Bug 129957
| Summary: | Fedora Core Hardening Tutorial Request | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora Documentation | Reporter: | Charles Heselton <tuckser> | ||||||||||||
| Component: | security-guide | Assignee: | Scott Radvan <sradvan> | ||||||||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | eric | ||||||||||||
| Severity: | medium | Docs Contact: | |||||||||||||
| Priority: | medium | ||||||||||||||
| Version: | devel | CC: | eric, k.georgiou, kwade, mattdm, rlandman, security-guide-list, tuckser | ||||||||||||
| Target Milestone: | --- | Keywords: | Documentation, FutureFeature | ||||||||||||
| Target Release: | --- | ||||||||||||||
| Hardware: | All | ||||||||||||||
| OS: | Linux | ||||||||||||||
| Whiteboard: | |||||||||||||||
| Fixed In Version: | Doc Type: | Enhancement | |||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||
| Clone Of: | Environment: | ||||||||||||||
| Last Closed: | 2009-08-05 18:23:45 UTC | Type: | --- | ||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||
| Documentation: | --- | CRM: | |||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
| Embargoed: | |||||||||||||||
| Bug Depends On: | |||||||||||||||
| Bug Blocks: | 129807 | ||||||||||||||
| Attachments: |
|
||||||||||||||
I've already started working on this one. I've only got the first chapter or so, but do I need to assign this to myself? Or should someone assign it to me? Do you have an outline or list of topics the tutorial you are working on includes? Let's start with posting that to this report as well as the mailing list. When you post it to the mailing list, ask others to review it and suggest additional security measures that could be included. Created attachment 103275 [details]
Hardening Tutorial Outline
Attaching outline for review by the group. Group: This is the direction I'm heading. I'm thinking that I might need to add a few more things, but this should be a good start. I think that kernel compilation should be somewhere in there, but considering the recent (ongoing) discussion of magnitude (guide vs. tutorial) on the lists, I'll leave it here for now. Thoughts, suggestions, additions, critique....all are welcome. I'll be posting the Intro and Chapter 1 xml docs, as soon as I have them available (which should be soon). With all the changes to the kernel packaging (-source, -sourcecode, .src.rpm), there is a proposal for a kernel compilation tutorial. Bug # 130754 is tracking this. I think a section on hardening the kernel could fit into that guide. If you are interested in either working on or contributing a kernel hardening section for bug # 130754 Kernel Compilation Tutorial, please attach yourself or content to that doc. :) As for the outline, it looks really good. The only thing I see obviously missing are the "common" sections we've just been discussing over the weekend. Since they don't exist yet, you aren't responsible for them not being in your outline :), just keep in mind that we are defining those and they will need a slot. At the moment this would add: Introduction - add in include scope and !scope, audience and !audience C. Document Conventions (might be the right place) VI. References Looks very good! Created attachment 104664 [details]
Intro, chapter 1 and "parent" doc
Here's the Intro and Chapter 1. If you reference the outline I posted a while
ago, you'll notice that kernel hardening is supposed to be chapter 2. Since
that doc is still in the works, I'm going to jump right into chapter 3, and if
I can assist on the Kernel Compilation doc, I will. Will post more as it is
available.
Created attachment 112496 [details]
Fedora Core Security Overview
This is the completed doc. This should be ready for editing, obviously, if
there are any major changes that are outside the scope of the Editor's role,
please let me know.
Created attachment 113586 [details]
Fedora Core Security Overview - Updated
This has been updated based on comments and feedback from the mailing list. If
you have anything else to offer, please mail the fedora-docs list or me
personally, at tuxxer.
I am pretty much done with this guide, and barring any major set backs, would
like to see it progress to the next level (editing?).
Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match. I deeply apologize that we've let this go on so long that the guide is now for a legacy version of FC. :( Are you interested in updating the guide for current FC versions? FC3 will be good for a while still, and FC4 is coming fast. I'll go ahead and edit this as it stands, but I can be more thorough if you are interested in maintaining the document under new FC versions. Created attachment 113697 [details]
Fedora Core Security Overview - Updated
Updated to FC3.
Document updated to Fedora Core 3. Let's see if we need to incorporate this into the Security Guide. I think all of these ideas have been included in either the installation guide, the user guide, or the security guide. Please reopen if needed but I'm closing this one for now. |
From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) Description of problem: There is currently not a tutorial, within the bounds of the Fedora Documentation project, describing how to harden, or secure, a Fedora base install. While Fedora, and linux in general, is typically more secure than other operating systems, there are still things that can be done to ensure that you are running in the most secure mode possible. This tutorial would walk users through steps on how to accomplish these tasks, using existing Fedora components, and third party tools as necessary. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Search Bugzilla for "system hardening" 2. 3. Additional info: