Re: Fedora/Linux Security Guide
On Thu, 12 Mar 2009 09:19:37 +1000
Scott Radvan <sradvan(a)redhat.com> wrote:
On Wed, 11 Mar 2009 10:55:05 -0400
Daniel J Walsh <dwalsh(a)redhat.com> wrote:
> So why not in your Introduction to Security section explain what
> this guide will not cover? SELinux and refer to the guides that do
> cover it there.
You make a good point, mention of SELinux was quite buried among
other stuff, so I've added a short section early on in the guide to
briefly describe it and refer to further information. Thanks for
pointing this out.
Specifically, section 1.1.2 which you can see here:
http://sradvan.fedorapeople.org/Security_Guide/en-US/
Some general comments:
- As of F10 (I think) sha256 is the default, not md5 for passwords.
Check the "2.1.3. Password Security" section for that?
- Where you mention tools it might be cool to mention the ones that are
available in Fedora/EPEL currently. Might be too hard to tag them all
and keep it up to date however.
- Section "2.4.7.1. Device Ownership". Is pam_console really still used
for this? I thought ConsoleKit did all the setup anymore.
- How about a section on openvpn? It should be a lot easier rand more
flexable than ipsec.
- ecryptfs might be worth a mention in the encryption section.
Possibly also fuse-encfs ?
Thats the ones I see off the top of my head. ;)
Thanks for writing this up!
kevin
Cheers,
Attachments:
- signature.asc (application/pgp-signature — 198 bytes)