>linux is secure
prove it!
1) install lynis
2) run 'sudo lynis audit system'
3) post results + distro
if you beat os x's score of 80 i'll be impressed
>>54250309
>hardening index
I'm on OpenBSD. I win by default.
I'm running it on a MBPr, btw.
>>54250309
>os x
>>54250309
Kill yourself
>>54250309
>>macshit is secure
You can't prove it.
OSX is a fucking joke and so is Apple. :^)
>>54250332
>>54250356
>>54250388
>>54250414
>>54250418
lol scared
>>54250332
lynis is a standard auditing tool
it ships with kali by default
>>54250449
just kill yourself now, my dude.
>>54250449
Eh. I hadn't heard of it before. Turns out there is an OpenBSD package for it, so I installed it.$ lynis
/usr/local/bin/lynis[152]: .: /usr/local/share/lynis/include/consts: Permission denied
LOL, okay, that's kinda funny.
r8
>>54250309
>>54250484
OP just got BTFO.
It's time to drink bleach OP.
Livestream.
>>54250498
>he thinks 65 > 80
Eh. My mostly-vanilla OpenBSD 5.9 laptop scored an 80.
It did seem like a bunch of the tests were just plain wrong, but I'm a bit too drunk to focus enough to put together any sort of decent commentary.
We use Tenable's Nessus scanners at work. That shit is garbage. In particular their CIS benchmark for RHEL6. Holy shit, whoever wrote that has no idea how goddamn regex works.
>>54250545
lol I thought lower was better. Woops.
>>54250309
> Harden compilers like restricting access to root user only [HRDN-7222]
> https://cisofy.com/controls/HRDN-7222/
kek
>>54250498
Time to soak yourself in petrol and light a match, you window licking chav.
>>54250545
>he thinks 145 >= 194
Some of the checks this program is making for are just plain silly; examples include:
>Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password)
If an attacker has hardware access, it's already ogre
>Configure minimum password age in /etc/login.defs
>Configure maximum password age in /etc/login.defs
>Delete accounts which are no longer used
>Add legal banner to /etc/motd, to warn unauthorized users
>Add a legal banner to /etc/issue, to warn unauthorized users
None of these matter on a single-user system, so being penalized for them is silly
>One or more sysctl values differ from the scan profile and could be tweaked
I don't even know what this is supposed to mean, am I supposed to leave them as defaults? It's not as though there's a "right" setting, otherwise they wouldn't be changeable.
What's even worse is that it recognized I was on Arch, and tried to check Pacman... and gave it a pass, even though I've disabled package authentication! All in all, I'm very unimpressed.
>>54250563
Get raped and kill yourself, you retarded fucking faggot sack of shit with down syndrome.
>>54250563
Yep, it gave me a huge ass warning for not having an encrypted filesystem. It makes sense if you control the device physically but it's bullshit on a VPS.
>>54250643
OK
...you wanna talk about it, buddy?
>>54250309
That just proves your Mac whatever is secure. Most normies that use OSX aren't going to give any fucks about half the shit you set up.
>>54250309
running arch with zen kernel and I got a 61, some of which was minor config stuff.
I also notice that my version of lynix does 190 tests to your 145, not sure why.
>>54250735
And what has to be set up on OS X to get this score? If you mean encryption, once you start up your Mac for the first time it'll strongly suggest you set up FileVault, only takes one more step which is a 'default' one.
>>54250641
>>Add legal banner to /etc/motd, to warn unauthorized users
>>Add a legal banner to /etc/issue, to warn unauthorized users
>None of these matter on a single-user system, so being penalized for them is silly
None of these matter at all actually, but the tool isn't primarily meant for desktop use apparently.
>>54250309
First of all, the operating system you're referring to is GNU. Linux is just a kernel, and since Tails is using plain Linux, inclusive binary blobs, it's not 100% secure.
>>54250761
>I also notice that my version of lynix does 190 tests to your 145, not sure why.
