Re: Reasons for Inclusion

From: jmjonesat_private
Date: Fri Mar 22 2002 - 14:40:28 PST

  • Next message: Crispin Cowan: "Re: Reasons for Inclusion"

    On Fri, 22 Mar 2002 Valdis.Kletnieksat_private wrote:
    
    > On Fri, 22 Mar 2002 16:50:54 EST, jmjonesat_private said:
    > 
    > > GREAT!  Interchangable modules WILL allow more administrators to apply
    > > secure solutions without recompiling the kernel... depending on how easy
    > > it is to aquire modules. :)  Couldn't a "standard patch" equally serve
    > > this need?  "5 steps to greater security."  Would the difficulty in
    > > patching the kernel outweigh the difficulty of configuring the
    > > module/solution?
    > 
    > The writing I've done for the Center for Internet Security has shown me that
    > there is little, if any, consensus on which 5 steps to use.   No one security
    > policy is one-size-fits-all.
    > 
    > Personally, I'm amazed the *HOOKS* are as close to one-size-fits-all as they
    > are (sorry, you audit freaks, maybe in phase 2 ;)
    
    I'm amazed too... there's little I can't do (sometimes by extreme
    manipulation) with these hooks.  BUT, if "no one security policy is
    one-size-fits-all", where stands the LSM policy... one size fits most?
    HOW?
    
    > -- 
    > 				Valdis Kletnieks
    > 				Computer Systems Senior Engineer
    > 				Virginia Tech
    
    Sincerely,
    J. Melvin Jones
    
    |>------------------------------------------------------
    ||  J. MELVIN JONES            jmjonesat_private 
    |>------------------------------------------------------
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    |>------------------------------------------------------
    ||  http://www.jmjones.com/
    |>------------------------------------------------------
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 14:42:09 PST