Please add things here that should be here.
https://fedoraproject.org/wiki/Docs_Project_tasks_during_FUDConF11
Be aware that we plan to include remote people virtually in the
hackfests. We'll definitely be in IRC; we should be dialed in to the
Fedora Talk server (extension 2008 is Docs Project conference room.)
- Karsten
--
Karsten 'quaid' Wade, Community Gardener
http://quaid.fedorapeople.org
AD0E0C41
OK. So..
1) Finishing the Security Guide, including all aspects of security
important for average desktop/system admin/paranoid-for-good-reason
professional.
2) Compile guides focused on specific areas out of the Security Guide.
This may reflect how much I know of DocBook XML content re-use.
But.. I'm thinking there is one concern with this.
It seems to put tough
easy-to-read-and-understand-for-all-knowledge-levels demands on the
Security Guide. I'm thinking this may also be challenging for demands on
prerequisite knowledge. The level of prerequisite knowledge also needs
to be low. Else it might get complicated to re-use components from the
Security Guide when the audience is people that doesn't know or care
much about security.
//M
> Message: 1
> Date: Tue, 6 Jan 2009 00:06:02 -0800
> From: Karsten Wade <kwade(a)redhat.com>
> Subject: Re: PATCH[1/1] Linux Security Guide
> To: fedora-docs-list(a)redhat.com
> Message-ID: <20090106080602.GJ8094(a)calliope.phig.org>
> Content-Type: text/plain; charset="us-ascii"
>
> On Mon, Jan 05, 2009 at 11:24:36PM -0500, Eric Christensen wrote:
>
> > If we are missing something you think should be addressed please feel
> > free to develop a chapter.
>
> When Eric discussed the scope of the Security Guide with us on IRC,
> this was before the Red Hat content was released and available as an
> upstream to draw from.
>
> However, we agreed then and later that it was a good idea to ...
>
> * Include a wide range of security needs in the 'Security Guide'
>
> * Make sure it was applicable to the "average desktop user", the
> "average system administrator", and the "average highly secure
> environment paranoid-for-good-reason professional."
>
> (Eric, is that a fair assessment of the scope?)
>
> That is a challenge, but a good one.
>
> We can always take the larger upstream content and draw more than one
> Fedora-focused guide from it, for example ...
>
> * Fedora Home User Security Guide
> * Fedora Secure Datacenter Guide
> * Etc.
>
> By putting all the content in to one upstream document, it is like the
> Linux kernel -- useful for many sizes of hardware and environments.
>
> Fortunately, DocBook XML makes it relatively easy to construct new
> guides out of existing XML content by reorganizing and omitting.
>
> - Karsten
> --
> Karsten 'quaid' Wade, Community Gardener
> http://quaid.fedorapeople.org
> AD0E0C41
>
Alright. Is this perhaps something that should be reflected at
https://fedoraproject.org/wiki/DocsProject/Writing_Using_The_Wiki#Use_One_W…
That was the wiki page that 'made me do it' :-)
//M
Date: Tue, 6 Jan 2009 09:39:57 -0800
From: Karsten Wade <kwade(a)redhat.com>
Subject: Re: PATCH[1/1] Linux Security Guide
To: fedora-docs-list(a)redhat.com
Message-ID: <20090106173957.GO8094(a)calliope.phig.org>
Content-Type: text/plain; charset="us-ascii"
On Tue, Jan 06, 2009 at 02:50:49PM +0100, Magnus Glantz wrote:
> I've started writing a draft for such a chapter. I'll get back to you
> when I have something to present.
>
>
https://fedoraproject.org/w/index.php?title=Docs/Drafts/SecurityGuide/Secur…
You probably want to move that to your personal drafting/sandbox space
(User:Magnusg/Security_for_home_users.) We are not using nested page
structures any longer, and are going to be renaming or archiving
everything in various Docs.* spaces over the next week, including
Docs/Drafts.
- Karsten
--
Karsten 'quaid' Wade, Community Gardener
http://quaid.fedorapeople.org
AD0E0C41
Matthew, Betty, et al
What is the status of the user's guide?
I wanted to help more but I haven't gotten a FC9 box put together to run
through fact checking for you. :(
I would like to contribute to the FC10 version though - specifically I would
like to expand on Managing Photos
to include some screen shots and reference some other included software and
options.
Will that be done in the wiki? Or straight in XML from a git repo?