Look at the pic in this post (the last 3 lines):
>>54250563
>>54250874
Get out.
>>54250309
I'd just like to interject for a moment. What you're referring to as Linux,
is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux.
Linux is not an operating system unto itself, but rather another free component
of a fully functioning GNU system made useful by the GNU corelibs, shell
utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day,
without realizing it. Through a peculiar turn of events, the version of GNU
which is widely used today is often called "Linux", and many of its users are
not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a
part of the system they use. Linux is the kernel: the program in the system
that allocates the machine's resources to the other programs that you run.
The kernel is an essential part of an operating system, but useless by itself;
it can only function in the context of a complete operating system. Linux is
normally used in combination with the GNU operating system: the whole system
is basically GNU with Linux added, or GNU/Linux. All the so-called "Linux"
distributions are really distributions of GNU/Linux.
Who cares.
When you buy an Apple computer, you're buying it as a home consumer. It comes preconfigured with that in mind, because Apple has the luxury of being able to assume the end user isn't going to use an SQL server.
Most Linux distros that get discussed on /g/ aren't set up with anything specific in mind, the assumption the devs make is you'll configure it for your own needs, because you're not a dingus.
But on /g/, everyone is a dingus.
>>54250484
What terminal emulator is that?
Looks cool
stock arch install: 62
>>54251449
my arch is 65 (non-stock though)
pretty shit imo
brb installing gentoo
fedora
>>54250610
>>54250641
>>54250858
After your first run, edit the config file (should be default.prf) to remove the tests that aren't relevant with the test_skip_always line and the test codes that you want to skip. Example:config:test_skip_always:PKGS-7398 HTTP-6640 HTTP-6641 HTTP-6642 HTTP-6643
You will find the test codes next to the suggestion or warning for them on the test results screen or in the log file.
There's also an option in the config file to specify whether the machine is a server or desktop, but changing it shouldn't matter.
Then run 'sudo lynis audit system' again obviously to get a proper run. Run it with -Q if you don't want to press enter at every screen.
>>54250356
NICE TPM SUPPORT, FAG
>>54251986
TPM is a useless kludge that can be bypassed by anyone determined enough.
ubuntu new install. i don't into customizing.
OP btfo
Nearly year-old Arch system. It failed to detect rEFInd.
A rank with zero explanation. Do they really think I will trust such a stupid tool?
>>54252070
>lower score means worse
>>54252198
>he doesn't have a """malware scanner"""
This is honestly some of the weirdest and pointless testing I've ever seen.
Here's a fresh CentOS 7 VM.
>>54252278
What for?
>>54250309
'sudo lynis audit system'
no work????????
Error: Invalid option system!
>>54250309
And yet another reason to purchase the new Apple MacBook Pro with Retina Display.
>>54252326
sudo lynis -c
and how does it works? how does he rank your system ?
>>54252482
It's secret anon. Otherwise pirates would exploit that.
>>54250309
Trying to update it. No luck, though. Stuck on 1.3.9, and no apparent command to update it. I can check the version, but it won't update to the newest version.
Does it even scan for Grsecurity or SELinux / AppArmor if not it's total trash.
>>54250919
Are you 80 hardening sure he should leave?
>61 on my hardened install
Yeah, ok. Shit like
>harden compilers like restricting access to root user only
are fucking retarded. Shit should be compiled as non-root since you can't be expected to read through every fucking makefile that enters your system.
OS X here, got 90 hardening
================================================================================
Lynis security scan details:
Hardening index : 67 [############# ]
Tests performed : 183
Plugins enabled : 1
Quick overview:
- Firewall [V] - Malware scanner [X]
Lynis Modules:
- Compliance Status [NA]
- Security Audit [V]
- Vulnerability Scan [V]
Files:
- Test and debug information : /var/log/lynis.log
- Report data : /var/log/lynis-report.dat
================================================================================
Lynis 2.2.0
Auditing, hardening and compliance for Linux, Mac OS and Unix systems
Copyright 2007-2016 - CISOfy, https://cisofy.com/lynis/
Enterprise support and plugins available via CISOfy
================================================================================
>54
Starting to wish I could afford a Mac/OS X right now.
