On Thu, 2005-03-31 at 10:42 +0100, Stuart Ellis wrote:
On Wed, 30 Mar 2005 22:17:12 -0800 (PST), "Rahul Sundaram" rahulsundaram@yahoo.co.in said:
http://members.cox.net/tuxxer/ch-chapter2.html
Since this is out of scope for your document by your own admission it would be better to just drop this. Kernel recompilation or additional hardening is unnecessary for the large majority of users and worse gives the idea that the kernel requires active manual intervention to make it secure.
I think that the main issue is that the specified audience ("all users") doesn't match up with the intent (a comprehensive security overview). I don't see there's anything wrong with saying that it's a detailed guide for more advanced users, and leaving the basic security stuff for another doc - 1) don't mess with the defaults without a reason, 2) run updates, 3) there is no step 3 :)
--
Stuart Ellis
Well, I think there is a little bit of both opinions here. Maybe there are some assumptions that I have made that would be beyond the most basic user. And I admit that this could be a failing of my writing. I've been using Linux off and on since '97, so some assumptions I make may be completely obscured to the most basic user. While this document isn't meant to be the end-all-be-all document to securing a Fedora system, I think that it covers a fairly broad spectrum of potential readers. And, I think that it should serve as a guide to users who are just beginning in linux, and those who maybe familiar with linux, but aren't aware of some of the security problems associated with it.
I can agree, that for the time being, the kernel hardening section could probably be left out. I do, however, believe that it has a place here, and eventually would like to see it return to this document - or perhaps be included in a larger scope, more detailed document that was perhaps more of a collaboration. I also think that before the kernel hardening section returns that there should be a kernel compilation guide.
-Charlie