has been end-of-lifed and you’re not in the government space to begin with.
- Path-named based access control is weak.
- Implicitly trusting admins doesn’t have to be SOP.
- You’re not a security expert, let us do the hard work.
- The US military (and others) trust SELinux with their information, shouldn’t you?