Re: Linux Hardening

It's not me trying to do this, I got a client that bought 2 ODA's, yes they are a Bank and def fall under PCI.

So my question was, what would PCI require? is there a white paper stating the requirements for linux and maybe also the database?

and then for me a broader question, we have these standards, each with their own requirement, is a similar document available per standard as per the above PCI request.

I see the NSA document as a large encompassing lock everything down, and not necessarily what the customer need, they just need to adhere to in this case, PCI.

G

On Tue, Mar 24, 2015 at 10:43 PM, Stefan Knecht <knecht.stefan_at_gmail.com> wrote:

> George, I think you should be asking yourself what you are trying to
> achieve or secure. Applying random security standards isn't going to solve
> a specific problem.
>
> Think about what you want to protect, and what the extent of "discomfort"
> is, that you're willing to accept in order to achieve the relevant security
> that makes your clients / managers feel safe. Nowadays, security knows
> virtually no limits. The only real limit is your imagination, and your
> budget.
>
> PCI/DSS, Sarbanes Oxley, and whatever other standards may exist; they
> exist to serve a specific purpose. Securing a system that has nothing
> whatsoever to do with credit cards according to PCI/DSS makes little to no
> sense.
>
> I think if you're looking for very specific recommendations you would be
> better off stating what you're trying to protect, and from what kind of
> attack vectors. That would enable the list's readers to provide you with
> advise in relation to your actual situation.
>
>
> Stefan
>
>
>
>
> On Wed, Mar 25, 2015 at 12:48 AM, George <georgelza_at_gmail.com> wrote:
>
>> Hi Mladen
>>
>> Thanks, It seems everyone lists that document as the main source.
>>
>> Let me ask the more security guys a different question, what is the
>> different security standards.
>> I know of PCI, POPI, Serbians Oxley,
>>
>> G
>>
>> On Tue, Mar 24, 2015 at 7:42 PM, Mladen Gogala <
>> dmarc-noreply_at_freelists.org> wrote:
>>
>>> On 03/24/2015 10:56 AM, George wrote:
>>>
>>>> Hi guys
>>>>
>>>> Does anyone have a good white paper that covers how/what to change to
>>>> harder a Linux OS.
>>>>
>>>> G
>>>>
>>>> --
>>>> You have the obligation to inform one honestly of the risk, and as a
>>>> person
>>>> you are committed to educate yourself to the total risk in any activity!
>>>>
>>>> Once informed & totally aware of the risk,
>>>> every fool has the right to kill or injure themselves as they see fit!
>>>>
>>>
>>> There is an official, fairly extensive, paper published by the NSA:
>>>
>>> https://www.nsa.gov/ia/_files/os/redhat/NSA_RHEL_5_GUIDE_v4.2.pdf
>>>
>>> The paper can be found on the government's official page about securing
>>> operating systems:
>>>
>>> https://www.nsa.gov/ia/mitigation_guidance/security_
>>> configuration_guides/operating_systems.shtml#linux2
>>>
>>>
>>> --
>>> Mladen Gogala
>>> Oracle DBA
>>> http://mgogala.freehostia.com
>>>
>>> --
>>> http://www.freelists.org/webpage/oracle-l
>>>
>>>
>>>
>>
>>
>> --
>> You have the obligation to inform one honestly of the risk, and as a
>> person
>> you are committed to educate yourself to the total risk in any activity!
>>
>> Once informed & totally aware of the risk,
>> every fool has the right to kill or injure themselves as they see fit!
>>
>
>

-- 
You have the obligation to inform one honestly of the risk, and as a person
you are committed to educate yourself to the total risk in any activity!

Once informed & totally aware of the risk,
every fool has the right to kill or injure themselves as they see fit!

--
http://www.freelists.org/webpage/oracle-l