Ubuntu Server Guide - Security Section
Gilbert Mendoza
gmendoza at gmail.com
Sat Jan 19 12:15:39 UTC 2008
Greets,
There are a few items I would like to add and change in the Security
section of the Ubuntu 8.04 Server Guide [1]. If the team leaders are in
agreement, here's the proposed changes I would like to make.
1. Security title page [1] lacks a proper introduction. Currently, the
introduction starts talking about netfilter, which is merely one component
of a security strategy. I would like to add a brief statement about the
topic and sections to follow. The current statement is accurate, but
should be moved to the firewall introduction section [2].
2. There are a few sections I would like to add in addition to the current
headings. I don't think it needs to be an exhaustive security guide, but
more should be added on the subject. This would include the following
sections:
Security
- proper intro (ADD)
*Firewall (MENTIONED MODIFICATIONS)
*AppArmor (OK)
*User and Group Management (ADD)
- Use of root and sudo (brief)
- Adding/Locking/Deleting Users and Groups
- User Account/Password Policies, e.g. max/min length
- Changing default home folder permissions from being world readable
- Other considerations (brief)
e.g. rsa keys allowing locked users to have ssh access
e.g. External user database authentication
*GRUB Password Security (ADD)
- Prevent unauthorized single user mode access
- Prevent unauthorized menu edits and kernel options
*Disable CTRL+ALT+DEL (ADD)
- Prevent unauthorized reboots
*Data Security and Confidentiality (ADD)
- Brief description of data security topics as follows:
- Volume and File Encryption (Brief)
- Secure Data Deletion (Brief)
- Service Encryption, e.g. SSH, HTTPS, SSL (Brief)
- Certificates (OK, MAYBE MOVE UNDER NEW HEADING?)
*Antivirus (ADD)
- Brief mention and referral to guide.
*Logging (ADD)
- Brief mention and referral to guide.
Any thoughts?
--
Gilbert Mendoza
PGP: 0x075DBCA9
Email: gmendoza at gmail.com
http://www.savvyadmin.com
https://launchpad.net/~gmendoza
https://wiki.ubuntu.com/GilbertMendoza
[1] http://doc.ubuntu.com/ubuntu/server/C/security.html
[2] http://doc.ubuntu.com/ubuntu/server/C/firewall.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-doc/attachments/20080119/64b8a69c/attachment.pgp>
More information about the ubuntu-doc
mailing list