Time to join the frey!! Yeehar!

Excellent idea to make a HOWTO UnSpawn!!
I reckon we are up for the challenge!

What's the newbie opinion about where the HOWTO should start?

Could there be several starts?,
eg
1. Do we start from an already installed system, how to audit it and then start securing it step by step, a cookbook type of approach...
2. From a bare bones pre-install stage, where we have to choose a distro as well as the "packages" to install, some distros are easier than others to lock down, eg Astaro, Debian, Gentoo, but are also much harder to install, (or expensive)
3. From a planning stage, about how many boxes should we have, eg separate firewall box, separate proxy services box, dmz etc. Where is time best spent if someone wants to keep a close eye on security?

Could make the first HOWTO very quick if our members told us where to start first...
I figure for 1. the HOWTO would be broken down into categories common in an audit, like the three you have named, as well as services/objects within each category. Each one can be a walk through using CLI & GUI tools.
I don't know how many newbies are focussing on a private box vs how many are focussing on public servers or whether they are 24/7 connected (hence public) vs intermittently connected...

Time for a Poll? or a newsletter Headliner? (Hint hint Jeremy)

unSpawn, I'll be in on it. I've read a bit on security in general, etc, and have a little understanding of the terms, and procedures...but I'm still a fair n00b.

I'll be happy to read up and learn in depth what ever needs to be learnt then written...it'll give me an excuse to read it too

Is it possible to get a CVS server or something where the document can be constantly uploaded and downloaded to have the most recent version of the document at our grasp...just a thought.

Anyway, looking forward to helping.


EDIT: Just remembered this guide that i found sometime ago...it is a very good, small guide. recommended to everybody: http://www.linuxsecurity.com/docs/QuickRefCard.pdf

Peter_robb, Grim Reaper, thanks for joining in.

Peter_robb: IMHO the pre/install/post-install route would be the "best" way to go, because some things are dependant on eachother, for instance being a hog and installing everything and not having "trusted" signatures for binaries on the box. This way each user can step in at the point they are, and look back at what they where supposed to cover but didn't (yet).
I certainly hope we can make it as vendor-neutral as possible.
As for planning and multi-system setups I think that's best left for in-depth documentation (we'll link to that), and only handle host and network security for one system for newbies (that's what we're talking about) for now.

Grim: we will mostly need people willing to cooperate. Knowledge is important, but being from the other side of the spectrum will help us as well. IMHO newbies will be better equiped to test the tutorial and come up with all sorts of weird questions we wouldn't have than more seasoned Linux/GNU users would.

We're in a in an early stage now, and you're not the only one asking for CVS, if things proceed the right way (like people paying attention, reading the thread in full and answering questions in past posts) then I spose we should look into Savannah or Sourceforge.

---
If you're new to this thread plz first read the *whole* thread.
Please join in, contribute and help your fellow LQ community members!

I think even tho I haven't documented all efforts into one doc yet,
it would be good to summarize the past two weeks.

Project status week 22
Initials
In week 22 we have talked about any texts written with newbies in mind and the need for a tutorial like this. Unfortunately there where none. In short this tutorial would need to be:
I. written for newbies: that is with a suitable tone of voice, explain Linux/GNU's basics, the ways of doing things, and not assume a lot(?) of knowledge, "Make it simple, just not too simple" (q: busbarn).
II. clear: a logical setup they will be able to understand and work with (docs are referred to for "advanced" topics),
III. as vendor-neutral as possible, don't presume any setup and be as neutral to it, so SOHO or laptop should make no difference.
//(any critical points to add?)

Timeline
Ihere is an example of how we could proceed: here, but didn't put in a "hard" timeline.

Issues (aprox, not all)
We talked about how much knowledge we are supposed to assume a newbie should have, the need for explaining "basics" while doc submissions where still pouring in. Notably spikes are translations, GUI vs CLI, physical security.
An approximation for a "fundamentals" list is: here to which where no objections.

