[linux-security] Re: You got some 'splaininn to do Lucy ;-)

[John Summerfield <summer OS2 ami com au>]

> >
> > He is talking about audit trail. A subset of (the defunct)
> > POSIX.1e standard.
> > He is correct that Linux does not support auditing. Then again I've yet
> > to see many application that make use of audting.
> >
> 
> I agree.  I could be wrong but why would his company want to put out a
> product for Linux when there are plenty of free and open tools already out
> there?  After all, their goal is to sell you a very expensive security
> solution.  With Linux I don't really see that it is needed.
> 
> This has been my personal experience.  My Linux and FreeBSD boxes are very
> secure never had a single problem.  The Win machines I'm amazed when they

Without an audit trail, how would you know?

Some versions of BIND had a bug allowed hackers root access. Other than 
BIND mysteriously crashing, you'd never know it happened. Someone could 
have made of with a copy of some sensitive information without you every 
knowing it had been accessed: with an audit trail, you might at least 
discover it had been read by someone who shouldn't.

 

-- 
Cheers
John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.