Re: Linux Hardening

From: Hans Forbrich <fuzzy.graybeard_at_gmail.com>
Date: Wed, 25 Mar 2015 04:29:00 -0600
Message-ID: <55128DEC.50802_at_gmail.com>



On 24/03/2015 10:43 PM, Iggy Fernandez wrote:
> I believe that ODA-specific STIG scripts are available in MOS. That
> should be all you should ever need.
>
> I'm not sure why Oracle does not simply implement them. Perhaps an ODA
> guru here can fess up.
>
> Iggy
>

Perhaps because a complete implementation of the STIG is pretty excessive and will disable some functionality of a Linux environment. For example, completely eliminating in and out smtp.

Basically a complete removal based on STIG or NSA requires a careful re-insertion of piles of packages (RPMs), and that can be more time consuming than carefully evaluating and removing what you don't want.

I did such an implementation 3 years ago for a government agency in Canada. You would be surprised how many things had dependencies on stuff in the 'games' group ... some of that has been resolved, though.

/Hans

--
http://www.freelists.org/webpage/oracle-l
Received on Wed Mar 25 2015 - 11:29:00 CET

Original text of this message