I'm good with either - just let me know where the FC10 version is located as
soon as you get it moved over.
-Susan
--
Susan Lauber, (RHCX, RHCA, RHCSS)
Lauber System Solutions, Inc.
http://www.laubersolutions.com
gpg: 15AC F794 A3D9 64D1 D9CE 4C26 EFC3 11C2 BFA1 0974
What I feel is perhaps missing is not content, but structure or presentation of content.
This guide seems focused on administrators working in SME or large enterprises.
I guess that would be natural, if the base of the guide is the RHEL Security Guide.. ( Thank you Karsten for pointing this out :-> )
As a new or a not very security interested Fedora user, I would say this guide is much too big and complex to make proper use of.
It's like facing the worlds biggest all-you-can-eat buffet, when you to the best of your knowledge haven't tasted any of the food on display. And on second thought
your too lazy and uninterested of food to try and find the essential good stuff.
What I'm looking for is perhaps a chapter for regular home users with focus on usability rather than security.
People that like Fedora but who doesn't know or care much about security.
"Security for Home Users"
I would volunteer to write such a chapter.
//M
tis 2009-01-06 klockan 03:00 -0500 skrev
> Message: 5
> Date: Mon, 05 Jan 2009 23:24:36 -0500
> From: Eric Christensen <eric(a)christensenplace.us>
> Subject: Re: PATCH[1/1] Linux Security Guide
> To: For participants of the Documentation Project
> <fedora-docs-list(a)redhat.com>
> Message-ID: <4962DD04.80709(a)christensenplace.us>
> Content-Type: text/plain; charset=ISO-8859-1
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I agree, in part, with your overview. A completely secure system is one
> that is unplugged and that isn't exactly useful. I would dare say that
> you don't want the same level of security as I do or as anyone else
> might which is why it is important to give as much information as
> possible and let people pick and choose what they feel is important to
> their specific needs.
>
> Case in point, admin A has a server in a cave that is physically highly
> protected. Disk encryption and securing single user mode might not be
> as important as securing the network connection. So that admin might
> only care about the VPN, SSH, IPTables, and related chapters and not so
> much on the LUKS Disk Encryption.
>
> I feel that it is important to give admins and users as much information
> as possible so they can make an educated decision on mitigating their
> systems down to an acceptable level of risk. Users should know that
> their systems are NOT secure as soon as they install Fedora or any other
> operating system.
>
> If we are missing something you think should be addressed please feel
> free to develop a chapter.
>
> Thanks,
> Eric Christensen
> E-Mail: sparks(a)fedoraproject.org
> GPG Key: BD0C14C1
>
>
>
>
>
> Magnus Glantz wrote:
> > This e-mail is about security and user friendliness, and how I think this guide perhaps may be modified into something better.
> > This may also be me misunderstanding the purpose of this guide. Be aware.
> >
> > I agree that Government Security Agencies and Banks has more to loose than a lot of other people :-)
> >
> > Last night I couldn't get to sleep, due to my big mouth, so I thought a bit more about the security guide.
> > I guess this guide aims to the users of Fedora. This may be a huuge misconception on my part, but, I though
> > regular home users are the main users of Fedora. So.. this guide should perhaps to be focused on that kind of usage and
> > that kind of knowledge levels.
> >
> > My experience, working with security in highly secure government/telco environments is that security
> > and ease of use/user friendliness is two most important main counter parts.
> >
> > On one hand, it's "pretty easy" to make something extremely secure, but extremely secure systems is a total drag to be in
> > - because they are difficult to access, use and communicate to and from, due to all restrictions and security related administration.
> > I believe the standard Fedora user never would want such a system. In a system like that security has compromised to much user friendliness for it to be fun.
> > If security isn't your definition of happy-happy joy-joy :-)
> >
> > I had a thought that perhaps this guide should mainly not focus on different things that makes a system secure as a bank.
> > Instead perhaps it should focus on covering techniques that allows ones home computer to operate in a secure
> > _and_ user friendly manner.
> >
> > Here's what I wrote on my phone last night, trying to kill demons of guilt and shame spawned out of my nonconstructive mail yesterday.
> > I tried to sort them in order of positive impact on security weighed against user friendliness.
> >
> > 1) Keep your system up-to-date.
> > 1.1) Perhaps advocacy that users should prefer "Yum installed software", as it automatically will get updated via Yum.
