Linux.com

Fox in SOX

The Sarbanes-Oxley Act of 2002 has got to be a low point in our countries regulation history.  This miserable piece of legislation costs anyone who has to comply with it millions of dollars and provides nothing in return.  IT departments get hammered with insane requirements, and moronic auditors that eat up hours like it's cotton candy. " Screen shot this, prove that", and one ridiculous question after another until you want to stick a shank into all of them.  If your organization can avoid this hell, then it is worth it to do so.  How?  Stay private.  The instant you go public...you can join me and the auditors in our little version of purgatory.  Rant finished.

 Linux related question: 

How to prove that password policies are enforced on Linux systems?  

I have used ticketing systems to documentation steps, and severely limited access to my Linux systems in order to comply with this requirement, but auditors always want more.   They want an automated foolproof system that enforces policy and will take nobody's word for it.  I am looking into how to enforce such policies on my linux boxes now.  I have some reading to do and will publish my findings.

 

Comments

Subscribe to Comments Feed

Upcoming Linux Foundation Courses

  1. LFD312 Developing Applications For Linux
    05 Jan » 09 Jan - Virtual
    Details
  2. LFS220 Linux System Administration
    05 Jan » 08 Jan - Virtual
    Details
  3. LFD331 Developing Linux Device Drivers
    12 Jan » 16 Jan - Virtual
    Details

View All Upcoming Courses


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board