>>54250309
Why would I want to run a random application as root?
Doesn't that defeat the purpose?
>>54253158
Y O L O
O
L
O
>>54250641
>None of these matter on a single-user system
The only account on your system is root? Even Windows isn't that bad.
>>54253158
this
any amount of hardening isn't worth shit if you're a retard
>>54253221
single user doesn't mean only a root account you inbred goatfucker
>>54250309
I had 199 fucking tests even in user mode. I may have gotten a hardening index of 60 but a bunch of that is due to options I have specifically set and am mitigating against in ways that probably aren't picked up in the testing method (which is mostly config file parsing).
So I guess it is just a pile of dicks.
>>54253158
It's open source. What are you afraid of?
>>54253260
>single user doesn't mean only a root account you inbred goatfucker
Then you should probably stop calling it a single user system when there is more than just the root user. Also consider seeing a mental health specialist about that temper of yours.
>Having a compiler installed is insecure.
You expect me to NOT have a compiler installed on a fucking Linux distro?
This program is fucking garbage.
>>54253308
Compilers are a huge security risk on servers since they allow compilation of code.
>>54253322
This isn't a server.
>>54253280
Reading the entire source.
Also, the entire methodology behind unix systems is to run limited access users for everything which is part of the security.
Given a security test root access is giving it the keys and asking it to try and break into house.
>>54253290
root isn't a user.
>>54253329
This tool is designed for testing on servers, so why are you running it and complaining about the results?
>>54253343
Having no compiler installed on a server is also fucking retarded.
How the hell am I supposed to compile software on the server?
>>54253333
>In computing, the superuser is a special user account used for system administration.
Yes it is, stop being daft. You are running a multi-user system by definition. To use it in single-user mode you must be using the superuser account.
>>54253359
Incase you didnt realise fucktard,
>>54253322
Was joking.
>>54253359
You need to set it up so only authorised users (i.e. root) can compile code.
>>54253359
A server is for serving completed, tested and "secure" applications. It is not for developing on, or it would be called a developer.
Who the fuck develops on a server?
>>54253359
>Having no compiler installed on a server is also fucking retarded.
No it's not, having one installed is completely retarded.
>How the hell am I supposed to compile software on the server?
On a master machine that pushes packages to the private repo (full or custom add-on).
>>54253377
I'm not joking.
You roll up to any job where you run servers and they find out you have compilers installed you will be out on your ass before the day is out.
>>54253399
>Download source code for some server software
Woops, can't compile it because no compiler.
>>54252962
I don't necessarily disagree with you, but when you are trying to escalate privileges on a machine having a usable compiler already available on the machine is a huge plus.
>>54253400
Why is being able to compile code so dangerous? It still has to be executed to do anything nasty.
>>54253420
Explain.
>>54253414
> not compiling before you move it over
Why am I even here?
>>54253400
If they already have enough access to use your compiler, you're fucked regardless if there's a compiler installed or not.
>>54251413
not him but it looks like a theme on JuiceSSH, ssh client for your smartphone
Windows wins by default since it can't even be scanned for weaknesses. Penguins and apples on suicide watch.
>>54253426
A basic exploit can allow them to compile code, this is bad for a number of obvious reasons. Having a compiler just means an easy way for you to be fucked even harder. Minimise attack surface.
>>54253420
I agree, but some of those tests are pretty retarded. Some of them make sense for standards compliance, but shit like adding a banner does fuck-all for system security.
>>54250309
>>54253426
If I managed to get access to a server but it's running on some non-x86 obscure alien shit it can be hard to figure out how to run compiled code on it.
The server having gcc installed lets me just compile my exploits for free.
Sure, may not look like a big deal, whatever floats your boat.
Someone run it on windows bash
Windows 10: 100
This shit is dumb.
You lose points if you allow normal users access to compilers.
