[unisog] Linux Security

James Goldston jgoldston at sses.net
Wed Jul 16 19:47:09 GMT 2003

Sorry for the late posting.  A filter screwed up that made me look at
several unisog postings today.  One was concerning the GLB.  After sending
the post, I thought I had better check back a way to see if there has been
discussion about the GLB in unisog.  I noticed the below.  Perhaps it is old
hat by now, but thought I'd respond anyway.  If no one responds then I'll
have my answer.

First a question.  Where in the GLB do you see the need to have a
"certified" system (OS or otherwise)?  I see nothing there, nor in the
banking agencies regulatory responses to the GLB (in the various CFRs).


> -----Original Message-----
> From: Darden, Patrick S. [mailto:darden at armc.org]
> Sent: Wednesday, May 14, 2003 3:54 PM
> To: 'Lisa Bogar'; unisog at sans.org
> Subject: RE: [unisog] Linux Security
> I think the Bastille project does what you want.  They have a hardening
> script that takes you through the process step-by-step, asking
> you questions
> and providing context.  It is very complete and effective.  It is
> partially
> based on the wonderful SANS textbook: Linux Security Step-By-Step
> (of which
> I am a contributor, so I am biased).
> --Patrick Darden
> -----Original Message-----
> From: Lisa Bogar [mailto:lbogar at montana.edu]
> Sent: Wednesday, May 14, 2003 2:16 PM
> To: unisog at sans.org
> Subject: [unisog] Linux Security
> With the GLB and various other acts it has driven the need to develop a
> checklist for systems to be "certified".  I have been tasked with
> developing a checklist for Linux systems to certify they are secure.
> I was wondering curious what other institutions have done along these
> lines and if anyone might be willing to share what they have developed.
> Thanks,
> Lisa

More information about the unisog mailing list