Hi
The preview site has been updated. You can check it out at http://members.cox.net/tuxxer
http://members.cox.net/tuxxer/ch-intro.html#intro-audience
" Most of the threats on the Internet typically target Microsoft Windows systems. As more and more users start trying and using linux, it will become more and more important for the common user to know how to harden his or her system against these threats. "
this suggests that Linux has no security threats at present which is not true. I would prefer a guide on hardening Linux talk about Linux rather than start by a comparison with Windows
http://members.cox.net/tuxxer/ch-chapter1.html
The parts about using gpg or md5 requires more explanation. If you are explaning it in a later part refer to that
http://members.cox.net/tuxxer/sysid-and-role.html
If you are including abbrevations such as NAT it would be better to provide the expansion, explanation or a side note
http://members.cox.net/tuxxer/gui-update.html
afaik I know yum is the recommended command line program to use instead of up2date in fedora. if you have sections on both yum and up2date you probably need to explain the differences too which I would consider out of scope for this article
http://members.cox.net/tuxxer/services-gui.html
" The services that you can *safely* disable will depend upon the role of your system."
if you need to emphasise on safely use italics or what the style guide recommends.
" yum - Enable daily run of yum, a program updater. (This will depend on your environment.)"
since every service is pretty much dependant on the role of the system special emphasis for the yum deamon is unnecessary
http://members.cox.net/tuxxer/userconfig-cli.html
" Below is a list of user accounts that most Fedora Core users will want to disable."
The above wording suggests that most users of Fedora do not run the services that follows it. It would be better to say something like this
"The following are some of the services that you might want to disable in the system depending on the your requirements"
http://members.cox.net/tuxxer/ch-chapter2.html
Since this is out of scope for your document by your own admission it would be better to just drop this. Kernel recompilation or additional hardening is unnecessary for the large majority of users and worse gives the idea that the kernel requires active manual intervention to make it secure.
http://members.cox.net/tuxxer/ch-chapter3.html
I am not sure what the policy is for linking to external documents but permissions are much better explained here
http://www.tldp.org/LDP/intro-linux/html/
Either link to this document or copy and paste with attribution (The license is compatible)
http://members.cox.net/tuxxer/fssummary.html
you can mention that these program exist in fedora extras. fc4 will have extras repo enabled by default. previous versions will require more explanation or how to add the repo (steps are different between fc2 and fc3 fyi)
http://members.cox.net/tuxxer/limit-root.html
a related sshd configuration change is disable ssh1 protocol which is prone to man-in-the-middle attack
http://members.cox.net/tuxxer/ch-chapter4.html
this section seems to be redundant
http://members.cox.net/tuxxer/shells.html
this can probably be clubbed together with the section on users
http://members.cox.net/tuxxer/passwd-sec-pam-config.html
this section requires more information. if you are going to just point to external links convert this section into a note
http://members.cox.net/tuxxer/iptables-fw-config.html
it is possible to provide a port range here. More information is available in the redhat docs. redhat.com/docs. you cannot copy and paste (license restrictions) but you very well gather the information from there
I would prefer a link to the SELinux faq and guide and provide references and a bibliography.
thanks
Regards Rahul Sundaram
__________________________________ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250