Top 10 Reasons To Implement Least Privilege for Linux Servers

In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format. So without further fanfare or wasted space... the Top 10 Reasons to Implement Least Privilege on Linux Servers are:
#10 - Sam, the CSO can now sleep nights knowing that excess privileges will no longer be responsible for failing a SOX, HIPAA, PCI, DSS, GLBA or FDCC and FISMA audit (even though he isn't required to even deal with the last two).
#9 - Andy the Auditor can get a full report of who has what entitlements instantly to satisfy compliance successfully, instead of taking weeks of manual effort
#8 - Ted in Tech Support won't be able to reset file and directory permissions on any Linux server he has admin rights to so liberally that anyone with a login can access confidential data just because it makes his job easier
#7 - Sid in Development won't be able to download Apache applications or any otherunauthorized open source "tools" potentially injecting malware into our corporate network
#6 - Fiona and Felix our new Linux administrators won't make one, or more, of the 10 Mistakes New Linux Administrators Make
#5 - Vito, the ever-industrious programmer will no longer be able to code suid root binaries into his programs allowing programmatic access beyond what is allowed by corporate policy or regulatory requirements
#4 - Alice in IT will no longer be responsible for DNS misconfiguration errors as her role won't facilitate this level of admin privilege
#3 - Fred in IT won't be able to install a Trojan on the mission critical server, bringing it down for 4 hours and costing the company over $1M in lost transactions, because he was passed over for a big promotion
#2 - Sarah, the CIO will no longer have to hide Linux root credentials in a sealed envelope in her office safe and deal with a manual check in/check out process
#1 - Tony, the Palo Alto Linux administrator will no longer be able to wear that ratty old T-shirt with the slogan "Bow before me, for I am root" any longer

