-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
captgoodnight captgoodnight wrote:
> I stopped using Gentoo years ago due to the use of tripwire and the abundance of changing files and such, as a security admin it was a pain to keep up with - ROI...
>
> Has that changed?
>
> ty,
> --eddie
>
Since I don't even know what tripwire is I can't answer on that point.
I'm also no security admin -- just a desktop user and an applications
programmer. But there are plenty of people at forums.gentoo.org who
would be glad to answer your questions.
Regarding security: As far as keeping track of security issues, it seems
pretty easy to me just to following the official Gentoo security
announcements, which are available at the official website or through
eselect news announcements, and which always come with specific
recommendations and instructions. There are also a number of different
profiles you can choose from that I handle the default options and
configuration. On my architecture:
[1] default/linux/x86/10.0
[2] default/linux/x86/10.0/desktop *
[3] default/linux/x86/10.0/developer
[4] default/linux/x86/10.0/server
[5] hardened/linux/x86/10.0
[6] selinux/2007.0/x86
[7] selinux/2007.0/x86/hardened
[8] selinux/v2refpolicy/x86
[9] selinux/v2refpolicy/x86/desktop
[10] selinux/v2refpolicy/x86/developer
[11] selinux/v2refpolicy/x86/hardened
[12] selinux/v2refpolicy/x86/server
Regarding adminstration: I suppose it might be a little easier
administration-wise to use a distro that only makes non-security updates
available in six-month or one-year periods. But even though Gentoo makes
it possible to run software that is only a few weeks old, with all the
latest code and features, there is nothing to stop you from updating
your system less frequently if that is what you want to do.
Usually I just update software when there is a security announcement, or
when I really want the latest features of some game, office app, or
development library. Gentoo lets me know before installation if an older
package cannot co-exist with one I am trying to install.
- From what I've learned so far, I would think Gentoo system
administration would be quite doable, even in a large production
environment, though it would require a different approach and mindset
than what you usually expect working with your typical binary-based distro.
- --
Christopher Howard
http://indicium.us
http://theologia.indicium.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkr4of8ACgkQQ5FLNdi0BcXqagCffBEUs1kbBY1MLB5nerwq9hwz
duoAn3yuvGg5pDlSeqc/Q5l9G5kKIZbG
=jTg3
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Nov 9 14:14:27 2009
This archive was generated by hypermail 2.1.8 : Mon Nov 09 2009 - 14:14:27 AKST