[securityguide] Cleaned up a few lines
Eric Christensen
sparks at fedoraproject.org
Fri Jun 27 13:23:33 UTC 2014
commit 1c563092e88619ee7cbc857be52ec8c289ea21ed
Author: Eric H Christensen <sparks at redhat.com>
Date: Fri Jun 27 09:21:37 2014 -0400
Cleaned up a few lines
en-US/Basic_Hardening.xml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/en-US/Basic_Hardening.xml b/en-US/Basic_Hardening.xml
index cbcc833..2562fa8 100644
--- a/en-US/Basic_Hardening.xml
+++ b/en-US/Basic_Hardening.xml
@@ -10,12 +10,12 @@
<section id="sect-Security_Guide-Basic_Hardening-General_Principles">
<title>General Principles</title>
<para><simplelist>
- <member>Encrypt all data transmitted over the network. Encrypting authentication information (such as passwords) is particularly important.</member>
+ <member>Encrypt all data transmitted over the network. Encrypting authentication information, such as passwords and cookies, is particularly important.</member>
<member>Minimize the amount of software installed and running in order to minimize vulnerability.</member>
<member>Use security-enhancing software and tools whenever available (e.g. SELinux and IPTables).</member>
<member>Run each network service on a separate server whenever possible. This minimizes the risk that a compromise of one service could lead to a compromise of others.</member>
<member>Maintain user accounts. Create a good password policy and enforce its use. Delete unused user accounts.</member>
- <member>Review system and application logs on a routine basis. Send logs to a dedicated log server. This prevents intruders from easily avoiding detection by modifying the local logs.</member>
+ <member>Review system and application logs on a routine basis. Send logs to a dedicated, centralized log server. This prevents intruders from easily avoiding detection by modifying the local logs.</member>
<member>Never log in directly as root, unless absolutely necessary. Administrators should use <command>sudo</command> to execute commands as root when required. The accounts capable of using sudo are specified in <filename>/etc/sudoers</filename>, which is edited with the visudo utility. By default, relevant logs are written to <filename>/var/log/secure</filename>.</member>
</simplelist></para>
</section>
More information about the docs-commits
mailing list