Most companies I’ve worked at where employees had a Microsoft work computers. They were under heavy control, even with admin privileges. I was wondering, for a corporate environment, how employees’Linux desktops could be kept under control in a similar way. What would be an open source or Linux based alternative to the following:

  • policy control
  • Software Center with software allow lists
  • controlled OS updates
  • zscaler
  • software detection tool to detect what’s been installed and determine if any unallowed software is present
  • antivirus
  • VPN

I can think of a few things, like a company having it’s own software repos, or using an atomic distribution. There’s already open source VPN solutions if course. But for everything else I don’t really know what could be used or what setup we could have.

  • xavier666
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    7 months ago

    I meant that if a company wants to maintain the highest levels of security, the user should never be given access to sudo. If a certain workflow requires sudo, the workflow needs to be changed, or it needs to be done in a sanitized environment, or the user needs to be highly trusted.

    • insufferableninja@lemdro.id
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      7 months ago

      one of the options in freeIPA/fleet commander is to configure sudo permission sets; you can set up rules for who can use sudo, for which binaries, and to run as which users. so it isn’t all or nothing