24 Apr
2009
24 Apr
'09
12:05 p.m.
On Thu, 23 Apr 2009 18:10:38 -0400, Ross Walker wrote:
How about running it as the untrusted user 'clamav'?
How's that user going to check anything that's not o+r?
I know there is a lot of boilerplate regulation out there, I have my fair share to deal with myself. Often hidden in the BS there is a good intention it just requires a little give and take. Give in to a little BS here to get a little break on the BS there.
What the consultant should be working off of is an accurate risk assessment of the OS and the applications installed on it, not some dumb checklist.
Yeah, well, problem is, you don't get to choose who's going to assess you.