Fedora/Linux Security Guide
Kevin Fenzi
kevin at tummy.com
Thu Mar 12 23:24:16 UTC 2009
On Thu, 12 Mar 2009 09:19:37 +1000
Scott Radvan <sradvan at redhat.com> wrote:
> On Wed, 11 Mar 2009 10:55:05 -0400
> Daniel J Walsh <dwalsh at redhat.com> wrote:
>
> > So why not in your Introduction to Security section explain what
> > this guide will not cover? SELinux and refer to the guides that do
> > cover it there.
>
>
> You make a good point, mention of SELinux was quite buried among
> other stuff, so I've added a short section early on in the guide to
> briefly describe it and refer to further information. Thanks for
> pointing this out.
>
> Specifically, section 1.1.2 which you can see here:
>
> http://sradvan.fedorapeople.org/Security_Guide/en-US/
Some general comments:
- As of F10 (I think) sha256 is the default, not md5 for passwords.
Check the "2.1.3. Password Security" section for that?
- Where you mention tools it might be cool to mention the ones that are
available in Fedora/EPEL currently. Might be too hard to tag them all
and keep it up to date however.
- Section "2.4.7.1. Device Ownership". Is pam_console really still used
for this? I thought ConsoleKit did all the setup anymore.
- How about a section on openvpn? It should be a lot easier rand more
flexable than ipsec.
- ecryptfs might be worth a mention in the encryption section.
Possibly also fuse-encfs ?
Thats the ones I see off the top of my head. ;)
Thanks for writing this up!
kevin
>
>
> Cheers,
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-security-list/attachments/20090312/13415775/attachment.sig>
More information about the Fedora-security-list
mailing list