Ubuntu Server Guide - Security Section

Gilbert Mendoza gmendoza at gmail.com
Sat Jan 19 12:15:39 UTC 2008 

Greets,

There are a few items I would like to add and change in the Security
section of the Ubuntu 8.04 Server Guide [1].  If the team leaders are in
agreement, here's the proposed changes I would like to make.

1. Security title page [1] lacks a proper introduction.  Currently, the
introduction starts talking about netfilter, which is merely one component
of a security strategy.  I would like to add a brief statement about the
topic and sections to follow.  The current statement is accurate, but
should be moved to the firewall introduction section [2].

2. There are a few sections I would like to add in addition to the current
headings.  I don't think it needs to be an exhaustive security guide, but
more should be added on the subject.  This would include the following
sections:

Security
 - proper intro (ADD)
*Firewall (MENTIONED MODIFICATIONS)
*AppArmor (OK)
*User and Group Management (ADD)
 - Use of root and sudo (brief)
 - Adding/Locking/Deleting Users and Groups
 - User Account/Password Policies, e.g. max/min length
 - Changing default home folder permissions from being world readable
 - Other considerations (brief)
    e.g. rsa keys allowing locked users to have ssh access
    e.g. External user database authentication
*GRUB Password Security (ADD)
 - Prevent unauthorized single user mode access
 - Prevent unauthorized menu edits and kernel options
*Disable CTRL+ALT+DEL (ADD)
 - Prevent unauthorized reboots
*Data Security and Confidentiality (ADD)
 - Brief description of data security topics as follows:
 - Volume and File Encryption (Brief)
 - Secure Data Deletion (Brief)
 - Service Encryption, e.g. SSH, HTTPS, SSL (Brief)
 - Certificates (OK, MAYBE MOVE UNDER NEW HEADING?)
*Antivirus (ADD)
 - Brief mention and referral to guide.
*Logging (ADD)
 - Brief mention and referral to guide.

Any thoughts?

-- 

Gilbert Mendoza
PGP: 0x075DBCA9
Email: gmendoza at gmail.com
http://www.savvyadmin.com
https://launchpad.net/~gmendoza
https://wiki.ubuntu.com/GilbertMendoza

[1] http://doc.ubuntu.com/ubuntu/server/C/security.html
[2] http://doc.ubuntu.com/ubuntu/server/C/firewall.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-doc/attachments/20080119/64b8a69c/attachment.pgp>

More information about the ubuntu-doc mailing list