|
LQ REQ: Real newbie HOWTO's, refs, etc etc.
I would like to ask for your support finding any HOWTO's, references and whatnot that would appeal to or are especially written for newbies.
Minimal requirements could be: 1. handle basic (install/post install) security, 2. clear, simple, step by step structure, "like talking to a 4 yr old", 3. be (somewhat) up to date. If unsure, just post! TIA, unSpawn |
Judging from your post count I guess I can assume you went to the Linux Documentation project? Too high level for documentation? (I know I found them a bit complex at first...)
I'd check out the PETs at Linux Junior and the NHFs at linuxnewbie err...justlinux.com...those used to be pretty good (although I haven't visited in ages) |
come on tcaptain, you think unSpwan is asking the how-to's for himself. he is a linux security GURU for crying out loud. I am sure he wants them so that he can post to help the newbie's;)
|
No no...not at all, I didn't think they were for HIM :D
I was just wondering if he had considered LDP and judged the docs too complex I mean c'mon...2K + posts! You gotta figure he knows a lot about linux or at least LEARNED a few things during his tenure ya know? *poke* hehe |
Thanks for your suggestions Tcaptain.
Yes, what I'm looking for is the opposite of "documentation". Documentation implies one knows one's way around a Linux/GNU system, etc etc. I'll add the "Securely Installing Linux" NHF to my list. A quick scan of the PET didn't result in me noticing anything for the uninitiated. Thanks again, if you find more: please add. |
unSpawn,
Usually the distro documentation is pretty good for beginning information. I've only browsed the Redhat and Mandrake ones since I rarely uses those. The getting started guides usually start at the beginning :). I'm sure other distros have similar guides. Unfortunately the Debian (what I use) guide seems a little old. Also, the "classic" ones like The Linux System Administrators' Guide or The Linux Network Administrator's Guide are getting dated to very dated. Looks like some people around here (you and markus1982, that I've noticed) are writing things up. It would be nice if they had a more permanent home (I think linuxnewbie (justlinux) has a section like this. Or maybe it would be fun to update the classic ones a section at a time. I'll have to google around to see what other people are doing. I might able to be convinced to write up something. Or at least get UML up and running with different distros and test things. Hmm... I usually need the problem in front of me to get started. Just some thoughts, chris |
Thanks for your post Bastard23, but as I said in my reply to Tcaptain, it's not docs what I'm after. Not "technical documentation" like TLPD/SAG/NAG2 at least, but simple, step by step, "please hold my hand" type of texts, you know, like in "explain it to me like I'm a 4 yr old". Why? Because our audience includes newbies who could be totally bereft of any Linux/GNU knowledge.
If nothing else shows up (I don't hope so) then your idea of rewriting the old HOWTO's isn't that bad. It's just a lot of work. The work Markus1982 has put into publishing docs stems from his work securing ISP systems and working on adding to Debian docs. I wouldn't consider them NHF or PET material but rather TLDP. I'll keep your offer in mind. When the time comes we have to revise/write HOWTO's the capability to fast load distro's and test directions will definately be welcome. Cummon ppl, don't make me write a Security-for-Newbies HOWTO! My grasp of tone of voice is blisteringly bad and I'm suffering from Occam's Razor deficiency :-] |
unSpawn,
OK, I think I get you. Your looking for a newbie compliment to your "Security references" post. My second paragraph on was more general, me thinks :). This passwords page or this open ports page from the Redhat Security guide is kinda what I was looking at. I haven't read it all, but I don't know how you can get too much simpler. It is can be sparse on actual commands and the nmap page assumes at least a passing familiarity with the shell. Oh, and Redhat specific. You'd have to read the other guides first to be able to get everything if your starting out as newbie. You are looking for something simpler (or more explicit). Hmm... I keep my eyes open for good explanations and tutorials (a better word for what your looking for?) of security tools. Especially graphical tools. Have fun, chris P.S. I think I'm going to try out systrace since there is a linux version and the debian package. Here's a couple articles that talk about the BSD version, but everything should translate. Not newbie, but they give a pretty basic overview of what's going on (explain what a syscall is.) |
Thanks again for posting suggestions Bastard23,
I agree the RH manuals are a start, and I agree to the same "objections" you noted: "familiarity with the shell. Oh, and Redhat specific. You'd have to read the other guides first". Yes, I guess "tutorials" is the right word. Weird I didn't come up with that description myself :-] Come on, any more takers? Would be excellent if, after you get acquainted with Systrace, you where able to post some of your findings. |
(..)
