On Thu, 2005-03-31 at 10:42 +0100, Stuart Ellis wrote: > On Wed, 30 Mar 2005 22:17:12 -0800 (PST), "Rahul Sundaram" > <rahulsundaram@xxxxxxxxxxx> said: > > > > http://members.cox.net/tuxxer/ch-chapter2.html > > > > Since this is out of scope for your document by your > > own admission it would be better to just drop this. > > Kernel recompilation or additional hardening is > > unnecessary for the large majority of users and worse > > gives the idea that the kernel requires active manual > > intervention to make it secure. > > I think that the main issue is that the specified audience ("all users") > doesn't match up with the intent (a comprehensive security overview). I > don't see there's anything wrong with saying that it's a detailed guide > for more advanced users, and leaving the basic security stuff for > another doc - 1) don't mess with the defaults without a reason, 2) run > updates, 3) there is no step 3 :) > > > > -- > > Stuart Ellis > Well, I think there is a little bit of both opinions here. Maybe there are some assumptions that I have made that would be beyond the most basic user. And I admit that this could be a failing of my writing. I've been using Linux off and on since '97, so some assumptions I make may be completely obscured to the most basic user. While this document isn't meant to be the end-all-be-all document to securing a Fedora system, I think that it covers a fairly broad spectrum of potential readers. And, I think that it should serve as a guide to users who are just beginning in linux, and those who maybe familiar with linux, but aren't aware of some of the security problems associated with it. I can agree, that for the time being, the kernel hardening section could probably be left out. I do, however, believe that it has a place here, and eventually would like to see it return to this document - or perhaps be included in a larger scope, more detailed document that was perhaps more of a collaboration. I also think that before the kernel hardening section returns that there should be a kernel compilation guide. -Charlie -- -tuxxer gpg: 57EB F948 76AE 25BC E340 EFA9 FAF6 E1AC F1E1 1EA1
Attachment:
signature.asc
Description: This is a digitally signed message part