>>54253476
Last version is 2.2.0, grandpa.
>>54253694
I'm on Debian stable...guess I'll have to purge and compile from source oh well
71 on fedora
>>54250630
> he thinks tests performed = hardening index
>>54250309
>2) run 'sudo lynis audit system'
>sudo
Everyone ITT failed the test by running a dubious binary as root.
>>54250476
>$
>he said sudo and he runs it as $
retards like you shouldn't be allowed to use OpenBSD. just stay with ubuntu or windows it's better for everybody
>>54253308
It's not meant for desktop machines.
>>54254107
Not him but I got the same error when I ran it as root
>>54254033
>dubious binary
>signed packaged from the distro's repo
okay
>>54254033
I'm running gentoo, I compiled it myself after rigorously verifying the source code
>malware scanner
>doesn't detect Common Sense 2016
yalll been ranked yo
>>54250309
is there somewhere with the scores of fully updated default installations?
>>54253448
Pajeet, don't you have a street to shit on?
>linux
>secure
pick one
>>54250928
based
>>54250309
I'm wondering what the score would be on the default "Ubuntu on Windows" install from the Windows 10 insider program.
>>54254529
>Linux=Grub
Kys faggot
i dont understand? i think i was supposed to install lunix and lynis? is lynis better lunix?
>>54253446
Thanks anon, you were right.
>>54252278
But I do though
>OS X 10.11.5
74
>OpenBSD 5.9
78
>>54250309
sometimes I think the stereotype that mac users are idiots is unfair, then they ask you to run a test for servers that takes points away for shit that is just plain inconvenient to use on a desktop
>>54253399
>Who the fuck develops on a server?
I do lel because fuck dual boots and VMs
>>54253399
>A server is for serving completed, tested and "secure" applications. It is not for developing on, or it would be called a developer.
>Who the fuck develops on a server?
Fuck you're stupid. You should have said who develops in prod? Pretty much the entire world uses a CI server to consolidate and test code.
Even still, there are plenty of reasons to have a compiler in prod. Just lock it down, like lynis is telling you.
>>54253400
>You roll up to any job where you run servers and they find out you have compilers installed you will be out on your ass before the day is out.
Lulz. No.
Back to the helpdesk with you.
>>54253400
>On a master machine
i.e. another server, one that has a compiler installed
>>54250563
>We use Tenable's Nessus scanners at work. That shit is garbage. In particular their CIS benchmark for RHEL6. Holy shit, whoever wrote that has no idea how goddamn regex works.
Their documentation is monkey fuck. They have a requirements doc for SecurityCenter updated this month. It says they only support RHEL 5 and 6. A release note from last month says they support RHEL 7. Their support says 5 and 6.
What is your preferred alternative to Nessus?
67 here with my mac
[+] Initializing program
------------------------------------
Fatal error: file /usr/local/Cellar/lynis/2.2.0/include/osdetection should be owned by user 'root' when running it as root
>>54250563
WOW! Nice font on OpenBSD!
What font you use?
>>54255359chown -R 0:0 /usr/local/Cellar/lynis
>>54254107
>running a program you learned about less than 30 seconds ago as root
This isn't exactly rocket security.
>>54253769
>using debian on desktop in 2016
Debian================================================================================
Lynis Scanner (details):
Hardening index : 68 [############# ]
Tests performed : 191
Plugins enabled : 0
Lynis Modules:
- Heuristics Check [NA] - Security Audit [V] - Vulnerability Scan [V]
Compliance Checks:
- HIPAA [NA] - PCI [NA] - SOx [NA]
Files:
- Test and debug information : /var/log/lynis.log
- Report data : /var/log/lynis-report.dat
================================================================================
So what now?
>>54255497
install Gentoo
I got a 64. It doesn't recognize my hardened kernel or that I have an NTP daemon. It doesn't even check for an encrypted rootfs.
>takes points off because I have a compiler installed
The fuck
>>54255588
It took points off because I have unused rules in iptables. Of course I have unused rules, it's a fucking firewall.