> > 2) Keep backups of your data.
> > 2.1) Some easy ways of backing up data. Burn on CD/DVD, put on external storage, backup hard drive, etc. S/W recommendations.
> > 3) Running a firewall.
> > 3.1) Using the shipped Fedora firewall setup tools, enabling the firewall at install.
> > 4) Use SE-Linux
> > 5) Use common sense
> > 5.1 Do not accept unknown stuff/software from unknown people. If a stranger walked up to you in real life and offered you an unidentifiable object.. and you at the same time
> > constantly heard and read stories of people accepting unidentifiable objects from strangers - finding out the object was a bomb / robotic miniature robber - YOU WOULD RUN AWAY!
> > 5) Do not run server software that you do not use (as web, mail, ftp, nfs or even a ssh server (if it's a desktop))
> > 6) Advanced topics - Here one may cover more "user unfriendly" stuff for the paranoid government spy user types :-)
> > 6.1 Encryption of different kinds (files, file systems, e-mail, etc)
> > 6.2 Advanced hardening techniques and tools.
> > 6.3 Advanced auditing techniques and tools
> > 6.4 Security policy and/or paranoid thinking
> >
> > Some more links.
> >
> > Organizations:
> > http://www.cert.org/archive/pdf/aia-handbook.pdf
> > http://www.first.org/resources/guides/
> > http://www.sans.org/reading_room/
> >
> > //M
> >
> > mn 2009-01-05 klockan 12:00 -0500
> >> Message: 2
> >> Date: Sun, 04 Jan 2009 22:23:45 -0500
> >> From: Eric Christensen <eric(a)christensenplace.us>
> >> Subject: Re: PATCH[1/1] Linux Security Guide
> >> To: For participants of the Documentation Project
> >> <fedora-docs-list(a)redhat.com>
> >> Message-ID: <49617D41.5040205(a)christensenplace.us>
> >> Content-Type: text/plain; charset=ISO-8859-1
> >>
> > Good resources. Thanks for sending them. My reasoning for building
> > that part of the Security Guide based on US Government documents and not
> > documents from Universities or commercial sources has a simple
> > explanation. Government computers HAVE to be secure. I've seen way too
> > many universities and businesses run a half-way security mindset. They
> > are too interested in the bottom line than a secure system even though a
> > secure system will help the bottom line in the long run.
> >
> > The only other industry that I would like to pull from is the banking
> > industry. They are generally notorious for their secure systems (I'm
> > talking about the larger banks). They could stand to loose billions of
> > dollars if they are "broken into". Of course most of the banks make
> > their documentation secret as to not tip off anyone with a possible
> > documented flaw.
> >
> > I agree that we should be looking at multiple sources and that will come
> > in time. Please feel free to add information into the guide. I'll be
> > happy to read any patches that you, or anyone else, has to offer to the
> > guide. If you have any specific interests, please let me know!
> >
> > Thanks,
> > Eric Christensen
> > E-Mail: sparks(a)fedoraproject.org
> > GPG Key: BD0C14C1
> >
> >
> >
> > Magnus Glantz wrote:
> >>>> I'm sorry if I came off a bit rude, it wasn't my intent.
> >>>> Also, I'm sorry for not being constructive, I'll try not and e-mail during rush our in the future :-)
> >>>>
> >>>> About a more wide spread flora of security references. My thought was that the more known universities around the world
> >>>> must have written kilometers of papers on Linux Security. Finding freely available papers describing general security on
> >>>> Linux was easier said than done. I found some references during a quick scan this evening.
> >>>>
> >>>> I guess it's a matter of trust. Of course the US Government and the NSA has excellent and trustworthy security people,
> >>>> and that information in this subject is collaborative.. but at least I feel more secure seeing that it's not only
> >>>> the US Government and secret service that approves and advocates the security issues brought out in this security guide.
> >>>>
> >>>> Universities:
> >>>> http://www.princeton.edu/~essweb/linux/linuxsecurity.html
> >>>> http://www.yale.edu/its/secure-computing/
> >>>> http://www.yale.edu/its/security/sysadmin/server-guidelines.html
> >>>> http://www.yale.edu/its/security/network/unix.html
> >>>> http://www-uxsup.csx.cam.ac.uk/security/unix-box.html
> >>>>
> >>>> Other:
> >>>> http://www.tldp.org/HOWTO/Security-HOWTO/
> >>>> http://tldp.org/HOWTO/Security-Quickstart-HOWTO/
> >>>> http://en.tldp.org/HOWTO/Secure-Programs-HOWTO/open-source-security.html
> >>>> http://www.puschitz.com/SecuringLinux.shtml
> >>>> http://en.wikipedia.org/wiki/Linux_Security_Modules
> >>>>
> >>>> Vendors:
> >>>> http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/en-US/Security_…
> >>>>
> >>>> I'll try and find some more / better references as soon as I have some more free time.
