Updated Hardening guide.
tuxxer
tuxxer at cox.net
Wed May 11 00:11:32 UTC 2005
On Sun, 2005-04-24 at 15:42 +0530, Rahul Sundaram wrote:
> tuxxer wrote:
>
> >Beat me up again guys and gals. ;-)
> >
> >http://members.cox.net/tuxxer
> >http://members.cox.net/tuxxer/fedora-hardening-guide-whole-en.xml
> >
> >XML also posted to bug #129957.
> >
> >-Charlie
> >
>
> Hello Charlie
>
> A quick review:
>
> http://members.cox.net/tuxxer/ch-intro.html
>
> I think you should just drop the first two sentences. If the current
> list of vulnerabilities would just keep growing then it would imply that
> Linux is getting more insecure everyday
>
> " As more and more users start trying and using linux, it will become
> more and more important for the common user to know how to harden his or
> her system against these threats. The current list of vulnerabilities in
> linux systems will continue to grow as linux gains more momentum in the
> home desktop environment."
The implication here is that as Linux gains more popularity, more
malicious-ness will be directed towards it. There are very few linux
malware specimens, and it simply doesn't get the scrutiny Windows does
by people with mal-intent because it doesn't have the same widespread
user foot print. IMHO this will change as linux becomes more
predominant. Maybe I can rephrase it a bit.
>
> http://members.cox.net/tuxxer/services-gui.html#services-gui-2
>
> sendmail - Sendmail is a Mail Transport Agent.
>
> This deamon is also used to send critical mails to root users by default
> which also contains logwatch reports and other security related
> informatio. You typically should modify the MTA configuration to send
> mails to your normal user account instead of disabling it.
Removed from the suggested disable list.
>
> http://members.cox.net/tuxxer/gui-update.html
>
> The "customizationn observation" note is better done as generic
> statement that applies to the whole of the document that everything is
> assumed to be in the default locations.
>
Gotcha. That'll go in the scope statement.
> http://members.cox.net/tuxxer/userconfig-cli.html#userconfig-gui
>
> " By default, the *User Manager* will filter all of the "unnecessary"
> users, by designating them as "default" or "system" users"
>
> The system users cannot be called as unnecessary. They just arent
> required typically. If a system user is definitely not required in any
> of the potential roles then thats a packaging and security bug
>
Done.
>
> http://members.cox.net/tuxxer/iptables-fw-config.html
>
> SELinux is totally unusable for all practial purposes in FC2. Just drop
> the following sentence which also contains a mispelled word. You might
> want to run your document through a spell checker after every major
> revision. "It will also allow you to change the SELinux settings,
> however that discussion is currentply outside of the scope of this document"
>
The guide has been updated for FC3, so as to not be relegated to the
Legacy docs group. Also, the only reference to SELinux is that you
*can* configure it here. It is out of the scope of this document.
Misspelling is fixed. I have actually run it through aspell, several
times. Interesting that that didn't get picked up.
> http://members.cox.net/tuxxer/ch-bibb-n-refs.html
>
> All of these websites should be hyperlinks
>
Done.
> regards
> Rahul
Thanks. Please check again. The html and XML should be available
immediately.
--
-tuxxer
echo "uvyyfsAdpy/ofu" | perl -pe 's/(.)/chr(ord($1) - 1)/ge'
gpg: 57EB F948 76AE 25BC E340 EFA9 FAF6 E1AC F1E1 1EA1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-docs-list/attachments/20050511/fa790fd4/attachment.sig>
More information about the fedora-docs-list
mailing list