review of hardening guide

Paul W. Frields stickster at gmail.com
Fri Apr 1 13:03:23 UTC 2005 

On Thu, 2005-03-31 at 18:46 -0800, tuxxer wrote:
> On Wed, 2005-03-30 at 22:17 -0800, Rahul Sundaram wrote:
> > http://members.cox.net/tuxxer/ch-chapter1.html
> > 
> > The parts about using gpg or md5 requires more
> > explanation. If you are explaning it in a later part
> > refer to that
> A detailed discussion of these utilities doesn't fall within the scope
> of this document.  However, a glossing of how to create a gpg keypair,
> and how to check files with both gpg and md5sum will be added shortly.

You can use my page on the fedoraproject.org wiki as a jumping off point
to save some time if you wish:

  http://www.fedoraproject.org/wiki/DocsProject/UsingGpg/CreatingKeys


> > http://members.cox.net/tuxxer/services-gui.html
> > 
> > 
> > " The services that you can *safely* disable will
> > depend upon the role of your system."
> > 
> > if you need to emphasise on safely use italics or what
> > the style guide recommends.
> > 
> > "
> > yum - Enable daily run of yum, a program updater.
> > (This will depend on your environment.)"
> > 
> > since every service is pretty much dependant on the
> > role of the system special emphasis for the yum deamon
> > is unnecessary
> 
> True.  However, I specifically said this for yum because I can think of
> environments in which the user would NOT want updates to be run every
> night automatically.  Perhaps I can make a comment here that would be a
> little more clear to that end.

Interestingly, a related thread came up on fedora-legacy-list just
recently.  Some people running automatic updates on production Fedora
servers -- I know, I know... not a good idea! -- were recently
inconvenienced by a mysql-server upgrade that killed the service without
a proper restart. (Sorry, I don't remember the exact details.)

I wouldn't put anything about this in your guide; I merely thought your
comment was definitely on target.

quoth Rahul:
> > http://members.cox.net/tuxxer/userconfig-cli.html
> > 
> > " Below is a list of user accounts that most Fedora
> > Core users will want to disable."
> > 
> > The above wording suggests that most users of Fedora
> > do not run the services that follows it. It would be
> > better to say something like this
> > 
> > "The following are some of the services that you might
> > want to disable in the system depending on the your
> > requirements"

Or, in a more stylistically pleasing manner:   ;-)

"Depending on your system requirements, you may want to disable some of
the following services: ..."


-- 
Paul W. Frields, RHCE

More information about the docs mailing list