Security Changes For Fedora 9

Kevin Fenzi kevin at tummy.com
Fri Dec 21 17:13:21 UTC 2007 

On Thu, 20 Dec 2007 19:29:29 -0800 (PST)
riley.marquis at tcsresearch.org wrote:

> Security Updates For Fedora 9
> 
> Greetings!

Greetings. 

> I had several ideas for Fedora 9 in regards to improving the security
> of a default installation.
> 
> 1: Disable root account / Use Sudo

There are tradeoffs here. I personally would like to see it continue to
be enabled until we can figure out more of the issues around disabling
it. 

...snipp...

> 4: GCC Lockdowns
> With the new GCC-4.3.0 recently built for Fedora 9, we should forbid
> ordinary users access to the programs it contains, incl. rpmbuild,
> mock, etc.  Only members of the wheel, koji, and mock groups should
> have access to software development tools.  Did I miss any groups
> that should be allowed access?

I would also say this is a bad idea. We want people to use the tools on
the machine, don't we?

> 5: Bastille
> Be sure to incorporate the most important Bastille fixes
> (www.bastille-linux.org).  This project appears to have stalled and
> requires an older version of Fedora to run, unless you're a Perl
> ninja =) Maybe we should contact the developer (Jay Beale), and ask
> him what he needs to revive the project?  Perhaps the Fedora
> community can be of assistance.

We should take a look I agree, but many of the things bastille did/does
are not useful these days. Disabling rsh/rlogin? Disabling compilers
(your point 4 I guess)? Setting more agressive security defaults on
some applications? Many of the things it does we should be doing in the
packages we ship, not trying to modify after install. 

Would anyone be interested in culling through and coming up with a list
of items we should address that bastille does?

> 6: Make Packages for PortSentry & LogCheck
> Can we add PortSentry & LogCheck to the list of available Fedora
> Packages? I know the project appears to have stalled since late 2003.

Personally, I don't find portsentry usefull anymore. The number of port
scans that go on anymore means I don't want to hear about blocking
specific IP's. I just want everything except specific services blocked
by default. 

There's nothing preventing someone from submitting packages for fedora
however... 

> 7: Password Protect Single User Mode (Runlevel 1)

Might be worth doing. I think the reason it hasn't in the past is that
there haven't been good international ways of querying for passwords.
With encrypted root and instantX this might be worth looking at. 

> 8: USB Key Authentication / Dual Factor Authentication
> Should we use PGP or another tool to allow people to login/logout
> with a USB drive?
> This would have to work for KDE and Gnome at the very least, and
> while we are at it, we might as well support XFCE.
> Inserting/Removing the USB drive could automatically login/logout the
> user, with or without a password as a second form of authentication,
> depending on how Joe Admin wants his security set up.

You can already do that with smartcards. 
Just allowing someone to login with a hardware token seems a bad idea. 
All someone would need is the usb drive. 

> 9: Can we include TrueCrypt as a new package, provided it meets the
> requirements, such as having an open source license, no patents or
> copyrights, etc?

Not possible for fedora. I don't know if the license is acceptable, but
it has a kernel module. Fedora doesnt allow kernel modules. 
Perhaps it could be added to the livna repo?

> 
> Hope these ideas prove useful to the community.

You bet... thanks for the input... 

> Regards,
> Riley F. Marquis III
> Senior Analyst - TCS Research

kevin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/security/attachments/20071221/9e40391b/attachment.bin

More information about the security mailing list