From: Martijn Lievaart on 8 Mar 2010 01:56
On Sun, 07 Mar 2010 12:24:31 +0100, Mart van de Wege wrote:
> You know, sometimes security is best served by giving an admin the tools
> to reduce their response time to an incident. That gives them the time
> to ascertain whether the incident is merely an innocent crash or an
> actual exploit attempt.
Don't get me started, I work as a security officer too. Most notable tool
of software not installed for security reasons is 'lsof'. Which means I
cannot investigate certain kinds of incidents in a competent manner.
That and a monitoring team that create tickets because I executed 'man'
as root (yes installed on that machine). That email has decorated the
wall for quite some time.