Path: utzoo!attcan!uunet!mcsun!ukc!slxsys!jpp
From: jpp@specialix.co.uk (John Pettitt)
Newsgroups: comp.unix.i386
Subject: Re: SCO Unix security features (WAS Re: SCO UNIX 3.2 Failure: df Command)
Message-ID: <1990Aug13.143157.12682@specialix.co.uk>
Date: 13 Aug 90 14:31:57 GMT
References: <135@happym.wa.com> <9023@scorn.sco.COM> <1990Aug11.183525.19524@NCoast.ORG> <1990Aug13.101924.20284@robobar.co.uk>
Organization: Specialix International, London
Lines: 35

Some comments on the C2 debate:

We are running C2 SCO Unix here, in a traditional developemt 
environment (lots of users + several sysadm people with kernel
skills).  On the whole we have found C2 to be a waste of space
because the sort of things we need are not there !

To explain further:  

a) The average commercial site does not need fancy logs that nobody
is going to read.

b) ditto subsystem authorizations.

c) We DO NEED control over who can login on any terminal (I would
 like to limit modem access to authorized users).  I used to be able
to do this with a dialup passwd and SCO tok it out of the `secure
UNIX' (I know it's back now).

d) We DO NEED clear, automatic security reporting - We have scripts
that mail the postmaster a list of all modem activity, bad su attempts
(fails and attempts from users not on a valid list) etc etc.  We 
had to write our own scripts to do this.

We are not running imbedded system like Ronald, we have two of our
internal systems running SCO Unix with 45 users between them.

If anybody at SCO want's to take this further I will be at Forum
next week.


-- 
John Pettitt, Specialix International, 
Email: jpp@specialix.com Tel +44 (0) 9323 54254 Fax +44 (0) 9323 52781
Disclaimer: Me, say that ?  Never, it's a forged posting !