> >>>>
> >>>> //M
> >>>>
> >>>>
> >>>> sn 2009-01-04 klockan 12:00 -0500 skrev Message: 8
> >>>> Date: Sun, 4 Jan 2009 09:44:55 -0500
> >>>> From: "Paul W. Frields" <stickster(a)gmail.com>
> >>>> Subject: Re: PATCH[1/1] Linux Security Guide
> >>>> To: fedora-docs-list(a)redhat.com
> >>>> Message-ID: <20090104144455.GB18821(a)localhost.localdomain>
> >>>> Content-Type: text/plain; charset="utf-8"
> >>>>
> >>>> On Sun, Jan 04, 2009 at 09:07:16PM +1000, Murray McAllister wrote:
> >>>>> On Sun, Jan 4, 2009 at 7:20 PM, Magnus Glantz <mg(a)hacka.net> wrote:
> >>>>>> My 5 as an non US citizen.
> >>>>>>
> >>>>>> I do not feel comfortable with a guide that seems almost completely
> >>>>>> ripped off published US military/government documents.
> >>>>> I only looked at the English. I was not aware of the origins of the
> >>>> content.
> >>>>> I will be more careful in future.
> >>>>>
> >>>>> Thanks! :-)
> >>>> "Ripped off" seems unnecessarily harsh to me, and incorrectly implies
> >>>> that somehow the content was lifted without permission, when in fact
> >>>> the references in question are freely available to everyone (USA
> >>>> domestic or foreign). The principles embodied in most of those
> >>>> references are fairly universal and you'll find them echoed in most
> >>>> high-level infosec materials. In fact, some foreign governments use
> >>>> these references themselves.
> >>>>
> >>>> The Security Guide continues to be a collaborative, participatory
> >>>> project, so anyone who is unhappy with the content -- or completely
> >>>> satisfied, too, for that matter -- is free to get involved! :-) You
> >>>> could start by providing equivalent or comparable non-US references,
> >>>> for example.
> >>>>
> >>
> >>
> >>
> - ------------------------------
> >>
> Message: 3
> Date: Mon, 05 Jan 2009 10:12:20 +0530
> From: Rahul Sundaram <sundaram(a)fedoraproject.org>
> Subject: curl instead of wget
> To: For participants of the Documentation Project
> <fedora-docs-list(a)redhat.com>
> Message-ID: <49618FAC.30400(a)fedoraproject.org>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >>
> Hi,
> >>
> In documentation, wherever we are using wget, it is probably better to
> use curl instead since wget is not installed by default on the Live CD
> while curl is. Just a thought.
> >>
> Rahul
> >>
> >>
> >>
> - ------------------------------
> >>
> Message: 4
> Date: Mon, 05 Jan 2009 07:01:54 +0200
> From: Basil Mohamed Gohar <abu_hurayrah(a)hidayahonline.org>
> Subject: Re: curl instead of wget
> To: For participants of the Documentation Project
> <fedora-docs-list(a)redhat.com>
> Message-ID: <1231131714.3714.7.camel(a)localhost.localdomain>
> Content-Type: text/plain
> >>
> On Mon, 2009-01-05 at 10:12 +0530, Rahul Sundaram wrote:
> >>> Hi,
> >>>
> >>> In documentation, wherever we are using wget, it is probably better to
> >>> use curl instead since wget is not installed by default on the Live CD
> >>> while curl is. Just a thought.
> >>>
> >>> Rahul
> >>>
> I ran into this problem (missing wget) after installing from the F10
> LiveCD, so I can relate. However, I've no experience with curl, and I
> must say, curl --help is somewhat intimidating. Is it as
> straightforward to use as wget, especially for someone that may be new
> (e.g., the majority of those using documentation on a new installation
> of Fedora)?
