review of hardening guide

Hi http://members.cox.net/tuxxer/ch-intro.html#intro-audience " Most of the threats on the Internet typically target Microsoft Windows systems. As more and more users start trying and using linux, it will become more and more important for the common user to know how to harden his or her system against these threats. " this suggests that Linux has no security threats at present which is not true. I would prefer a guide on hardening Linux talk about Linux rather than start by a comparison with Windows http://members.cox.net/tuxxer/ch-chapter1.html The parts about using gpg or md5 requires more explanation. If you are explaning it in a later part refer to that http://members.cox.net/tuxxer/sysid-and-role.html If you are including abbrevations such as NAT it would be better to provide the expansion, explanation or a side note http://members.cox.net/tuxxer/gui-update.html afaik I know yum is the recommended command line program to use instead of up2date in fedora. if you have sections on both yum and up2date you probably need to explain the differences too which I would consider out of scope for this article http://members.cox.net/tuxxer/services-gui.html " The services that you can *safely* disable will depend upon the role of your system." if you need to emphasise on safely use italics or what the style guide recommends. " yum - Enable daily run of yum, a program updater. (This will depend on your environment.)" since every service is pretty much dependant on the role of the system special emphasis for the yum deamon is unnecessary http://members.cox.net/tuxxer/userconfig-cli.html " Below is a list of user accounts that most Fedora Core users will want to disable." The above wording suggests that most users of Fedora do not run the services that follows it. It would be better to say something like this "The following are some of the services that you might want to disable in the system depending on the your requirements" http://members.cox.net/tuxxer/ch-chapter2.html Since this is out of scope for your document by your own admission it would be better to just drop this. Kernel recompilation or additional hardening is unnecessary for the large majority of users and worse gives the idea that the kernel requires active manual intervention to make it secure. http://members.cox.net/tuxxer/ch-chapter3.html I am not sure what the policy is for linking to external documents but permissions are much better explained here http://www.tldp.org/LDP/intro-linux/html/ Either link to this document or copy and paste with attribution (The license is compatible) http://members.cox.net/tuxxer/fssummary.html you can mention that these program exist in fedora extras. fc4 will have extras repo enabled by default. previous versions will require more explanation or how to add the repo (steps are different between fc2 and fc3 fyi) http://members.cox.net/tuxxer/limit-root.html a related sshd configuration change is disable ssh1 protocol which is prone to man-in-the-middle attack http://members.cox.net/tuxxer/ch-chapter4.html this section seems to be redundant http://members.cox.net/tuxxer/shells.html this can probably be clubbed together with the section on users http://members.cox.net/tuxxer/passwd-sec-pam-config.html this section requires more information. if you are going to just point to external links convert this section into a note http://members.cox.net/tuxxer/iptables-fw-config.html it is possible to provide a port range here. More information is available in the redhat docs. redhat.com/docs. you cannot copy and paste (license restrictions) but you very well gather the information from there I would prefer a link to the SELinux faq and guide and provide references and a bibliography. thanks Regards Rahul Sundaram __________________________________ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250