[geeks] Solaris resiliency to crashing w/full root partition?
velociraptor
velociraptor at gmail.com
Sat Oct 1 14:51:50 CDT 2005
On 9/28/05, D.A. Muran-de Assereto <dmuran at tuad.org> wrote:
> Not to be obnoxious, but it's probably not the auditor's fault. US
Government
> regs pretty much require this, and the auditor's personal opinion is
largely
> irrelevant.
They are working from 3+ year old "best practices". I ran the
audit script myself--it's a shell script *I* could write (as I've noted
before my programming skills are far from top-of-the-line).
They check for nothing later than Solaris 7, and apparently the
only Unices in the universe are Solaris, IRIX, AIX, and HP-UX.
We'd be perfectly happy to comply with, say, current CIS best
practices that take into account that you aren't putting a bare
server onto the internet.
There's a lot of other stupidity I can recount but I'd likely get in
trouble for doing so. It basically boils down to the fact that un-
like other agencies they audit, we fight back when they suggest
dumb things. This agency was one of the first in the federal
gov't to have a web site (1994). We've survived break-ins and
have a good understanding of where the risks lie, and don't just
let the auditors walk all over us. They like to gnaw on us because
we make them conform to our policies (being that they hang off
our network and we are therefore responsible for their muck-ups).
And while they like "enforcing" policies, they don't like conforming
to policies.
=Nadine=
More information about the geeks
mailing list