>>54253373
>is a special user account
>user account
English is head-final, which means the noun in a noun phrase comes at the end. Root is not a user, it's an account.
>>54255637
but root has a uid
Arch ARM on a RasPi 1B.
>>54250309
Ubuntu is more secure then OSX.
archfag here
>>54255887
damn
so that's why they use it at NASA
>>54256093
I'm sure if I went through and disabled tests I would score higher also.
> Tests performed : 133
> Tests performed : 197
>willingly running a botnet as root
shiggy diggy poo in loo
>>54256424
What is /g/'s definition of botnet? An unfamiliar program? A closed source one? Whatever it is, it's very wrong
>>54256473
Anything they don't understand.
>>54256473
Everything is a botnet. No exception.
I am a fully functioning adult so I do not use an OS for kids or autists. What program do I use for Windows to prove how much better it is for security?
>>54250418
To be honest, so is Linux, thanks to Linus not taking security seriously.
>>54250641
>password age
>2016
This advice is stupidly, dangerously wrong. Do not force users to regularly change their passwords - because it means they will pick shitty passwords that barely pass your tests. That's not even new research, it's been known for years, which is why almost all competent security professionals advise a different approach.
Instead, use a relatively strong passphrase, perhaps using the Diceware technique (randomly pick M words from a list of N = m^n bits of strong entropy); change it only if compromise is suspected or probable; memorise that passphrase and use it as a single-sign-on to unlock other credentials (for example, certificates and/or hardware tokens).
The more you change passphrase, or the more people are made to change, the less investment they will be willing to put into remembering it.
Fuck, even CESG (GCHQ's internal department for issuing advice to HM Government) recently changed their advice regarding this, and made a public post about why. And despite my differences of opinion with them, they are right about this and I'm glad they were finally allowed to say what they thought. https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry
These tools are for amateurs - or fly-by-night "professionals" whose advice isn't worth the paper its written on and are only in it for the phat consulting fees - and some of their auditing produces results that are at best flat-out wrong, and at worst, recommends things that are actively damaging.
>>54255685
Root is an account, not a person. I can have 100 accounts on a box and it's still a single user box.
>>54256093
holy fuck i was right?!
Not really a surprise.. but still, it just shows that OP is a bigger fag then he lets on.
>>54256473
Anything nonfree.
Have a simple "Hello world!" program without a license attached? Botnet.
Have javascript on a pizza ordering website that doesn't respect your freedoms? Botnet.
Have a webm file licensed under CC BY-NC? Botnet.
Arch Rinux
>>54250449
>>it ships with kali by default
kali ships a gazillion tools by default
>>54256712
And lynis is GPLv3
https://github.com/CISOfy/lynis/blob/master/LICENSE
So... people ITT calling it a botnet?
>>54256741
People on /g/ are generally extremely insecure, anything that ranks OSX above Linux is obviously a conspiracy to kill Linux.
>>54256741
Inane comments.
>>54256609
>>password age
>>2016
>Doesn't like security policy.
>Bitches about application that verifies security policy.
Jesus Christ you're dumb. No one said this was the only way to secure a machine. This is one tool in an auditor's toolbox. The password finding would be waiver'ed with the express understanding that two factor/biometrics/PIV card was mitigating the risk. Something else would be employed to test the other policy.
It's like this is an actual daycare sometimes.
>>54250563
COME ON WHAT FONT IS THIS
>>54256792
OP was cheating, see my post here >>54256687
Linux is an insecure OS because you can't install Norton on it.
>>54256861
but you can install eset.
>>54250309
thanks for the tip
>>54256861
Linux is not an OS, dense tech illiterate.
>>54256983
linux is an os
>>54256983
You can't install it on GNU/Linux either.
>net.ipv4.conf.all.forwarding (exp: 0) [DIFFERENT]
It's ogre lads. Running a VPN confirmed for insecure.
