Ridding myself of root passwords?

Joshua Marsh joshua at themarshians.com
Thu Feb 6 13:30:08 MST 2014


On Thu, Feb 6, 2014 at 1:08 PM, Levi Pearson <levipearson at gmail.com> wrote:

> I know security is not easy, but if you're going to have a
> public-facing server, you really ought to take the time to figure it
> out.  You'll spend less time doing that than you will cleaning up
> after you get hacked.  And, as you just experienced, you *will* get
> hacked if you continue to rely on the Unix security model.
>
>
It's too bad that most people don't think about becoming security conscious
themselves. The business models I've seen in the past are: who cares,
contract it out, or rely on a 3rd party systems (e.g. App Engine). None of
these help engineers and architects become more security conscious. It's
pushing the accountability somewhere else (in the first case, on the
floor).

I agree that learning about it is important. We've had PLUG meetings about
SELinux and there are a bunch of introductions/tutorials on youtube. I'm
personally not a fan of SELinux, but knowing about any LSM will at least
give you a leg up on the average engineer. Putting that on a resume will
look good. I can only imagine it will become more important in the future.


More information about the PLUG mailing list