Most companies I’ve worked at where employees had a Microsoft work computers. They were under heavy control, even with admin privileges. I was wondering, for a corporate environment, how employees’Linux desktops could be kept under control in a similar way. What would be an open source or Linux based alternative to the following:

  • policy control
  • Software Center with software allow lists
  • controlled OS updates
  • zscaler
  • software detection tool to detect what’s been installed and determine if any unallowed software is present
  • antivirus
  • VPN

I can think of a few things, like a company having it’s own software repos, or using an atomic distribution. There’s already open source VPN solutions if course. But for everything else I don’t really know what could be used or what setup we could have.

    • rollingflower@lemmy.kde.social
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      If you dont even have a way of running untrusted code on your production environment, how the heck is that worse than badness enumerating AV?

      Insurances…

      • Jesus_666@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        Even if you assume that the software you run will never have exploitable security issues, AV can also keep you from spreading infected files e.g. through forwarded mails.

        • rollingflower@lemmy.kde.social
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          See above. There are tools for mail servers to strip and sandbox all executable attachements.

          MSOffice btw doesnt allow macros anymore afaik