[EdLUG] Fwd: Re: Fwd: [Baen Baen's Bar] Cybersecurity

Edinburgh Linux Users Group edlug at lists.edlug.org.uk
Wed Feb 20 21:55:28 UTC 2019 

A reply from a member of Baen's Bar.



-------- Forwarded Message --------
Subject: 	Re: [EdLUG] Fwd: [Baen Baen's Bar] Cybersecurity
Date: 	Wed, 20 Feb 2019 21:38:07 +0000
From: 	Edinburgh Linux Users Group <edlug at lists.edlug.org.uk>
Reply-To: 	edlug at lists.edlug.org.uk
To: 	edlug at lists.edlug.org.uk



You were 100% correct! Root passwords are sacrosanct.

On 20/02/2019 19:39, Edinburgh Linux Users Group wrote:
>
> When I was asked to provide the root passwords to an auditor, I 
> refused because I thought that was a risk in itself. The auditor was 
> apparently impressed by this attitude because they never asked again 
> ;-) (did I pass the test?)
>
> But (after finding out about cfg2html) I would offer them full 
> documention of the systems involved, for example what is produced by 
> cfg2html (https://www.cfg2html.com/)
>
> If they respond to that in a manner that would suggest that they 
> understood it, and they would want more, I would give it to them (but 
> still not the root password - if I could not avoid giving it to them, 
> I would have to change it afterwards).
>
> For your consideration
> Geetam
>
>
> ---
> I don't know
> ...
> I don't know what it is
> ...
> I don't know what it is that I don't know
>
> Isn't it beautiful
>
>
> On 19 February 2019 19:12:34 Edinburgh Linux Users Group 
> <edlug at lists.edlug.org.uk> wrote:
>
>> I just received this email.  Can anyone advise the OP on this question ?
>>
>> Andrew Ramage
>>
>>
>>
>> -------- Forwarded Message --------
>> Subject: 	[Baen Baen's Bar] Cybersecurity
>> Date: 	Tue, 19 Feb 2019 11:32:46 -0600vise
>> From: 	piobair <piobair at mindspring.com>
>> Reply-To: 	baens_bar at bar.baen.com
>> Organization: 	Baen's Bar
>> To: 	baens_bar at bar.baen.com
>> Newsgroups: 	Baen_Baens_Bar
>>
>>
>>
>> The Board of Directors overseeing a friend of mine has decided that they need a security audit by an independent auditor. My friend's entire system is running on Linux with Linux servers and (mostly) thin clients.
>> He put out an RFP and, in his words, they want the keys to the front door in order to see if the china cabinet is locked.
>> Can an adequate audit be made from the /var/log files?
>> -- 
>> EdLUG mailing list
>> EdLUG at lists.edlug.org.uk <mailto:EdLUG%40lists.edlug.org.uk>
>> https://lists.edlug.org.uk/mailman/listinfo/edlug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.edlug.org.uk/pipermail/edlug/attachments/20190220/ab80283a/attachment-0001.html>
-------------- next part --------------
-- 
EdLUG mailing list
EdLUG at lists.edlug.org.uk
https://lists.edlug.org.uk/mailman/listinfo/edlug

More information about the EdLUG mailing list