[EdLUG] Fwd: [Baen Baen's Bar] Cybersecurity

Edinburgh Linux Users Group edlug at lists.edlug.org.uk
Wed Feb 20 19:39:51 UTC 2019


When I was asked to provide the root passwords to an auditor, I refused 
because I thought that was a risk in itself. The auditor was apparently 
impressed by this attitude because they never asked again ;-) (did I pass 
the test?)

But (after finding out about cfg2html) I would offer them full documention 
of the systems involved, for example what is produced by cfg2html 
(https://www.cfg2html.com/)

If they respond to that in a manner that would suggest that they understood 
it, and they would want more, I would give it to them (but still not the 
root password - if I could not avoid giving it to them, I would have to 
change it afterwards).

For your consideration
Geetam


---
I don't know
...
I don't know what it is
...
I don't know what it is that I don't know

Isn't it beautiful


On 19 February 2019 19:12:34 Edinburgh Linux Users Group 
<edlug at lists.edlug.org.uk> wrote:
> I just received this email.  Can anyone advise the OP on this question ?
> Andrew Ramage
>
>
> -------- Forwarded Message --------
> Subject: [Baen Baen's Bar] Cybersecurity
> Date: Tue, 19 Feb 2019 11:32:46 -0600vise
> From: piobair <piobair at mindspring.com>
> Reply-To: baens_bar at bar.baen.com
> Organization: Baen's Bar
> To: baens_bar at bar.baen.com
> Newsgroups: Baen_Baens_Bar
>
>
>
>
> The Board of Directors overseeing a friend of mine has decided that they 
> need a security audit by an independent auditor. My friend's entire system 
> is running on Linux with Linux servers and (mostly) thin clients.
> He put out an RFP and, in his words, they want the keys to the front door 
> in order to see if the china cabinet is locked.
> Can an adequate audit be made from the /var/log files?
> --
> EdLUG mailing list
> EdLUG at lists.edlug.org.uk
> https://lists.edlug.org.uk/mailman/listinfo/edlug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.edlug.org.uk/pipermail/edlug/attachments/20190220/d9b8c6cb/attachment.html>


More information about the EdLUG mailing list