<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<body>

<div dir="auto">

<div dir="auto"><br></div><div dir="auto">When I was asked to provide the root passwords to an auditor, I refused because I thought that was a risk in itself. The auditor was apparently impressed by this attitude because they never asked again ;-) (did I pass the test?)</div><div dir="auto"><br></div><div dir="auto">But (after finding out about cfg2html) I would offer them full documention of the systems involved, for example what is produced by cfg2html (https<span style="font-size: 12pt;">://www.cfg2html.com/)</span></div><div dir="auto"><br></div><div dir="auto">If they respond to that in a manner that would suggest that they understood it, and they would want more, I would give it to them (but still not the root password - if I could not avoid giving it to them, I would have to change it afterwards).</div><div dir="auto"><br></div><div dir="auto">For your consideration</div><div dir="auto">Geetam</div><div dir="auto"><br></div><div dir="auto"><br></div><div id="aqm-signature" dir="auto" style="color: black;"><div dir="auto">---</div><div dir="auto">I don't know</div><div dir="auto">...</div><div dir="auto">I don't know what it is</div><div dir="auto">...</div><div dir="auto">I don't know what it is that I don't know</div><div dir="auto"><br></div><div dir="auto">Isn't it beautiful</div><div dir="auto"><br></div></div><div dir='auto'><br></div>

<div id="aqm-original" style="color: black;">

<!-- body start -->

<div class="aqm-original-body" style="color: #000000; background: #ffffff;">

<div style="color: black;">

<p style="color: black; font-size: 10pt; font-family: sans-serif; margin: 8pt 0;">On 19 February 2019 19:12:34 Edinburgh Linux Users Group <edlug@lists.edlug.org.uk> wrote:</p>

<blockquote type="cite" class="gmail_quote" style="margin: 0 0 0 0.75ex; border-left: 1px solid #808080; padding-left: 0.75ex;">

    <p>I just received this email.  Can anyone advise the OP on this

      question ?</p>

    <p>Andrew Ramage</p>

    <div class="moz-forward-container"><br>

      <br>

      -------- Forwarded Message --------

      <table class="moz-email-headers-table" cellspacing="0" cellpadding="0" border="0">

        <tbody>

          <tr>

            <th valign="BASELINE" nowrap="nowrap" align="RIGHT">Subject:

            </th>

            <td>[Baen Baen's Bar] Cybersecurity</td>

          </tr>

          <tr>

            <th valign="BASELINE" nowrap="nowrap" align="RIGHT">Date: </th>

            <td>Tue, 19 Feb 2019 11:32:46 -0600vise</td>

          </tr>

          <tr>

            <th valign="BASELINE" nowrap="nowrap" align="RIGHT">From: </th>

            <td>piobair <a class="moz-txt-link-rfc2396E" href="mailto:piobair@mindspring.com"><piobair@mindspring.com></a></td>

          </tr>

          <tr>

            <th valign="BASELINE" nowrap="nowrap" align="RIGHT">Reply-To:

            </th>

            <td><a class="moz-txt-link-abbreviated" href="mailto:baens_bar@bar.baen.com">baens_bar@bar.baen.com</a></td>

          </tr>

          <tr>

            <th valign="BASELINE" nowrap="nowrap" align="RIGHT">Organization:

            </th>

            <td>Baen's Bar</td>

          </tr>

          <tr>

            <th valign="BASELINE" nowrap="nowrap" align="RIGHT">To: </th>

            <td><a class="moz-txt-link-abbreviated" href="mailto:baens_bar@bar.baen.com">baens_bar@bar.baen.com</a></td>

          </tr>

          <tr>

            <th valign="BASELINE" nowrap="nowrap" align="RIGHT">Newsgroups:

            </th>

            <td>Baen_Baens_Bar</td>

          </tr>

        </tbody>

      </table>

      <br>

      <br>

      <pre style="white-space:pre-wrap; word-wrap: break-word; font-family: Verdana,Geneva,Lucida,'Lucida Grande',Arial,Helvetica,Sans-serif;">The Board of Directors overseeing a friend of mine has decided that they need a security audit by an independent auditor. My friend's entire system is running on Linux with Linux servers and (mostly) thin clients.

He put out an RFP and, in his words, they want the keys to the front door in order to see if the china cabinet is locked.

Can an adequate audit be made from the /var/log files?</pre>

    </div>

<div>-- </div>

<div>EdLUG mailing list</div>

<div><a class="aqm-autolink aqm-autowrap" href="mailto:EdLUG%40lists.edlug.org.uk">EdLUG@lists.edlug.org.uk</a></div>

<div><a class="aqm-autolink aqm-autowrap" href="https://lists.edlug.org.uk/mailman/listinfo/edlug">https://lists.edlug.org.uk/mailman/listinfo/edlug</a></div></blockquote>

</div>

</div>

<!-- body end -->

</div><div dir="auto"><br></div>

</div></body>

</html>