[svlug] rpm tips: full version including epoch, CVEs fixed via backport

Robert Freiberger rfreiberger at gmail.com
Thu Nov 29 11:45:55 PST 2012

Previous message: [svlug] rpm tips: full version including epoch, CVEs fixed via backport
Next message: [svlug] rpm tips: full version including epoch, CVEs fixed via backport
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When I was working with Windows Server I had the duties of prepping systems
for PCI compliance. With Windows Server 2003 the process was not as smooth
as Linux/BSD, Powershell (Windows command shell) wasn't developed enough to
offer all the features to command line as it had with GUI. So my duties
were to do a bunch of clicking, saving security profiles, validate the
application works after system lock down.

I really felt like the whole process while having good intentions, wasn't
worth the effort unless everyone in the chain was on board. Many times, we
had to use a specific port due to the application requiring it, or leaving
a service running by default, else the vendor would pull back their
support. Won't go into the difficulties I had applying security changes on
Windows Server but after calls to Microsoft support about automating or
scripting the details I was told, "that's not supported". My "fix" was
using a security template with the ideal default settings and open them up
as required (one change at a time). Something like 300+ variables, this
could take either minutes or days to complete for each host.

Ironically, after this I started to learn the differences between the
closed source Windows and open source Linux/BSD world. Asked the Linux
guys, "how did you get your system to pass the audit?" they would mention
making changes on the host I didn't have the ability on Windows. Now years
later I have a much higher respect for Linux/BSD and understanding
security.

Robert

On Thu, Nov 29, 2012 at 10:11 AM, Rick Moen <rick at linuxmafia.com> wrote:

> Quoting Dan Mashal (dan.mashal at gmail.com):
>
> > Every CVE is an "emergency". Every security issue "critical". Everything
> > MUST be encrypted. 3 times.
> >
> > Biggest scam artists in the industry in the last few years.
>
> I would guess you've encountered PCI compliance.  ;->
>
> --
> Cheers,      Nothing's hotter than having a copyeditor correct your sex
> scenes.
> Rick Moen                                                       -- Max
> Barry
> rick at linuxmafia.com
> McQ! (4x80)
>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
>

-- 
Robert Freiberger
510-936-1210
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.svlug.org/archives/svlug/attachments/20121129/914ca861/attachment.htm

Previous message: [svlug] rpm tips: full version including epoch, CVEs fixed via backport
Next message: [svlug] rpm tips: full version including epoch, CVEs fixed via backport
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list