Talk:Security

From ArchWiki
Revision as of 11:32, 3 January 2013 by Det (Talk | contribs) (Todo)

Jump to: navigation, search

Just a thing to take into consideration - it's a great idea to have one central page for security, but we should try to add most of the information to the articles about the specific software and then link to there from here. An example would be putting the grub2 password protection stuff on the grub2 page, and linking to there. There are also already a lot of security-related articles, and we should link to them here too, along with some info/rationale. thestinger 23:07, 23 November 2010 (EST)

Todo

  • Update "Lockout user after three failed login attempts", file mentioned no longer contains those lines ?
  • descriptions/rationale for all the links to other articles (MAC)
  • base64 /dev/urandom | dd bs=1 count=10 2>/dev/null
  • SSH/fail2ban
  • use (enhanced?) ACL on partitions
  • quotas
  • limits/cgroups
  • TMOUT for root shell
  • sudo timeout
  • DNSSEC
  • Securely Wipe HDD
  • Using File Capabilities Instead Of Setuid
  • VNC, proxies, ssl, etc
  • rvim/rgvim
  • browser security (requestpolicy, noscript, sand-boxing browser)
  • PAX/grsecurity
  • merge Hardening Guides into this article
  • kernel options (which could be added as FRs on the bug tracker)
  • Package signing
  • stack protector gcc flag (See: FS#18864)

chmod user's home folder

find ~ -type d -print0 | xargs -0 chmod 700
find ~ -type f -print0 | xargs -0 chmod 600
Why? The top level directory (~) is already 700. Do you have an example of when this would add protection? thestinger 18:09, 11 January 2011 (EST)