[CentOS] General questions about security
    Niki Kovacs 
    contact at kikinovak.net
       
    Fri Feb  1 11:47:36 UTC 2008
    
    
  
Les Bell a écrit :
> Policy. It's a drag, writing policies, but without policies, you're in the
> "Ready! Fire! Aim!" school of security.  The top tier of policy is the
> "Enterprise Security Policy", which establishes the security function,
> roles, responsibilities, budget, etc. It also gives the power to enforce
> penalties for breaches of policies. At the next tier, you have system- and
> issue-specific policies, such as the "Use of corporate email" policy, the
> "Inappropriate content in the workplace" policy. You may then move down to
> standards (platforms, SOE, etc.) and procedures (e.g. for provisioning user
> accounts, resetting passwords, etc.).
<snip>
Thanks for your very detailed response. Though I can't help feeling a 
bit like having asked for an identity photo... and getting a 10-foot oil 
painting :oD
Basically, all I'm concerned about security-wise is a modest 
Apache/PHP/MySQL server running a single public library management 
software, and interconnecting eleven (small) public libraries, with a 
total of 60.000 database entries. No (very) big deal.
The configuration is supposed to run on a dedicated server, so my 
question will be more practical:
- Is it worth the hassle to bother with SELinux?
- Is the standard firewall configuration enough, or do I really have to 
fine-tune the thing?
- Basically, what auditing tools besides NMap can you recommend for such 
a thing?
cheers,
Niki
    
    
More information about the CentOS
mailing list