[CentOS] General questions about security
Niki Kovacs
contact at kikinovak.net
Fri Feb 1 11:47:36 UTC 2008
Les Bell a écrit :
> Policy. It's a drag, writing policies, but without policies, you're in the
> "Ready! Fire! Aim!" school of security. The top tier of policy is the
> "Enterprise Security Policy", which establishes the security function,
> roles, responsibilities, budget, etc. It also gives the power to enforce
> penalties for breaches of policies. At the next tier, you have system- and
> issue-specific policies, such as the "Use of corporate email" policy, the
> "Inappropriate content in the workplace" policy. You may then move down to
> standards (platforms, SOE, etc.) and procedures (e.g. for provisioning user
> accounts, resetting passwords, etc.).
<snip>
Thanks for your very detailed response. Though I can't help feeling a
bit like having asked for an identity photo... and getting a 10-foot oil
painting :oD
Basically, all I'm concerned about security-wise is a modest
Apache/PHP/MySQL server running a single public library management
software, and interconnecting eleven (small) public libraries, with a
total of 60.000 database entries. No (very) big deal.
The configuration is supposed to run on a dedicated server, so my
question will be more practical:
- Is it worth the hassle to bother with SELinux?
- Is the standard firewall configuration enough, or do I really have to
fine-tune the thing?
- Basically, what auditing tools besides NMap can you recommend for such
a thing?
cheers,
Niki
More information about the CentOS
mailing list