Most companies I’ve worked at where employees had a Microsoft work computers. They were under heavy control, even with admin privileges. I was wondering, for a corporate environment, how employees’Linux desktops could be kept under control in a similar way. What would be an open source or Linux based alternative to the following:

  • policy control
  • Software Center with software allow lists
  • controlled OS updates
  • zscaler
  • software detection tool to detect what’s been installed and determine if any unallowed software is present
  • antivirus
  • VPN

I can think of a few things, like a company having it’s own software repos, or using an atomic distribution. There’s already open source VPN solutions if course. But for everything else I don’t really know what could be used or what setup we could have.

  • rollingflower@lemmy.kde.social
    link
    fedilink
    arrow-up
    1
    ·
    8 months ago

    If you dont even have a way of running untrusted code on your production environment, how the heck is that worse than badness enumerating AV?

    Insurances…

    • Jesus_666@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      Even if you assume that the software you run will never have exploitable security issues, AV can also keep you from spreading infected files e.g. through forwarded mails.

      • rollingflower@lemmy.kde.social
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        See above. There are tools for mail servers to strip and sandbox all executable attachements.

        MSOffice btw doesnt allow macros anymore afaik