> >>
> ________________________________________________________________________
> >>
> Basil Mohamed Gohar
> abu_hurayrah(a)hidayahonline.org
> www.basilgohar.com
> >>
> >>
> >>
> - ------------------------------
> >>
> Message: 5
> Date: Sun, 4 Jan 2009 23:04:11 -0600
> From: Ian Weller <ianweller(a)gmail.com>
> Subject: Re: curl instead of wget
> To: For participants of the Documentation Project
> <fedora-docs-list(a)redhat.com>
> Message-ID: <20090105050411.GA3404(a)gmail.com>
> Content-Type: text/plain; charset="us-ascii"
> >>
> On Mon, Jan 05, 2009 at 07:01:54AM +0200, Basil Mohamed Gohar wrote:
> >>> On Mon, 2009-01-05 at 10:12 +0530, Rahul Sundaram wrote:
> >>>> Hi,
> >>>>
> >>>> In documentation, wherever we are using wget, it is probably better to
> >>>> use curl instead since wget is not installed by default on the Live CD
> >>>> while curl is. Just a thought.
> >>>>
> >>>> Rahul
> >>>>
> >>> I ran into this problem (missing wget) after installing from the F10
> >>> LiveCD, so I can relate. However, I've no experience with curl, and I
> >>> must say, curl --help is somewhat intimidating. Is it as
> >>> straightforward to use as wget, especially for someone that may be new
> >>> (e.g., the majority of those using documentation on a new installation
> >>> of Fedora)?
> >>>
> Then shouldn't wget be installed by default?
> >>
> - --
> Ian Weller <ianweller(a)gmail.com> http://ianweller.org
> GnuPG fingerprint: E51E 0517 7A92 70A2 4226 B050 87ED 7C97 EFA8 4A36
> "Technology is a word that describes something that doesn't work yet."
> ~ Douglas Adams
> -
We have a chance to get some important work moved forward, and
important information spread, at the upcoming FUDCon this week.
Let's use the meeting this Wednesday to finalize plans for FUDCon;
discussions here in advance.
https://fedoraproject.org/wiki/DocsProject/SteeringCommittee/Meetings#Wedne…
Please add to that any FUDCon planning activities you think of.
- Karsten
--
Karsten 'quaid' Wade, Community Gardener
http://quaid.fedorapeople.org
AD0E0C41
This e-mail is about security and user friendliness, and how I think this guide perhaps may be modified into something better.
This may also be me misunderstanding the purpose of this guide. Be aware.
I agree that Government Security Agencies and Banks has more to loose than a lot of other people :-)
Last night I couldn't get to sleep, due to my big mouth, so I thought a bit more about the security guide.
I guess this guide aims to the users of Fedora. This may be a huuge misconception on my part, but, I though
regular home users are the main users of Fedora. So.. this guide should perhaps to be focused on that kind of usage and
that kind of knowledge levels.
My experience, working with security in highly secure government/telco environments is that security
and ease of use/user friendliness is two most important main counter parts.
On one hand, it's "pretty easy" to make something extremely secure, but extremely secure systems is a total drag to be in
- because they are difficult to access, use and communicate to and from, due to all restrictions and security related administration.
I believe the standard Fedora user never would want such a system. In a system like that security has compromised to much user friendliness for it to be fun.
If security isn't your definition of happy-happy joy-joy :-)
I had a thought that perhaps this guide should mainly not focus on different things that makes a system secure as a bank.
Instead perhaps it should focus on covering techniques that allows ones home computer to operate in a secure
_and_ user friendly manner.
Here's what I wrote on my phone last night, trying to kill demons of guilt and shame spawned out of my nonconstructive mail yesterday.
I tried to sort them in order of positive impact on security weighed against user friendliness.
1) Keep your system up-to-date.
1.1) Perhaps advocacy that users should prefer "Yum installed software", as it automatically will get updated via Yum.
2) Keep backups of your data.
2.1) Some easy ways of backing up data. Burn on CD/DVD, put on external storage, backup hard drive, etc. S/W recommendations.
3) Running a firewall.
3.1) Using the shipped Fedora firewall setup tools, enabling the firewall at install.
4) Use SE-Linux
5) Use common sense
5.1 Do not accept unknown stuff/software from unknown people. If a stranger walked up to you in real life and offered you an unidentifiable object.. and you at the same time
constantly heard and read stories of people accepting unidentifiable objects from strangers - finding out the object was a bomb / robotic miniature robber - YOU WOULD RUN AWAY!
