[EdLUG] Fwd: Re: Fwd: [Baen Baen's Bar] Cybersecurity

Edinburgh Linux Users Group edlug at lists.edlug.org.uk
Wed Feb 20 21:57:59 UTC 2019 

Oops, sorry.  I am switching between 2 lists and I got muddled ...

On 20/02/2019 21:55, Edinburgh Linux Users Group wrote:
>
> A reply from a member of Baen's Bar.
>
>
>
> -------- Forwarded Message --------
> Subject: 	Re: [EdLUG] Fwd: [Baen Baen's Bar] Cybersecurity
> Date: 	Wed, 20 Feb 2019 21:38:07 +0000
> From: 	Edinburgh Linux Users Group <edlug at lists.edlug.org.uk>
> Reply-To: 	edlug at lists.edlug.org.uk
> To: 	edlug at lists.edlug.org.uk
>
>
>
> You were 100% correct! Root passwords are sacrosanct.
>
> On 20/02/2019 19:39, Edinmuburgh Linux Users Group wrote:
>>
>> When I was asked to provide the root passwords to an auditor, I 
>> refused because I thought that was a risk in itself. The auditor was 
>> apparently impressed by this attitude because they never asked again 
>> ;-) (did I pass the test?)
>>
>> But (after finding out about cfg2html) I would offer them full 
>> documention of the systems involved, for example what is produced by 
>> cfg2html (https://www.cfg2html.com/)
>>
>> If they respond to that in a manner that would suggest that they 
>> understood it, and they would want more, I would give it to them (but 
>> still not the root password - if I could not avoid giving it to them, 
>> I would have to change it afterwards).
>>
>> For your consideration
>> Geetam
>>
>>
>> ---
>> I don't know
>> ...
>> I don't know what it is
>> ...
>> I don't know what it is that I don't know
>>
>> Isn't it beautiful
>>
>>
>> On 19 February 2019 19:12:34 Edinburgh Linux Users Group 
>> <edlug at lists.edlug.org.uk> wrote:
>>
>>> I just received this email.  Can anyone advise the OP on this question ?
>>>
>>> Andrew Ramage
>>>
>>>
>>>
>>> -------- Forwarded Message --------
>>> Subject: 	[Baen Baen's Bar] Cybersecurity
>>> Date: 	Tue, 19 Feb 2019 11:32:46 -0600vise
>>> From: 	piobair <piobair at mindspring.com>
>>> Reply-To: 	baens_bar at bar.baen.com
>>> Organization: 	Baen's Bar
>>> To: 	baens_bar at bar.baen.com
>>> Newsgroups: 	Baen_Baens_Bar
>>>
>>>
>>>
>>> The Board of Directors overseeing a friend of mine has decided that they need a security audit by an independent auditor. My friend's entire system is running on Linux with Linux servers and (mostly) thin clients.
>>> He put out an RFP and, in his words, they want the keys to the front door in order to see if the china cabinet is locked.
>>> Can an adequate audit be made from the /var/log files?
>>> -- 
>>> EdLUG mailing list
>>> EdLUG at lists.edlug.org.uk <mailto:EdLUG%40lists.edlug.org.uk>
>>> https://lists.edlug.org.uk/mailman/listinfo/edlug
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.edlug.org.uk/pipermail/edlug/attachments/20190220/d4c2a274/attachment.html>

More information about the EdLUG mailing list