|
Dunno if this is any good for you as a general intro, no security in it though :( :study: There seems to be a lack of very basic tutorials.
http://dbstreams.ca/mirrors/linux-newbie/ Jamie... |
Thanks for your suggestion Jamie, I even managed to find some security tips in it here and here but that's not enough to make the list I'm afraid.
There seems to be a lack of very basic tutorials. It would appear so. If no one is gonna show up with some tutorials I guess it's time something is done about it... |
Quote:
cheers Jamie... |
If you do decide to do something about it and want a proof reader/(pedantic) source of feedback then throw it in my direction.
Thnx man, I certainly will need that kind of support :-] Ok. If no one else adds some, that about wraps it up. I think it's time LQ takes a stab at producing a "Linux Newbie Security Tutorial". Any more people want to join in? It'll be an LQ group effort after all. Please post what you're part willing to contribute to, or what you think the "Linux Newbie Security Tutorial" should include, or whatever skills you're willing to offer. Note it's not mandatory to have 3xcellent wr1tin5 sk1llz, have guru status or be a security wiz to be able to join in. the most important thing to realize is the audience will be the uninitiated, the archetypical Linux Newbie. To give you an example of how we could proceed: - first discuss the main items and depth of the piece, - find any off-site ppl willing to contribute/review/validate (if we want to TLDP/PET/NHF it), - produce the framework and divvy up the parts to be written, - write, format, collate, - review rounds, discussion, (- get off-site approval if necessary for exports.) Please join in, please contribute and help your fellow LQ community members! |
Quote:
Quote:
As for what I can offer - uhm... Just some time, a reasonably good understanding of overall security and a good deal of linux experience. Quote:
Quote:
cheers Jamie... |
From the sounds of it what we need to produce is a reasonably high-level document that will ease people into a security-concious mindset; then they can investigate the low level stuff elsewhere.
Well said! What you offer in the first place is time and a helpfull attitude, and I value that more than anything else. As far as the mod group is concerned, I kinda hope we can see this as a mod group effort as well. Hell, it may even pave the way for collaboration on more HOWTO's and whatnot. What I can offer? Well, I know something about security on both sides of the fence and I got a few yrs Linux/GNU experience. My writing skills aren't as good as Kylie's implants are photogenic, but I kinda make up for that with basic project management skills to keep this from ending up in the bitbucket. Do you want to keep all this discussion in this thead or do you have plans to take it elsewhere? Heh. I was just asking Jeremy if he would be willing to chip in a temp mailinglist/forum. I recon that LQ must be a reasonably good place to get people who would be willing to translate a document if we manage produce one. Any offers? Good one! Please join in, please contribute and help your fellow LQ community members! |
Reading this thread (btw unSpawn, you are welcome, I just wish I had more to give you) I have to wonder if the topic of Security in Linux (or even windows) is something that CAN be tackled at the "clueless newbie" level (I don't want that to sound like an insult, I mean at the very very very beginner level).
In Windows is possible to have SOME "one-click" solutions like say...Zone-alarm so its easy to tell a relative who just got a new PC with a cable connection "Just download and install Zone-alarm" and "Get an anti-virus" and boom, they're on their way...it might not be perfect but its SOME protection. In linux tho, I think (I could be wrong, as in all things) that to tackle security when administering a new linux install requires a bit more understanding of the issues...in other words, I'm not sure you can get away with a really simple doc...although trying to write one sure sounds like an interesting challenge.... I'd volunteer but I still consider myself relatively newbie-ish that I might miss some important security points. unSpawn, a suggestion to you would be...why not get the whole LQ community in on this doc? Ie: Maybe we can all write/contribute to it and then all it'll need is an experienced hand to wrap it all up (GPLd of course lol) We could have it in this thread or something....like the optimizations thread but maybe more moderated? |
Thanks for volunteering Tcaptain!
