On Fri, 22 Mar 2002 Valdis.Kletnieksat_private wrote: > On Fri, 22 Mar 2002 16:50:54 EST, jmjonesat_private said: > > > GREAT! Interchangable modules WILL allow more administrators to apply > > secure solutions without recompiling the kernel... depending on how easy > > it is to aquire modules. :) Couldn't a "standard patch" equally serve > > this need? "5 steps to greater security." Would the difficulty in > > patching the kernel outweigh the difficulty of configuring the > > module/solution? > > The writing I've done for the Center for Internet Security has shown me that > there is little, if any, consensus on which 5 steps to use. No one security > policy is one-size-fits-all. > > Personally, I'm amazed the *HOOKS* are as close to one-size-fits-all as they > are (sorry, you audit freaks, maybe in phase 2 ;) I'm amazed too... there's little I can't do (sometimes by extreme manipulation) with these hooks. BUT, if "no one security policy is one-size-fits-all", where stands the LSM policy... one size fits most? HOW? > -- > Valdis Kletnieks > Computer Systems Senior Engineer > Virginia Tech Sincerely, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 14:42:09 PST