Red Hat Bugzilla – Bug 129957
Fedora Core Hardening Tutorial Request
Last modified: 2015-04-06 23:19:09 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET
Description of problem:
There is currently not a tutorial, within the bounds of the Fedora
Documentation project, describing how to harden, or secure, a Fedora
base install. While Fedora, and linux in general, is typically more
secure than other operating systems, there are still things that can
be done to ensure that you are running in the most secure mode
possible. This tutorial would walk users through steps on how to
accomplish these tasks, using existing Fedora components, and third
party tools as necessary.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Search Bugzilla for "system hardening"
I've already started working on this one. I've only got the first
chapter or so, but do I need to assign this to myself? Or should
someone assign it to me?
Do you have an outline or list of topics the tutorial you are working
on includes? Let's start with posting that to this report as well as
the mailing list. When you post it to the mailing list, ask others to
review it and suggest additional security measures that could be included.
Created attachment 103275 [details]
Hardening Tutorial Outline
Attaching outline for review by the group.
This is the direction I'm heading. I'm thinking that I might need to
add a few more things, but this should be a good start. I think that
kernel compilation should be somewhere in there, but considering the
recent (ongoing) discussion of magnitude (guide vs. tutorial) on the
lists, I'll leave it here for now. Thoughts, suggestions, additions,
critique....all are welcome. I'll be posting the Intro and Chapter 1
xml docs, as soon as I have them available (which should be soon).
With all the changes to the kernel packaging (-source, -sourcecode,
.src.rpm), there is a proposal for a kernel compilation tutorial. Bug
# 130754 is tracking this. I think a section on hardening the kernel
could fit into that guide.
If you are interested in either working on or contributing a kernel
hardening section for bug # 130754 Kernel Compilation Tutorial, please
attach yourself or content to that doc. :)
As for the outline, it looks really good. The only thing I see
obviously missing are the "common" sections we've just been discussing
over the weekend. Since they don't exist yet, you aren't responsible
for them not being in your outline :), just keep in mind that we are
defining those and they will need a slot. At the moment this would add:
Introduction - add in include scope and !scope, audience and !audience
C. Document Conventions (might be the right place)
Looks very good!
Created attachment 104664 [details]
Intro, chapter 1 and "parent" doc
Here's the Intro and Chapter 1. If you reference the outline I posted a while
ago, you'll notice that kernel hardening is supposed to be chapter 2. Since
that doc is still in the works, I'm going to jump right into chapter 3, and if
I can assist on the Kernel Compilation doc, I will. Will post more as it is
Created attachment 112496 [details]
Fedora Core Security Overview
This is the completed doc. This should be ready for editing, obviously, if
there are any major changes that are outside the scope of the Editor's role,
please let me know.
Created attachment 113586 [details]
Fedora Core Security Overview - Updated
This has been updated based on comments and feedback from the mailing list. If
you have anything else to offer, please mail the fedora-docs list or me
personally, at firstname.lastname@example.org.
I am pretty much done with this guide, and barring any major set backs, would
like to see it progress to the next level (editing?).
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
I deeply apologize that we've let this go on so long that the guide is now for a
legacy version of FC. :(
Are you interested in updating the guide for current FC versions? FC3 will be
good for a while still, and FC4 is coming fast.
I'll go ahead and edit this as it stands, but I can be more thorough if you are
interested in maintaining the document under new FC versions.
Created attachment 113697 [details]
Fedora Core Security Overview - Updated
Updated to FC3.
Document updated to Fedora Core 3.
Let's see if we need to incorporate this into the Security Guide.
I think all of these ideas have been included in either the installation guide, the user guide, or the security guide. Please reopen if needed but I'm closing this one for now.