Fedora/Linux Security Guide
Eric Christensen
eric at christensenplace.us
Sun Mar 15 23:14:01 UTC 2009
On Thu, 2009-03-12 at 17:24 -0600, Kevin Fenzi wrote:
> Some general comments:
>
> - As of F10 (I think) sha256 is the default, not md5 for passwords.
> Check the "2.1.3. Password Security" section for that?
This is true and we should probably update our recommended encryption
levels appropriately. IMHO, I think SHA256 should be what we recommend.
> - How about a section on openvpn? It should be a lot easier rand more
> flexable than ipsec.
I'm already planning a section on OpenVPN (I use it here) because the
OpenVPN documentation that I've seen/read/purchased is horrible!
> - ecryptfs might be worth a mention in the encryption section.
> Possibly also fuse-encfs ?
This was also on the to-do list but I haven't really messed with it.
Since LUKS is the Fedora standard I thought it more important to discuss
it. I'm still not thrilled with the LUKS portion in the book as I'd
like to include more modifying commands for LUKS if you are using a box
that has it in use from the beginning.
> kevin
Thanks for the feedback, Kevin. Always good to see what other people
think.
Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/security/attachments/20090315/d95ec290/attachment.bin
More information about the security
mailing list