Ubuntu Server Guide - Security Section

Adam Sommer asommer70 at gmail.com
Sat Jan 19 16:52:05 UTC 2008 

Hello Gilbert,


> 1. Security title page [1] lacks a proper introduction.  Currently, the
> introduction starts talking about netfilter, which is merely one component
> of a security strategy.  I would like to add a brief statement about the
> topic and sections to follow.  The current statement is accurate, but
> should be moved to the firewall introduction section [2].


Sounds like a good idea to me.  The AppArmor section is new and before the
Security section only covered firewalls, so I think it would be great to
update the sections introduction.


>
> Security
>  - proper intro (ADD)
> *Firewall (MENTIONED MODIFICATIONS)
> *AppArmor (OK)
> *User and Group Management (ADD)
>  - Use of root and sudo (brief)
>  - Adding/Locking/Deleting Users and Groups
>  - User Account/Password Policies, e.g. max/min length
>  - Changing default home folder permissions from being world readable
>  - Other considerations (brief)
>    e.g. rsa keys allowing locked users to have ssh access
>    e.g. External user database authentication
> *GRUB Password Security (ADD)
>  - Prevent unauthorized single user mode access
>  - Prevent unauthorized menu edits and kernel options
> *Disable CTRL+ALT+DEL (ADD)
>  - Prevent unauthorized reboots
> *Data Security and Confidentiality (ADD)
>  - Brief description of data security topics as follows:
>  - Volume and File Encryption (Brief)
>  - Secure Data Deletion (Brief)
>  - Service Encryption, e.g. SSH, HTTPS, SSL (Brief)
>  - Certificates (OK, MAYBE MOVE UNDER NEW HEADING?)
> *Antivirus (ADD)
>  - Brief mention and referral to guide.
> *Logging (ADD)
>  - Brief mention and referral to guide.
>

These all look like great additions to me.  After last weeks Server Team
Meeting we are going to focus on the Security section, but our focus was
mostly on the Firewall section.  A firewall configuration tool is currently
being developed to make common iptables configurations easier [1].  The plan
is to include instructions on it's use in the Firewall section.

I think the other areas you've mentioned will be a great addition to the
guide, so please feel free to submit patches to the list.  It looks like
this will be a large amount of new content.  Recently it has been proposed
to shorten the String Freeze schedule to allow for more QA time [2].  I'm
not sure how much time it will take to document your proposals, but even if
all of them don't make it into the Hardy release they would certainly be
good for later releases.

Anyway, great ideas Gilbert thanks for submitting them.


[1] https://code.launchpad.net/~jamie-strandboge/ufw/trunk
[2] https://lists.ubuntu.com/archives/ubuntu-doc/2008-January/010149.html

-- 
Party On,
Adam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-doc/attachments/20080119/862bbd3d/attachment.html>

More information about the ubuntu-doc mailing list