So you make your own policy, and then implement it, and probably also audit the implementation?[...]Maintaining those policies can be very costly. Just wondering what you are so paranoid about...
For paranoid users/admins like me, grsec with pax and some others
options enabled, a system updated and systrace with good policies
sounds like 'kiddies' out! :)
It's only my own policy.And it's really funny for me.
Whos' paying you to do it?
Paranoid is deraadt, i'm realistic.
whatever
I known that i can put the pieces together manually, and i do inThat's true... at work it's a $$$ issue.
my own boxes running Debian GNU/Linux.But at work i don't have choice.
Yes.
So the CSO's are asking you to get that level of security, while they are running a product from a company that has filed for bankrupty. OK.How much security is needed is mainly a business descision --> what do you want to protect (against what) and how much must it cost.
It's up to them to decide how much security is adequate.
CSO's are doing it, i'm doing the pratical job only.
What are you trying to protect against the script kiddies?
But the discussion under this subject is: Why not systrace on the next kernel-secure? Can any developer clarify to me?
Can't help you here... Stefan
smime.p7s
Description: S/MIME Cryptographic Signature