I have to wonder if the topic of Security in Linux (or even windows) is something that CAN be tackled at the "clueless newbie" level Yes, that is a serious question. And that's why I opted for first discussing the topics we need to cover. In Windows is possible to have SOME "one-click" solutions (..) it might not be perfect but its SOME protection. Who says we can't have that in Linux? (*if* that is the right approach) why not get the whole LQ community in on this doc? Each and every LQ member is invited to join in. The "problem" with threads IMHO is that if they grow large they get unwieldy, then ppl start to loose focus. But let's see who will join our 'lil quest. I hope it will grow some, then early next week we should be able to decide how to procede. Please join in, please contribute and help your fellow LQ community members! |
I would like to see a simple explination of all the security lingo. http://iptables-tutorial.frozentux.n...-tutorial.html is a great iptables tutorial, but the lingo got to be so unbearable for me that I gave up. I have absolutely no knowledge of linux security so I can't help with the writing, but I'd be willing to walk through what was written to see if it was simple enough. :)
|
Thanks busbarn,
but I'd be willing to walk through what was written to see if it was simple enough. that will be helpfull. but the lingo got to be so unbearable for me that I gave up Care to share an example? Please join in, please contribute and help your fellow LQ community members! |
http://iptables-tutorial.frozentux.n...VERSINGGENERAL
These tables are good explanations, but it's too much info at once. Since nat and and dnat and tos are all new terminology for me, dealing with that and mangling and filtering all at once is sensory overload (especially when I'm trying to learn this after a long day of working with 6th graders!). http://honors.montana.edu/~jjc/easyt...tut/node2.html is a great tutorial--i really like how it's setup. It gives the info, some examples with explanations, and then an excercise. The ip tutorial has HUGE chunks of stuff before the reader can even practice it. Actually doing something is the best way to learn I think. Is that an okay example? |
On preview, busbarn, it's easy to forget what level of knowledge people have before they try things.
From the sounds of it what we need to produce is a reasonably high-level document that will ease people into a security-concious mindset; then they can investigate the low level stuff elsewhere. Well said! I second that. You need to have at least a passing understanding of how computers/networks work before you can go off and change things. You'd be running blind other wise. I mean, if you are editing you're PAM files, should you be explaining how pico or vi should be used? Or explain the relationship to the passwd file? I think somewhere between the two would be a good tutorial. There is going to have to be some investment by newbie before you can walk them through how PAM works, and what it means. And is PAM security, or just sys admin? If someone starts something, I'll definately help with the review. Once I wrap my head around the scope and verboseness, I'll give a go at writing a module. I have decent experience and knowledge of Linux/UNIX and am not afraid of learning what I don't. We aren't talking about a tome or anything right. Here's what I'm thinking: 1. Simple explaination of security, it's complexity, hardness, what is trust? Security is a process, not a product. 1a. Expected level of knowledge (to understand everything, not read.) Links to basic tutorials (shell, editing, sys admin, networking.) 1b. What to do if you don't understand something. 2. Knowing what is running on your system, keeping the system up to date, checking the logs. How to use google to figure out what you logs mean. More of a process, than specifics. 3. An explaination of authentication. Here I'm thinking of explaining passwords (plain text, encrypted, hashed, digests) and such things a public keys. May be a very small ssh tutorial. Links to other things such as Kerberos and such. 4. Encryption, maybe before auth? SSL/TLS. 5. An explaination of various services and why they should/shouldn't be exposed to the public. No r services. Firewalling. Appendix. A walkthrough of locking down a system. Perhaps bastille or something. Not much knowledge needed. Well, it's my first stab in the dark. I'm missing things. If the explaination doesn't go into too much detail/implementation, it should be newbie enough. Leave the details to the links. A list of links that do go into detail whould be nice. Maybe a page or two for each chapter. It seems like someone has already written this (or should have), just need to find it. I think 2 would be the most important, so the reader can jump off from there. (Not that teach someone to teach themselves is easy) Thoughts? Would be excellent if, after you get acquainted with Systrace, you