5) Do not run server software that you do not use (as web, mail, ftp, nfs or even a ssh server (if it's a desktop))
6) Advanced topics - Here one may cover more "user unfriendly" stuff for the paranoid government spy user types :-)
6.1 Encryption of different kinds (files, file systems, e-mail, etc)
6.2 Advanced hardening techniques and tools.
6.3 Advanced auditing techniques and tools
6.4 Security policy and/or paranoid thinking
Some more links.
Organizations:
http://www.cert.org/archive/pdf/aia-handbook.pdfhttp://www.first.org/resources/guides/http://www.sans.org/reading_room/
//M
mån 2009-01-05 klockan 12:00 -0500
>
> Message: 2
> Date: Sun, 04 Jan 2009 22:23:45 -0500
> From: Eric Christensen <eric(a)christensenplace.us>
> Subject: Re: PATCH[1/1] Linux Security Guide
> To: For participants of the Documentation Project
> <fedora-docs-list(a)redhat.com>
> Message-ID: <49617D41.5040205(a)christensenplace.us>
> Content-Type: text/plain; charset=ISO-8859-1
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Good resources. Thanks for sending them. My reasoning for building
> that part of the Security Guide based on US Government documents and not
> documents from Universities or commercial sources has a simple
> explanation. Government computers HAVE to be secure. I've seen way too
> many universities and businesses run a half-way security mindset. They
> are too interested in the bottom line than a secure system even though a
> secure system will help the bottom line in the long run.
>
> The only other industry that I would like to pull from is the banking
> industry. They are generally notorious for their secure systems (I'm
> talking about the larger banks). They could stand to loose billions of
> dollars if they are "broken into". Of course most of the banks make
> their documentation secret as to not tip off anyone with a possible
> documented flaw.
>
> I agree that we should be looking at multiple sources and that will come
> in time. Please feel free to add information into the guide. I'll be
> happy to read any patches that you, or anyone else, has to offer to the
> guide. If you have any specific interests, please let me know!
>
> Thanks,
> Eric Christensen
> E-Mail: sparks(a)fedoraproject.org
> GPG Key: BD0C14C1
>
>
>
> Magnus Glantz wrote:
> > I'm sorry if I came off a bit rude, it wasn't my intent.
> > Also, I'm sorry for not being constructive, I'll try not and e-mail during rush our in the future :-)
> >
> > About a more wide spread flora of security references. My thought was that the more known universities around the world
> > must have written kilometers of papers on Linux Security. Finding freely available papers describing general security on
> > Linux was easier said than done. I found some references during a quick scan this evening.
> >
> > I guess it's a matter of trust. Of course the US Government and the NSA has excellent and trustworthy security people,
> > and that information in this subject is collaborative.. but at least I feel more secure seeing that it's not only
> > the US Government and secret service that approves and advocates the security issues brought out in this security guide.
> >
> > Universities:
> > http://www.princeton.edu/~essweb/linux/linuxsecurity.html
> > http://www.yale.edu/its/secure-computing/
> > http://www.yale.edu/its/security/sysadmin/server-guidelines.html
> > http://www.yale.edu/its/security/network/unix.html
> > http://www-uxsup.csx.cam.ac.uk/security/unix-box.html
> >
> > Other:
> > http://www.tldp.org/HOWTO/Security-HOWTO/
> > http://tldp.org/HOWTO/Security-Quickstart-HOWTO/
> > http://en.tldp.org/HOWTO/Secure-Programs-HOWTO/open-source-security.html
> > http://www.puschitz.com/SecuringLinux.shtml
> > http://en.wikipedia.org/wiki/Linux_Security_Modules
> >
> > Vendors:
> > http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/en-US/Security_…
> >
> > I'll try and find some more / better references as soon as I have some more free time.
> >
> > //M
> >
> >
> > sn 2009-01-04 klockan 12:00 -0500 skrev Message: 8
> > Date: Sun, 4 Jan 2009 09:44:55 -0500
> > From: "Paul W. Frields" <stickster(a)gmail.com>
> > Subject: Re: PATCH[1/1] Linux Security Guide
> > To: fedora-docs-list(a)redhat.com
> > Message-ID: <20090104144455.GB18821(a)localhost.localdomain>
> > Content-Type: text/plain; charset="utf-8"
> >
> > On Sun, Jan 04, 2009 at 09:07:16PM +1000, Murray McAllister wrote:
> >> On Sun, Jan 4, 2009 at 7:20 PM, Magnus Glantz <mg(a)hacka.net> wrote:
> >>> My 5 as an non US citizen.
