In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format. So without further fanfare or wasted space... the Top 10 Reasons to Implement Least Privilege on Linux Servers are: #10 - Sam, the CSO can now sleep nights knowing that excess privileges will no longer be responsible for failing a SOX, HIPAA, PCI, DSS, GLBA or FDCC and FISMA audit (even though he isn't required to even deal with the last two). #9 - Andy the Auditor can get a full report of who has what entitlements instantly to satisfy compliance successfully, instead of taking weeks of manual effort #8 - Ted in Tech Support won't be able to reset file and directory permissions on any Linux server he has admin rights to so liberally that anyone with a login can access confidential data just because it makes his job easier #7 - Sid in Development won't be able to download Apache applications or any otherunauthorized open source "tools" potentially injecting malware into our corporate network #6 - Fiona and Felix our new Linux administrators won't make one, or more, of the 10 Mistakes New Linux Administrators Make #5 - Vito, the ever-industrious programmer will no longer be able to code suid root binaries into his programs allowing programmatic access beyond what is allowed by corporate policy or regulatory requirements #4 - Alice in IT will no longer be responsible for DNS misconfiguration errors as her role won't facilitate this level of admin privilege #3 - Fred in IT won't be able to install a Trojan on the mission critical server, bringing it down for 4 hours and costing the company over $1M in lost transactions, because he was passed over for a big promotion #2 - Sarah, the CIO will no longer have to hide Linux root credentials in a sealed envelope in her office safe and deal with a manual check in/check out process #1 - Tony, the Palo Alto Linux administrator will no longer be able to wear that ratty old T-shirt with the slogan "Bow before me, for I am root" any longer