From ArchWiki
Revision as of 15:37, 26 December 2012 by Insu (Talk | contribs) (Todo)

Jump to: navigation, search

Just a thing to take into consideration - it's a great idea to have one central page for security, but we should try to add most of the information to the articles about the specific software and then link to there from here. An example would be putting the grub2 password protection stuff on the grub2 page, and linking to there. There are also already a lot of security-related articles, and we should link to them here too, along with some info/rationale. thestinger 23:07, 23 November 2010 (EST)


  • Update "Lockout user after three failed login attempts", file mentioned no longer contains those lines ?
  • descriptions/rationale for all the links to other articles (MAC)
  • base64 /dev/urandom | dd bs=1 count=10 2>/dev/null
  • SSH/fail2ban
  • use (enhanced?) ACL on partitions
  • quotas
  • limits/cgroups
  • TMOUT for root shell
  • sudo timeout
  • Securely Wipe HDD
  • Using File Capabilities Instead Of Setuid
  • VNC, proxies, ssl, etc
  • rvim/rgvim
  • browser security (requestpolicy, noscript, sand-boxing browser)
  • PAX/grsecurity
  • merge Hardening Guides into this article
  • kernel options (which could be added as FRs on the bug tracker)
  • stack protector gcc flag

chmod user's home folder

find ~ -type d -print0 | xargs -0 chmod 700
find ~ -type f -print0 | xargs -0 chmod 600
Why? The top level directory (~) is already 700. Do you have an example of when this would add protection? thestinger 18:09, 11 January 2011 (EST)

The other side of the coin

I am sure there aught to be a page, linked to from here, indicating how security of the contents of packages is maintained. Not only signing, but how well the sources of projects are checked, if you use the binaries as supplied, if it is checked if the binary corresponds to the source it alledgedly is. If the compiler is checked.

After all, if that side of things is insecure, any other security measures could unravel rather quickly.Jasper1984 (talk) 13:01, 5 November 2012 (UTC)