>>54257031
Why are infosec weenies so fucking retarded?
>>54255887
>Titan X
nigga are you rich
>>54256983
Linux is both the name of the kernel and the term most use when discussing operating systems based on the aforementioned kernel. In the future please try to contain your autism.
>>54257010
Sure summer is here.
I'm a straight white man. What do?
>>54257095
but linux is an os
>>54257090
Then how do you call an operating system not running Linux like Debian GNU/kFreeBSD or Arch Hurd, wise man?
>>54256812
It looks like Monaco, you can tell by the downward serif on the "r".
It literally took me no more than a full minute of opening up google images with "programming fonts" and comparing to figure that out, you incompetent fuck.
>>54257167
Irrelevant, I'm specifically discussing operating systems that do use Linux.
>>54257167
an abomination
>>54250309
>Tests performed : 145
>>54253085
>Tests performed : 133
>>54254656
>Tests performed : 144
every Linux distro posted has over 160 performed tests
apparently it doesn't rank the same things
post logs macfags--let's see what lynis considers "safe"
>>54256714
>wow
Fucking man child.
>>54257167
We address them with the terms for how they differ from the regular, so Debian with a Hurd kernel (instead of the normal Linux) becomes Debian/Hurd.
Just like people don't call you a person, but an autistic person.
>>54257120
No it isn't.
Reminder that any Linux OS running X11 is vulnerable to privilege escalation anyway, so any of those security scores are completely irrelevant on desktop systems.
This tool is fucking stupid.
So I'm supposed to install all these apache modules to protect the webserver that im not running?
Fucking retarded.
>>54255440
>>54256812
Fuck that one, get this instead:
>https://www.donationcoder.com/Software/Jibz/Dina/
How much longer until that one anon who gets a solid 100 comes in?
>>54257299
That font only ever makes sense if you're programming on a display that maxes out on CGA resolution.
>>54255541
Gentoo================================================================================
Lynis Scanner (details):
Hardening index : 100 [####################]
Tests performed : 387
Plugins enabled : 0
Lynis Modules:
- Heuristics Check [NA] - Security Audit [V] - Vulnerability Scan [V]
Compliance Checks:
- HIPAA [NA] - PCI [NA] - SOx [NA]
Files:
- Test and debug information : /var/log/lynis.log
- Report data : /var/log/i-hav-beeg-benis.dat
================================================================================
>NA
>NA
>NA
>NA
>Plugins enabled: 0
Can anyone with windows 10 build 14328 run this test? Im at work for at least 3 hours.
>59
>xubuntu 16.04
>>54257364
I quite like it even at larger sizes but [spoiler]consolas[/spoiler] is my favorite one with anti-aliasing.
>>54257450
Windows 10 has been proved secure by the NSA
It is the most secure system, everyone should use it
>>54257286
>Doesn't have a security posture.
>Runs default, all inclusive scan.
>Gets mad at tool because it gave him what he asked for.
>"This is stupid"
Back to grade school with you.
>>54257485
Consolas is a breddy gud font. Microsoft hired really good type designers.
>>54250356
>openbsd
>secure
It's literally security by wishful thinking, and openbsd users are pure cultists who literally deny reality, as seen in any bsd thread, including >>54253640
>>54257585
>It's literally security by wishful thinking, and openbsd users are pure cultists who literally deny reality, as seen in any bsd thread, including
Can you substantiate those claims? Not arguing, genuinely curious.
>>54257612
From that thread:
https://www.cs.utah.edu/flux/fluke/html/inevitability.htm
https://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/
http://www.phoronix.com/forums/forum/software/bsd-mac-os-x-hurd-others/827435-openbsd-denies-opensmtpd-security-issues
https://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/
http://www.phoronix.com/forums/forum/software/bsd-mac-os-x-hurd-others/827435-openbsd-denies-opensmtpd-security-issues
>>54257665
Oops, second part should be http://www.cnet.com/news/report-of-fbi-back-door-roils-openbsd-community/
>>54257665
>blogposts and a >15 year old research paper
>valid sources
>>54257716
The blogposts are themselves sourced and the research paper was peer-reviewed and discusses security model, not kernels. I.e. it's a paper that demonstrates that the openbsd security model of trying to harden everything with a single security layer is pointless.
