Updated Hardening guide.
Rahul Sundaram
sundaram at redhat.com
Sun Apr 24 10:12:37 UTC 2005
tuxxer wrote:
>Beat me up again guys and gals. ;-)
>
>http://members.cox.net/tuxxer
>http://members.cox.net/tuxxer/fedora-hardening-guide-whole-en.xml
>
>XML also posted to bug #129957.
>
>-Charlie
>
Hello Charlie
A quick review:
http://members.cox.net/tuxxer/ch-intro.html
I think you should just drop the first two sentences. If the current
list of vulnerabilities would just keep growing then it would imply that
Linux is getting more insecure everyday
" As more and more users start trying and using linux, it will become
more and more important for the common user to know how to harden his or
her system against these threats. The current list of vulnerabilities in
linux systems will continue to grow as linux gains more momentum in the
home desktop environment."
http://members.cox.net/tuxxer/services-gui.html#services-gui-2
sendmail - Sendmail is a Mail Transport Agent.
This deamon is also used to send critical mails to root users by default
which also contains logwatch reports and other security related
informatio. You typically should modify the MTA configuration to send
mails to your normal user account instead of disabling it.
http://members.cox.net/tuxxer/gui-update.html
The "customizationn observation" note is better done as generic
statement that applies to the whole of the document that everything is
assumed to be in the default locations.
http://members.cox.net/tuxxer/userconfig-cli.html#userconfig-gui
" By default, the *User Manager* will filter all of the "unnecessary"
users, by designating them as "default" or "system" users"
The system users cannot be called as unnecessary. They just arent
required typically. If a system user is definitely not required in any
of the potential roles then thats a packaging and security bug
http://members.cox.net/tuxxer/iptables-fw-config.html
SELinux is totally unusable for all practial purposes in FC2. Just drop
the following sentence which also contains a mispelled word. You might
want to run your document through a spell checker after every major
revision. "It will also allow you to change the SELinux settings,
however that discussion is currentply outside of the scope of this document"
http://members.cox.net/tuxxer/ch-bibb-n-refs.html
All of these websites should be hyperlinks
regards
Rahul
More information about the docs
mailing list