RE: Linux Hardening

From: Iggy Fernandez <iggy_fernandez_at_hotmail.com>
Date: Tue, 24 Mar 2015 21:43:33 -0700
Message-ID: <BLU179-W1270B8F250A74F8F4B9569EB0B0_at_phx.gbl>



I believe that ODA-specific STIG scripts are available in MOS. That should be all you should ever need. I'm not sure why Oracle does not simply implement them. Perhaps an ODA guru here can fess up. Iggy

Date: Wed, 25 Mar 2015 05:35:06 +0200
Subject: Re: Linux Hardening
From: georgelza_at_gmail.com
To: knecht.stefan_at_gmail.com
CC: dmarc-noreply_at_freelists.org; oracle-l_at_freelists.org

Hi Stefan
It's not me trying to do this, I got a client that bought 2 ODA's, yes they are a Bank and def fall under PCI. So my question was, what would PCI require? is there a white paper stating the requirements for linux and maybe also the database? and then for me a broader question, we have these standards, each with their own requirement, is a similar document available per standard as per the above PCI request. I see the NSA document as a large encompassing lock everything down, and not necessarily what the customer need, they just need to adhere to in this case, PCI. G
On Tue, Mar 24, 2015 at 10:43 PM, Stefan Knecht <knecht.stefan_at_gmail.com> wrote: George, I think you should be asking yourself what you are trying to achieve or secure. Applying random security standards isn't going to solve a specific problem. Think about what you want to protect, and what the extent of "discomfort" is, that you're willing to accept in order to achieve the relevant security that makes your clients / managers feel safe. Nowadays, security knows virtually no limits. The only real limit is your imagination, and your budget. PCI/DSS, Sarbanes Oxley, and whatever other standards may exist; they exist to serve a specific purpose. Securing a system that has nothing whatsoever to do with credit cards according to PCI/DSS makes little to no sense. I think if you're looking for very specific recommendations you would be better off stating what you're trying to protect, and from what kind of attack vectors. That would enable the list's readers to provide you with advise in relation to your actual situation.

Stefan

On Wed, Mar 25, 2015 at 12:48 AM, George <georgelza_at_gmail.com> wrote: Hi Mladen
Thanks, It seems everyone lists that document as the main source. Let me ask the more security guys a different question, what is the different security standards.I know of PCI, POPI, Serbians Oxley, G
On Tue, Mar 24, 2015 at 7:42 PM, Mladen Gogala <dmarc-noreply_at_freelists.org> wrote: On 03/24/2015 10:56 AM, George wrote:
Hi guys

Does anyone have a good white paper that covers how/what to change to harder a Linux OS.

G

--
You have the obligation to inform one honestly of the risk, and as a person you are committed to educate yourself to the total risk in any activity!

Once informed & totally aware of the risk, every fool has the right to kill or injure themselves as they see fit!

There is an official, fairly extensive, paper published by the NSA:

https://www.nsa.gov/ia/_files/os/redhat/NSA_RHEL_5_GUIDE_v4.2.pdf

The paper can be found on the government's official page about securing operating systems:

https://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml#linux2

--
Mladen Gogala
Oracle DBA
http://mgogala.freehostia.com

--
http://www.freelists.org/webpage/oracle-l

--

You have the obligation to inform one honestly of the risk, and as a person you are committed to educate yourself to the total risk in any activity!

Once informed & totally aware of the risk, every fool has the right to kill or injure themselves as they see fit!

--

You have the obligation to inform one honestly of the risk, and as a person you are committed to educate yourself to the total risk in any activity!

Once informed & totally aware of the risk, every fool has the right to kill or injure themselves as they see fit!

--
http://www.freelists.org/webpage/oracle-l
Received on Wed Mar 25 2015 - 05:43:33 CET

Original text of this message