> >>>
> >>> I do not feel comfortable with a guide that seems almost completely
> >>> ripped off published US military/government documents.
> >> I only looked at the English. I was not aware of the origins of the
> > content.
> >> I will be more careful in future.
> >>
> >> Thanks! :-)
> >
> > "Ripped off" seems unnecessarily harsh to me, and incorrectly implies
> > that somehow the content was lifted without permission, when in fact
> > the references in question are freely available to everyone (USA
> > domestic or foreign). The principles embodied in most of those
> > references are fairly universal and you'll find them echoed in most
> > high-level infosec materials. In fact, some foreign governments use
> > these references themselves.
> >
> > The Security Guide continues to be a collaborative, participatory
> > project, so anyone who is unhappy with the content -- or completely
> > satisfied, too, for that matter -- is free to get involved! :-) You
> > could start by providing equivalent or comparable non-US references,
> > for example.
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAklhfT4ACgkQfQTSQL0MFMELjwCgpdCn9TKLWOcWs8eWtE+MHTsq
> tuIAoNE0uJypOTF8ScTOr9IXyyBdw5e1
> =HflS
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 05 Jan 2009 10:12:20 +0530
> From: Rahul Sundaram <sundaram(a)fedoraproject.org>
> Subject: curl instead of wget
> To: For participants of the Documentation Project
> <fedora-docs-list(a)redhat.com>
> Message-ID: <49618FAC.30400(a)fedoraproject.org>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hi,
>
> In documentation, wherever we are using wget, it is probably better to
> use curl instead since wget is not installed by default on the Live CD
> while curl is. Just a thought.
>
> Rahul
>
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 05 Jan 2009 07:01:54 +0200
> From: Basil Mohamed Gohar <abu_hurayrah(a)hidayahonline.org>
> Subject: Re: curl instead of wget
> To: For participants of the Documentation Project
> <fedora-docs-list(a)redhat.com>
> Message-ID: <1231131714.3714.7.camel(a)localhost.localdomain>
> Content-Type: text/plain
>
> On Mon, 2009-01-05 at 10:12 +0530, Rahul Sundaram wrote:
> > Hi,
> >
> > In documentation, wherever we are using wget, it is probably better to
> > use curl instead since wget is not installed by default on the Live CD
> > while curl is. Just a thought.
> >
> > Rahul
> >
> I ran into this problem (missing wget) after installing from the F10
> LiveCD, so I can relate. However, I've no experience with curl, and I
> must say, curl --help is somewhat intimidating. Is it as
> straightforward to use as wget, especially for someone that may be new
> (e.g., the majority of those using documentation on a new installation
> of Fedora)?
>
> ________________________________________________________________________
>
> Basil Mohamed Gohar
> abu_hurayrah(a)hidayahonline.org
> www.basilgohar.com
>
>
>
> ------------------------------
>
> Message: 5
> Date: Sun, 4 Jan 2009 23:04:11 -0600
> From: Ian Weller <ianweller(a)gmail.com>
> Subject: Re: curl instead of wget
> To: For participants of the Documentation Project
> <fedora-docs-list(a)redhat.com>
> Message-ID: <20090105050411.GA3404(a)gmail.com>
> Content-Type: text/plain; charset="us-ascii"
>
> On Mon, Jan 05, 2009 at 07:01:54AM +0200, Basil Mohamed Gohar wrote:
> > On Mon, 2009-01-05 at 10:12 +0530, Rahul Sundaram wrote:
> > > Hi,
> > >
> > > In documentation, wherever we are using wget, it is probably better to
> > > use curl instead since wget is not installed by default on the Live CD
> > > while curl is. Just a thought.
> > >
> > > Rahul
> > >
> > I ran into this problem (missing wget) after installing from the F10
> > LiveCD, so I can relate. However, I've no experience with curl, and I
> > must say, curl --help is somewhat intimidating. Is it as
> > straightforward to use as wget, especially for someone that may be new
> > (e.g., the majority of those using documentation on a new installation
> > of Fedora)?
> >
> Then shouldn't wget be installed by default?
