![[LWN Logo]](/images/lwn.banner.gif)
Date: Wed, 3 Jun 1998 19:37:06 +0100 (BST) From: Chris Evans <chris@ferret.lmh.ox.ac.uk> To: redhat-list@redhat.com Subject: [linux-security] Re: RedHat5.1 security flaws. On Tue, 2 Jun 1998, Mike Johnson wrote: > At 03:04 PM 6/2/98 +0100, you wrote: > > >Are there any other people out there interested in a concerted linux > >source security auditing process? > > Yes, yes, and yes. Did I mention, yes? OK. I've got a _lot_ of positive response about starting some form of co-ordinated effort to audit core linux components/daemons/suid binaries etc. To this effect, there's a mailing list for discussion of linux security auditing and hardening; security-audit@ferret.lmh.ox.ac.uk Subscribe address is security-audit-subscribe@ferret.lmh.ox.ac.uk NOTE! This is not "yet another security list people should feel obliged to subscribe to" list. All findings will of course still go to bugtraq/linux-security. Alongside this mailing list will need to go a web page with lists of security sensitive packages needing to be audited, or hardened[1]. Each package can have its own list of people who have audited it, and how well they think they scanned it. Additionally, past auditing and security record of the package in question can be logged. Each package will also be assigned an "importance", e.g. tcp_wrappers would rate as "critical", etc. Hopefully we can highlight packages that haven't really seen much auditing at all in their lifetimes. Note that my HTML is appalling so anyone wanting to contribute pages to get the project moving is more than welcome ;-) I'm looking forward to getting some co-ordination going in this effort! In a few days we'll see who's got onto the list, and start discussions. Cheers Chris [1] For example, it never hurts to drop privileges earlier, does it? :) -- ---------------------------------------------------------------------- Please refer to the information about this list as well as general information about Linux security at http://www.aoy.com/Linux/Security. ---------------------------------------------------------------------- To unsubscribe: mail -s unsubscribe linux-security-request@redhat.com < /dev/null