[svlug] rpm tips: full version including epoch, CVEs fixed via backport
rfreiberger at gmail.com
Thu Nov 29 11:45:55 PST 2012
When I was working with Windows Server I had the duties of prepping systems
for PCI compliance. With Windows Server 2003 the process was not as smooth
as Linux/BSD, Powershell (Windows command shell) wasn't developed enough to
offer all the features to command line as it had with GUI. So my duties
were to do a bunch of clicking, saving security profiles, validate the
application works after system lock down.
I really felt like the whole process while having good intentions, wasn't
worth the effort unless everyone in the chain was on board. Many times, we
had to use a specific port due to the application requiring it, or leaving
a service running by default, else the vendor would pull back their
support. Won't go into the difficulties I had applying security changes on
Windows Server but after calls to Microsoft support about automating or
scripting the details I was told, "that's not supported". My "fix" was
using a security template with the ideal default settings and open them up
as required (one change at a time). Something like 300+ variables, this
could take either minutes or days to complete for each host.
Ironically, after this I started to learn the differences between the
closed source Windows and open source Linux/BSD world. Asked the Linux
guys, "how did you get your system to pass the audit?" they would mention
making changes on the host I didn't have the ability on Windows. Now years
later I have a much higher respect for Linux/BSD and understanding
On Thu, Nov 29, 2012 at 10:11 AM, Rick Moen <rick at linuxmafia.com> wrote:
> Quoting Dan Mashal (dan.mashal at gmail.com):
> > Every CVE is an "emergency". Every security issue "critical". Everything
> > MUST be encrypted. 3 times.
> > Biggest scam artists in the industry in the last few years.
> I would guess you've encountered PCI compliance. ;->
> Cheers, Nothing's hotter than having a copyeditor correct your sex
> Rick Moen -- Max
> rick at linuxmafia.com
> McQ! (4x80)
> svlug mailing list
> svlug at lists.svlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the svlug