>
> --
> Ian Weller <ianweller(a)gmail.com> http://ianweller.org
> GnuPG fingerprint: E51E 0517 7A92 70A2 4226 B050 87ED 7C97 EFA8 4A36
> "Technology is a word that describes something that doesn't work yet."
> ~ Douglas Adams
>
I'm sorry if I came off a bit rude, it wasn't my intent.
Also, I'm sorry for not being constructive, I'll try not and e-mail during rush our in the future :-)
About a more wide spread flora of security references. My thought was that the more known universities around the world
must have written kilometers of papers on Linux Security. Finding freely available papers describing general security on
Linux was easier said than done. I found some references during a quick scan this evening.
I guess it's a matter of trust. Of course the US Government and the NSA has excellent and trustworthy security people,
and that information in this subject is collaborative.. but at least I feel more secure seeing that it's not only
the US Government and secret service that approves and advocates the security issues brought out in this security guide.
Universities:
http://www.princeton.edu/~essweb/linux/linuxsecurity.htmlhttp://www.yale.edu/its/secure-computing/http://www.yale.edu/its/security/sysadmin/server-guidelines.htmlhttp://www.yale.edu/its/security/network/unix.htmlhttp://www-uxsup.csx.cam.ac.uk/security/unix-box.html
Other:
http://www.tldp.org/HOWTO/Security-HOWTO/http://tldp.org/HOWTO/Security-Quickstart-HOWTO/http://en.tldp.org/HOWTO/Secure-Programs-HOWTO/open-source-security.htmlhttp://www.puschitz.com/SecuringLinux.shtmlhttp://en.wikipedia.org/wiki/Linux_Security_Modules
Vendors:
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/en-US/Security_…
I'll try and find some more / better references as soon as I have some more free time.
//M
sön 2009-01-04 klockan 12:00 -0500 skrev Message: 8
Date: Sun, 4 Jan 2009 09:44:55 -0500
From: "Paul W. Frields" <stickster(a)gmail.com>
Subject: Re: PATCH[1/1] Linux Security Guide
To: fedora-docs-list(a)redhat.com
Message-ID: <20090104144455.GB18821(a)localhost.localdomain>
Content-Type: text/plain; charset="utf-8"
On Sun, Jan 04, 2009 at 09:07:16PM +1000, Murray McAllister wrote:
> On Sun, Jan 4, 2009 at 7:20 PM, Magnus Glantz <mg(a)hacka.net> wrote:
> > My 5 as an non US citizen.
> >
> > I do not feel comfortable with a guide that seems almost completely
> > ripped off published US military/government documents.
> I only looked at the English. I was not aware of the origins of the
content.
>
> I will be more careful in future.
>
> Thanks! :-)
"Ripped off" seems unnecessarily harsh to me, and incorrectly implies
that somehow the content was lifted without permission, when in fact
the references in question are freely available to everyone (USA
domestic or foreign). The principles embodied in most of those
references are fairly universal and you'll find them echoed in most
high-level infosec materials. In fact, some foreign governments use
these references themselves.
The Security Guide continues to be a collaborative, participatory
project, so anyone who is unhappy with the content -- or completely
satisfied, too, for that matter -- is free to get involved! :-) You
could start by providing equivalent or comparable non-US references,
for example.
--
Paul W. Frields http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://redhat.com/ - - - - http://pfrields.fedorapeople.org/irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If anyone has any patches or bugs for the Security Guide please submit
them at the Trac site [1]. We'll be using that to maintain a running
record of everything. Each section and guide has it's own component so
we can make it easier to distribute the work.
Also, if you would like to maintain a particular chapter or section
please let me know and we'll put you in the system.
[1] https://fedorahosted.org/securityguide
Thanks,
Eric Christensen
E-Mail: sparks(a)fedoraproject.org
GPG Key: BD0C14C1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkli37MACgkQfQTSQL0MFMFp3wCgjb2OIdqqmH1bV9cc6GUex9w8
md4AoLR4DDOi0+0W/SJ50A8coumEIZs2
=8nP4
-----END PGP SIGNATURE-----
Hi
Figured this page could do with a brief update adding more recent
well-known security incidents, and statistics etc.
Patch file [Security_Introduction.xml.patch] is available here:
http://sradvan.fedorapeople.org/
Comments/edits are more than welcome.
--
Scott Radvan, Content Author
Red Hat APAC (Brisbane) http://www.apac.redhat.com
"Emancipation from the bondage of the soil is no freedom for the tree."