On 11/11/2019 01:39 AM, Roger Oberholtzer wrote:
I guess I don't have a real question. Other than why Linux is still being marginalized by major companies? Surely I'm not the only user in a corporate environment where the security tools are mandated company-wide. It's not enough to claim that you have installed something at least equivalent. They only trust what they have selected. AMP, as it turns out, seems to use ClamAV. But it adds an interface that allows corporate monitoring that all is working as expected. With almost 40000 people, I cannot blame the security guys for wanting this kind of information.
I've got a similar problem, Roger. My customer insists on using a security system which is nothing but a huge root-kit that frequently renders even Windows systems unusable. This system is supported for SLES and openSUSE systems, but the vendor is usually a release behind the current openSUSE version. So I've had luck in carving out an exception for my two-dozen openSUSE boxes by keeping them current and claiming that the security system doesn't support my running versions. The customer could, of course, mandate which operating systems they will allow on their networks, but that hasn't happened yet. I've been dodging this bullet for more than a decade, thanks to openSUSE! At one point they were insisting on using SELinux, but I located a study that showed that while SELinux is very capable, it's also very hard to configure and get working right. While AppArmor may not be as complete a solution, it does give net better security because it's easier to configure and operate. I haven't actually had to use this justification yet, but I've got it ready to roll out just in case.
Some days I just feel too old for all this...
I feel your pain. Just think of the information assurance bureaucracy as a challenge and an opportunity to do creative work to keep your users productive. BTW, has your customer ever experienced a security incident on a Linux box? I had one about 18-years ago, but caught it right away. The vulnerability was a problem with the old ssh 1.2 daemon. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org