[CentOS] security compliance vs. old software versions

Wed Jun 30 20:52:37 UTC 2010
Frank Cox <theatre at sasktel.net>

On Wed, 2010-06-30 at 15:14 -0400, m.roth at 5-cent.us wrote:
> Sorry, you lost me here. I turned off all access to the h/d/ramdisk on
> the
> printers, and left it off. This, of course, slows things down a lot,
> but
> it's "Secure".

The point is that the security scan is supposed to be verifying that
your setup is, in fact, secure.  If you change your setup before running
the scan, and then change it back immediately afterward, how is that
verifying that your setup is, in fact, secure?  What you scanned != what
you are actually using.

If your purpose is simply to check off a box on a form, why not just
write the Sooper Dooper Security Scanner yourself?

int main(void)
	{
	printf("Sooper Dooper Security Scanner!\n);
	printf("Starting scan...\nScan completed...\nScan passed.\n"
	exit 0;
	}

You would gain just as much from that as what you're gaining right now,
and it would take less effort on your part.

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com