I think it depends on wat you are using the book for..I myself have been
trying for a long time to find a document that describes basic RedHat and
Linux security, what to look for, inherent dangers etc etc.
So I was overjoyed when I found this book. No, I am not depending on it as
a sole source of information, but the basicis that it covers simply do not
get repeatadly posted to the lists you mentioned, at least not that I have
seen. I think it is a wonderful intro into system security, but it should
be made clear that it is not intended as a "fix-all".
Just my two cents.
-- Jason Welman
-----Original Message-----
From: David Gale <dgale@datapex.com>
To: Jon Lewis <jlewis@inorganic5.fdt.net>
Cc: twiztah <twiztah@ANARCHY.MAXHO.COM>; Kent Crispin
<kent@songbird.com>;
linux-security@redhat.com <linux-security@redhat.com>
Date: Wednesday, July 15, 1998 2:15 AM
Subject: [linux-security] Re: RedHat 5.X Security Book
>On Sun, 12 Jul 1998, Jon Lewis wrote:
>
>> I still fully agree its a good idea to make your system as secure as
you
>> can, but the statement that any system is 100% secure against
publically
>> known bugs just doesn't mean much. It means the average idiot who
knows
>> how to use a web browser and reaches rootshell.com probably can't
hack
>> you...but someone just a little higher up the food chain might not have
>> any trouble at all hacking you.
>
>A system administrator needs to be aware of information as soon as it is
>available in regards to system security in order to protect his hard work
>from the rootshell folks. Being a member of bugtraq, this list, and
cert's
>list helps alot but not in all instances, Any book on "RedHat Linux
>Security" will be outdated before it is published. My opinion is to
invest
>the time and effort into a coordinated/combined mailing list which covers
>EFFECTED Redhat Binaries in as little time from discovery as possible.
>
>I've been subscribed to this list for several months and to be honest, I
>get more information on bugtraq's list regarding RedHat specific
security
>spoits/repairs/new release info than this list.
>
>As a matter of fact, I have seen no mention of the recent redhat audit on
>this list or to the upgrades resulting from this audit.. Maybe the list is
>not sending me all the messages? Maybe the moderator needs a standin?
>shrug.
>
>[mod: You mean that thread with "RedHat5.1 security flaws." as the
>subject? Erik posted a "fixed a first batch of problems, off to fix
>the rest" message, and after that I didn't see much more. Let me
>repeat: As a moderator I try to keep the list free from Spam, postings
>like "How do I create an account?", and postings like "I got
hacked,
>what did they exploit?". I depend on the reader community to make the
>submissions. -- REW]
>
> +--------------------------------------------------+
> | David Gale Technical Director |
> | ICQ # 5402214 |
> | datApex Network Systems, INC. |
> | 2441 Bellevue Ave, Suite A |
> | Daytona Beach, FL 32114 |
> | http://www.datapex.com |
> | Phone 904 257-2500 EXT 609 FAX 904 947-5358 |
> +--------------------------------------------------+
>
>--
>----------------------------------------------------------------------
>Please refer to the information about this list as well as general
>information about Linux security at http://www.aoy.com/Linux/Security.
>----------------------------------------------------------------------
>
>To unsubscribe:
> mail -s unsubscribe linux-security-request@redhat.com < /dev/null
>
