Re: Need advice with Linux and iso27001 policies

Pedro_Joro · ‎03-28-2021

The company I work for uses Microsoft, Linux, Java and .NET technologies and we aim for becoming a full ISO27001 certified company.. We have a polarizing issue with the use of Linux.

My questions are:
a) Are there blogs/web resources that have stories/documentations about the peaceful co existence of the two desktops?

b) Has anybody simply just “quarantined” Linux workstations like controlling all network/server/service access with Active Directory and having a dedicated strong network monitoring policy for guarding the Linux workstations?

c) I know that a Antivirus is next to useless on a Linux workstation but is there any threat monitoring systems/MDM for the Linux workstation that can be integrated with Microsoft-Intunes?

I really am desperate for advice.. has anybody gone through this when planning for compliance?

Thank you in advance.. 🙂

Castillo558 · ‎03-30-2021

@iMessageapp wrote:
The company I work for uses Microsoft, Linux, Java and .NET technologies and we aim for becoming a full ISO27001 certified company.. We have a polarizing issue with the use of Linux.

My questions are:
a) Are there blogs/web resources that have stories/documentations about the peaceful co existence of the two desktops?
b) Has anybody simply just “quarantined” Linux workstations like controlling all network/server/service access with Active Directory and having a dedicated strong network monitoring policy for guarding the Linux workstations?
c) I know that a Antivirus is next to useless on a Linux workstation but is there any threat monitoring systems/MDM for the Linux workstation that can be integrated with Microsoft-Intunes?

I really am desperate for advice.. has anybody gone through this when planning for compliance?
Thank you in advance.. 🙂

Dependency updates are dependent on who's providing the dependency, and how. App-bundled dependency is dependent on the app to update. Likewise with Docker-bundled dependency, lang-repo dependency, Linux distro dependency.

The usual Linux distros that have one unified copy of each dependency are the best about thorough updates. Apps that silently bundle or static-compile dependencies are the worst -- and this is worse on Java, Win32, mobile operating systems, and often Docker.

mgorman · ‎03-30-2021

The first thing I would do is get the appropriate CIS Benchmark for the Linux variant you are running, and execute that. It will guide you through the process of installing aide (HIDS), locking certain permissions, removing unused filesystems, and a myriad of other hardening actions. There are easily found scripts in Python, shell, and other languages to verify the posture, or EDR tools like Wazuh can be used, to maintain the posture long term, and provide ease of audit.

Obviously, for ISO 27001, you need to be concerned about your risks, and mitigating them, but bringing up the workstations to compliance or known and intentional noncompliance with the benchmark will give you a strong place to start from, and a reference to look at when evaluating risks and mitigations.