[ale] IBM is buying Redhat!

A. P. Garcia a.phillip.garcia at gmail.com
Mon Oct 29 21:14:01 EDT 2018


The Center for Internet Security publishes some really good hardening
guides for various operating systems, software, and devices. Their guide
for Red Hat Enterprise Linux mandates the use of selinux.

https://www.cisecurity.org/benchmark/red_hat_linux/

On Mon, Oct 29, 2018, 10:51 AM Jim Kinney via Ale <ale at ale.org> wrote:

> AppArmour is the Debian tool.
> It similar to selinux in that it hardens application processes to
> accessing only the sockets and files they need to function (blocking 0-day
> privilege escalations). It does NOT support anything like MLS (multi-level
> security) or MGS (Multi-Group Security) that enforces user, group, process,
> file, and application communication based on defined relationships and
> enforced access control and logging of all access and data movement.
>
> On Mon, 2018-10-29 at 10:40 -0400, Simba via Ale wrote:
>
> That's been true for years but I think it's less so these days. Debian
>
> has a lot of support in the commercial sector. Like I said it's got
>
> something similar to SELinux but I don't recall, someone in #debian on
>
> freenode explained it to me like a year ago.
>
>
> Personally, I really dislike when someone in the commercial sector
>
> believes they have to use RHEL because it's "the secure one", and I try
>
> to encourage them to use Debian instead, because the stable branch is
>
> plenty secure.
>
>
> of course I realize I'm saying this right after a vulnerability was
>
> spotted in SystemD but it's been patched at the source and i'm confident
>
> a fix will be coming down the pipe soon.
>
>
> https://security-tracker.debian.org/tracker/CVE-2018-15688
>
>
> We could argue forever over which distro is most secure.. who's got the
>
> time.
>
>
>
> Simba Lion - https://tailpuff.net
>
> https://keybase.io/simbalion
>
>
> "Why is a raven like a writing desk?"
>
> On 10/29/18 10:26 AM, James Taylor via Ale wrote:
>
> Just an added note about meeting DoD requirements.
>
> SUSE and redHat spend a lot of time upfront baking DoD security
>
> specifications into each of their releases before they are allowed out
>
> the door.
>
> Government, and most commercial customers care about that.
>
> I don’t always use commercial versions of linux for customer solutions,
>
> but when I'm working with clients in to regulated spaces, that doesn’t
>
> fly far.
>
> -jt
>
>
>
>
> On Oct 29, 2018, at 9:33 AM, Beddingfield, Allen via Ale <ale at ale.org
>
> <mailto:ale at ale.org>> wrote:
>
>
> Oh, and I forgot to mention:  Support for LONG term releases,
>
> backporting of fixes, and rigid change control.
>
> For example:  Want to upgrade from version 12.2 to version 12.3?
>
>  Better start the approval process a year early...  document your
>
> testing plan, provide a tested backout plan, have adequate testing
>
> documented and verified by the proper people, pass the change control
>
> approval process to go into a limited subset of test systems....wait
>
> the required time for full deployment to test systems....wait the
>
> required time for production rollout.
>
> Or:  Want to apply an in-the-wild zero day exploit patch? Follow a
>
> slightly faster variation of the above process.
>
>
> The Debian or Ubuntu model will not pass the change control
>
> requirements.  These are the reasons that SUSE and Red Hat backport
>
> fixes into an old version of a package for seven+ years, instead of
>
> incrementing the version.  That is why SUSE is still patching PHP
>
> 5.3.x on SLES 11 SP4.
>
>
> Allen B.
>
>
>
> _______________________________________________
>
> Ale mailing list
>
> Ale at ale.org
>
> https://mail.ale.org/mailman/listinfo/ale
>
> See JOBS, ANNOUNCE and SCHOOLS lists at
>
> http://mail.ale.org/mailman/listinfo
>
>
> _______________________________________________
>
> Ale mailing list
>
> Ale at ale.org
>
> https://mail.ale.org/mailman/listinfo/ale
>
> See JOBS, ANNOUNCE and SCHOOLS lists at
>
> http://mail.ale.org/mailman/listinfo
>
>
> --
>
> James P. Kinney III Every time you stop a school, you will have to build a
> jail. What you gain at one end you lose at the other. It's like feeding a
> dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark
> Twain http://heretothereideas.blogspot.com/
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20181029/78ce5f15/attachment.html>


More information about the Ale mailing list