>>54257716
The point still stands though - OpenBSD's model of security is fundamentally flawed. Most modern operating systems operate on the assumption that security vulnerabilities are going to happen and try to mitigate through ASLR, containerisation and limiting which syscalls a process can make, among other things. While OpenBSD has implemented some of these, their approach to security is still mainly "we don't have vulnerabilities". Especially combined with outdated software ports, it's just a blatant lie in real-world systems.
I do commend them for not letting US citizens touch crypto code though, that is a good decision.
All operating systems are equally secure so long as your Is drivebis encrypted
>>54257911
>I do commend them for not letting US citizens touch crypto code though, that is a good decision.
That's not their choice, they don't let US citizens work on the cryptography because it would be illegal.
>>54257753
>it's a paper that demonstrates
It's some guy's opinion.
>>54257911
>is fundamentally flawed
According to some guy's opinion.
The OpenBSD guys disagree with the idea that MAC is preferable to DAC, considering MAC in practice to be a bandaid "fix" applied to flawed DAC implementations. The "infosec experts" believe that you should always have MAC on top of DAC just because. In other words it's a matter of opinion.*
*NOTE: Theo's opinions are almost always correct.
>>54258128
Assuming that humans are going to make mistakes is not a matter of opinion, it's fact.
>>54258128
>peer-reviewed paper
>"i-it's just some guy's opinion"
Why do openplacebo fags always do this?
>>54258149
That's *exactly* the point. If you think a MAC framework written by the people who can't even write a basic secure OS isn't going to be full of holes then you're deluded. Enjoy your snake oil.
Also, most Linux distros don't even enable SELinux (I think only Fedora does), and Ubuntu uses AppArmor instead but only for a couple of things. So you likely aren't even using MAC.
>>54258169
It's some guy's incorrect opinion, to be more specific.
The paper doesn't even explain how MAC fixes the apparent problem. It's literally:
>If a malicious agent can tamper with any of the components in the access control mechanism or with any inputs to the decision
>If
and then it magically assumes that MAC will save the day without explaining how. *If* they can do all that MAC is fucking toast anyway.
>>54258330
>it's literally peer reviewed and nobody has been able to refute anything about it so far
>that means it's WRONG!
Is there any group of people in the world who are more intellectually dishonest than openbsd users?
arch Linux arm running chrooted on android
>>54257371
>gentoo gets max score
Was there every any doubt?
>>54258535
He's probably using 1.6.8 (the stable version in the repos). glsa-check alone should reduce the score considerably. Also,
>387 tests
>>54258535
>>54258596
retards
check the post he's replying to
hello where is download link
>>54258671
Use your package manager
>>54258696
what is packet mangler
>>54254529
This incident was funny. Showed how dumb the average writer on those sites were. I got into countless arguments on Twitter trying to explain why they were wrong.
Also, I happened to be using Syslinux on my desktop instead of GRUB already.
>>54258696
use the git repo and not some outdated package.(can be ran form the dir without installing anything)
>>54253524
here you go
>>54258385
>literally just copy pastes his own posts from that other thread
you're fucking pathetic
I ran the test and after going through the log I can tell that this "security scanner" is complete shit.
>>54259194
>that font
how often should i audit a system?
>>54250309
I got 71 on Arch. Also
>Hardening Index
>mfw
Sounds like something you'd use to rate your porn or something.
>>54259324
Every hour
I "lock" my laptop by switching to a tty.
How secure am I?
>>54250484
JuiceSSH master race
ubuntu 16.04
>>54253938
>he thinks performing less tests decreases the hardening index
>>54250449
> it ships with kali by default therefor it is a legit and unquestionable tool for testing and comparing security on two different operating systems.
ok mate
