Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 600204 Details for
Bug 841825
Empty sections in Fedora 17 “Security Guide”
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch
Basic_Hardening.patch (text/plain), 5.34 KB, created by
eric
on 2012-07-25 02:08:38 UTC
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
eric
Created:
2012-07-25 02:08:38 UTC
Size:
5.34 KB
patch
obsolete
>diff --git a/en-US/Basic_Hardening.xml b/en-US/Basic_Hardening.xml >index 7773b68..6bff15b 100644 >--- a/en-US/Basic_Hardening.xml >+++ b/en-US/Basic_Hardening.xml >@@ -42,34 +42,30 @@ > </section> > <section id="sect-Security_Guide-Basic_Hardening-Networking"> > <title>Networking</title> >- <para></para> >- </section> >- <section id="sect-Security_Guide-Basic_Hardening-Networking-IPTables"> >- <title>IPTables</title> >- <para></para> >- </section> >- <section id="sect-Security_Guide-Basic_Hardening-Networking-IPv6"> >- <title>IPv6</title> >- <para></para> >- </section> >- <section id="sect-Security_Guide-Basic_Hardening-SELinux"> >- <title>SELinux</title> >- <para></para> >- </section> >- <section id="sect-Security_Guide-Basic_Hardening-Disk_Partitions"> >- <title>Disk Partitions and Mounting</title> >- <para></para> >+ <para>The computer's network connection is the gateway to your system. Your files and processor time could be available to anyone who successfully connects to your system via this network connection if other safeguards have not been implemented. One of the primary ways to keep you in control of your system is to prevent the attackers from gaining access to your system in the first place.</para> >+ <section id="sect-Security_Guide-Basic_Hardening-Networking-IPTables"> >+ <title>IPTables</title> >+ <para><application>IPTables</application> is the most widely used firewall software on Linux systems today. This program intercepts packets coming into your computer via the network connection and filters them according to rules you have specified. Additional information can be found in <xref linkend="sect-Security_Guide-IPTables" />.</para> >+ </section> >+ <section id="sect-Security_Guide-Basic_Hardening-Networking-IPv6"> >+ <title>IPv6</title> >+ <para>IPv6 is the latest Internet protocol which aims to solve the address quantity shortfall inherent to IPv4. And while there are no security risks directly associated with the new protocol there are a few things to understand before utilizing this new technology.</para> >+ <para>Most system administrators are familiar with IPv4 and the work-arounds that were put in place to make IPv4 work. One of these work-arounds is network address translation, or NAT. NAT is traditionally used to keep the number of needed public IP addresses to a minimum when setting up a local area network. Systems on these networks don't all require public IP addresses and valuable address space can be saved by implementing this technology. There are some security features that were side effects to NAT; the biggest being that outside traffic cannot make it inside the network unless a port is forwarded across the router. Because IPv6 solves the addressing problem there is no longer a need to use NAT. Everything can have a public IP address and, by extension, everything is not publically routable across the Internet when physical and logical connections are made.</para> >+ <para>Another thing to worry about is how security software deals with this new protocol. <application>IPTables</application> doesn't know or understand IPv6 and so it ignores those packets altogether. That means if your network is utilizing IPv6 and you haven't activated <application>IP6Tables</application> then you have just left the door to your system open to the world.</para> >+ <para>Using IPv6 isn't dangerous as long as you know and understand the changes that your system's software went through to make it possible to use this new network protocol.</para> >+ </section> > </section> > <section id="sect-Security_Guide-Basic_Hardening-Up_to_date"> > <title>Keeping software up to date</title> >- <para></para> >+ <para>Software gets patched everyday. Some of these updates fix security problems that were identified by the developers. When these patches become available it is important that they are applied to your system as soon as possible. One of the easier ways to manage updates for your system is using <application>yum</application>. A special plugin is available to allow only security updates to be installed while ignoring bugfixes and enhancements. This plugin is explained better at <xref linkend="sect-Security_Guide-CVE-yum_plugin" />.</para> > </section> > <section id="sect-Security_Guide-Basic_Hardening-Services"> > <title>Services</title> >- <para></para> >+ <para>Services in Linux are programs that run as daemons in the background. It is important to audit these programs regularly to determine if they need to be running. Many daemons open network ports in order to listen for calls. Having unnecessary ports open can harm the overall security of the system. An unknown security flaw in a piece of software can allow a hacker into a system for no good reason.</para> > </section> > <section id="sect-Security_Guide-Basic_Hardening-NTP"> > <title>NTP</title> >- <para></para> >+ <para>Network Time Protocol, or NTP, keeps the time on your systems accurate. Time is a very important piece of the security puzzle and should be maintained as precisely as possible. Time is used in log files, timestamps, and in encryption. If somoene is able to control the time settings on one of your systems then they are able to make the recreation of a break-in that much more difficult.</para> >+ <para>Setting up a NTP server is easy to do and can provide one of the single most important pieces of infrastructure on your network.</para> > </section> > </chapter>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=600204">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 841825
: 600204