Forecasting week 23:
- discussion more focussed and add some structure.
- draft up the framework, divide, conquer before next weekend

Group questions
Should we build our doc starting with the highest priority items? Or try to be complementary to their install process? Other ways?

Project status week 23
Current member list in no particular order
Tcaptain, Manthram, Bastard23, Jharris, Busbarn
Jonr, Fancypiper, DavidPhillips, Markus1982, Kroenecker
Twilli227, Tangle, Jeremy, AXO, Brian Hatch, Peter_robb, Grim Reaper.

Issues (aprox, not all)
We started off discussing my list of fundamentals (come to think of it, no one else put up his/hers?!!#)
and somehow wen't back to CLI tool usage...

Group questions
At this point I think using a mailinglist will be better for "concentration".
Would any of you object to taking this discussion to a mailinglist?
(No answers yet)

Forecasting week 24:
- draft project outline, the stuff we should keep focussed on or the projects' Raisin d'etre (or cumquat),
- draft framework and "fundamentals" list,
- finalize discussion on what to include,

Final notes
- Anyone is free to join. Willingness to collaborate preferred over expert knowledge. Just tell us what you're willing to contribute, only proofreading and testing the tutorial for instance would be cool too. Please read the *whole* thread carefully first before posting.
- If anyone strongly disagrees with anything said, I invite you to speak up. This is an open discussion and constructive, positive criticism is welcome, just make sure to explain your issues clearly.
- Please keep this thread bookmarked and visit it preferably daily. As a group we need to get and stay focussed.
- Please answer any group questions, because as a group we decide where to got to.

Thats fine with me ..



Regards

AXO

No problem with a mailing list for me.

Edit: Jeremy allowed us a fer real LQ mailinglist, yeehaw!
When he gives the green light the address will be posted here and you'll be able to subscribe to it.

Hey unspawn , i would love to join!

i am still reasonably new to using linux, but have a good base knowledge ie: reasonable understanding of how the system works and some commands.

im not sure, if i will have much to offer in the actual writing, but for testing i offer everything i've got i have 2 systems one running slackware 9 (main system) and another rh8 (firewall, which isnt quite setup yet)

being part of it all would be awesome!
cheers

Welcome N_A_J_M, good you joined and thatnks for offering testing facilities, they will come in handy.

Important note for those who joined:
Jeremy has set up the mailinglist for us to use. Please sign up here ASAP and we'll get this thing going, and hopefully a wee bit faster. This should mean the thread should not be used for discussions, but I will post regular updates on what we achieved not only to the mailinglist but to this thread as well.


If you're new to this thread plz first read the *whole* thread.
Please join in, contribute and help your fellow LQ community members!

Just a note. For those of you who join this late and want to see what has been said on the mailing list the archive is available here:

http://lists.linuxquestions.org/pipermail/lq-security/

--jeremy

Woohoo! A mailing list...man I miss a lot being away (was offline since last wednesday, my SO's was in the hospital, she's fine now).

I just joined it. I hope I'll be able to contribute something...

Np Tcaptain, glad you could make it.
//Could the rest of you ppl join up with us ASAP?, TIA!

//moderator.note: *bump*, in case anyone wants to join the mailinglist...

from LQ weekly mailer...
"or have SGML knowledge (we need it SGMLized for TLDP)"

I have a great deal of familiarity with Docbook XML and Docbook SGML (and have written a few guides of my own in this format) and would love to help with converting text to TLDP standards documentation.

I am also an English major from Uni so I can turn a phrase all right, and I know my grammer well.

I'm not a security whiz by any means but I would love to work on the docs. Just get in touch for anything I can do...

Here are a couple places that might prove useful:

http://linsec.ca/

(this is a TWiki about security on Linux and BSD)

http://www.cert.org/

(they have a rather definitive outline on how to secure a home network that has suggestions for policy and strategics for security, and many other materials)

For Linux, per se, there is a newer O'Reilly and Associates book out called "Linux Security Cookbook." Decent book. It is, among other things, available on Informit's Safari bookself.

John Danielson