Difference between revisions of "Talk:Security"

From ArchWiki
Jump to: navigation, search
(Todo)
m
(5 intermediate revisions by one other user not shown)
Line 1: Line 1:
Just a thing to take into consideration - it's a great idea to have one central page for security, but we should try to add most of the information to the articles about the specific software and then link to there from here. An example would be putting the grub2 password protection stuff on the grub2 page, and linking to there. There are also already a lot of security-related articles, and we should link to them here too, along with some info/rationale. [[User:Thestinger|thestinger]] 23:07, 23 November 2010 (EST)
 
 
 
==Todo==
 
==Todo==
 
*Update "Lockout user after three failed login attempts", file mentioned no longer contains those lines ?  
 
*Update "Lockout user after three failed login attempts", file mentioned no longer contains those lines ?  
Line 20: Line 18:
 
*merge [[Hardening Guides]] into this article
 
*merge [[Hardening Guides]] into this article
 
*kernel options (which could be added as FRs on the bug tracker)
 
*kernel options (which could be added as FRs on the bug tracker)
 +
*[[DeveloperWiki:Package signing|Package signing]]
 
*<s>stack protector gcc flag</s> (See: [https://bugs.archlinux.org/task/18864 FS#18864])
 
*<s>stack protector gcc flag</s> (See: [https://bugs.archlinux.org/task/18864 FS#18864])
 
+
* document hidepid mount option?
== chmod user's home folder ==
+
--[[User:Thestinger|thestinger]] 18:09, 11 January 2011 (EST), --[[User:Det|Det]] ([[User talk:Det|talk]]) 11:35, 3 January 2013 (UTC),
 
+
--[[User:Flu|Flu]] ([[User talk:Flu|talk]]) 13:49, 19 April 2013 (UTC)
find ~ -type d -print0 | xargs -0 chmod 700
+
find ~ -type f -print0 | xargs -0 chmod 600
+
 
+
:Why? The top level directory (~) is already 700. Do you have an example of when this would add protection? [[User:Thestinger|thestinger]] 18:09, 11 January 2011 (EST)
+
 
+
== The other side of the coin ==
+
I am sure there aught to be a page, linked to from here, indicating how security of the contents of packages is maintained. Not only signing, but how well the sources of projects are checked, if you use the binaries as supplied, if it is checked if the binary corresponds to the source it alledgedly is. If the compiler is checked.
+
 
+
After all, if that side of things is insecure, any other security measures could unravel rather quickly.[[User:Jasper1984|Jasper1984]] ([[User talk:Jasper1984|talk]]) 13:01, 5 November 2012 (UTC)
+

Revision as of 13:49, 19 April 2013

Todo

  • Update "Lockout user after three failed login attempts", file mentioned no longer contains those lines ?
  • descriptions/rationale for all the links to other articles (MAC)
  • base64 /dev/urandom | dd bs=1 count=10 2>/dev/null
  • SSH/fail2ban
  • use (enhanced?) ACL on partitions
  • quotas
  • limits/cgroups
  • TMOUT for root shell
  • sudo timeout
  • DNSSEC
  • Securely Wipe HDD
  • Using File Capabilities Instead Of Setuid
  • VNC, proxies, ssl, etc
  • rvim/rgvim
  • browser security (requestpolicy, noscript, sand-boxing browser)
  • PAX/grsecurity
  • merge Hardening Guides into this article
  • kernel options (which could be added as FRs on the bug tracker)
  • Package signing
  • stack protector gcc flag (See: FS#18864)
  • document hidepid mount option?

--thestinger 18:09, 11 January 2011 (EST), --Det (talk) 11:35, 3 January 2013 (UTC), --Flu (talk) 13:49, 19 April 2013 (UTC)