where able to post some of your findings. OT, will do, but I think before I tackle systrace (haven't used it yet,) I'm going to try to write up an ethereal document. It's the way I debug a lot of network problems, and it would be nice to point them a something specific. I'm thinking links to basic networking/Ethernet/TCP/IP docs, explaination of how ethereal works, what it does. Then (for the long part) a couple of walk throughs of various protocols (icmp (just ping), http, dns, arp, telnet, TCP/UDP (with netcat)) and couple of walk throughs of when things go wrong (no link, wrong IP add., no dhcp, no dns). It's just that I've been meaning to write a newbie document on networking and how to solve networking problems (the process of.) It's been firing the neurons, we'll see if it fires up the electrons. Have fun, chris P.S. "simple explaination ... it's complexity", I'm diggin' my self a hole here. Or as Einstien said (paraphasing perhaps) "Make it simple, just not too simple" |
Scanning this thread I don't see that anybody's mentioned the "Linux Rute User's Guide," available at
http://www.icon.co.za/~psheer/book/index.html.gz It seems to me very thorough and clear. I don't know if it fits the "4-year-old" criterion, but it's sure easier to understand than a lot of the texts out there. This is a very, very worthwhile project. Best of luck. I hope it will lead to enabling me to understand iptables! :-) |
Quote:
Another stumbling block to a "simple" security doc (ie: explain the basic steps and theorize elsewhere) is that in linux, a zillion things can be different on every install...so you can't have a list like this: 1 - push button a 2 - enter X in slot B etc...simply because each linux install differs from distro to distro (heck, it can differ a LOT WITHIN a distro!!!!). The only way to get around that is HAVING to explain the fundamentals so that the process and theory are understood enough to let the users figure out the particulars... (Example from experience, I'm training a newbie in my department, she's a new programmer analyst and is causing me serious headaches because she's so completely hung up on her step by step notes! Basically when I try to show her a process that I do to acccomplish whatever...she writes EXACTLY what I do...but I have to tell her that she needs to focus on WHAT is going on rather than the list of steps because unexpected things happen so often...and sure enough, when they do, she's lost because its not on the list...whereas if she understood the PROCESS or the theory, she'd be able to work around problems....not sure if I'm getting my point across...hope so). Continuing my example from earlier in Windows...its easy to do this in windows because one install doesn't really vary from one to the next....whereas in linux, the differences can be quite huge. |
Busbarn: Yes I think the concept is something we can work with: always follow "theory" with some example (where applicable of course).
Bastard23: You need to have at least a passing understanding of how computers/networks work before you can go off and change things. You'd be running blind other wise. I think that is one of the lowest common denominators we can find, but it's good to actually have an idea of what those skills can be. I think if a basic vi explanation of delete, insert, save doesn't stick, we're doomed. Thanks for volunteering as well, btw. I think from your list I would scrap only the detailed stuff like TLS and encryption. I think a reference would do. Remember we gotta make it short 'n sweet. In pages I'm thinking about 10 max. Jonr: thanks for contributing. I think Rute is definately a good resource: for referring *to*. Ifthey want/need hex, they can find it there (for instance). Tcaptain: you're drawing IMHO the right conclusion: we're only touching fundamentals here. The example you gave is something you see the results of everywhere where people aren't comfortable with handling processes they don't master yet. You're right if you're saying that that needs to be one of the (subliminal) messages we need to send: it takes just a little bit of reading and practice. To you all who volunteered already I hope you view yourself as responsable for this thread, your shared idea's and where it is going. With your input in mind I'd like to start discussing the number of, width and depth of the topics starting next monday (but if you can't wait: go ahead, BMG). *If anyone strongly disagrees with anything said in this thread, idea's, approach, whatever else, I invite you to make your voice heard. This is an open discussion and constructive, positive criticism is welcome, just make sure to explain it clearly. Please join in, please contribute and help your fellow LQ community members! |
Busbarn: Yes I think the concept is something we can work with: always follow "theory" with some example (where applicable of course).
Bastard23: You need to have at least a passing understanding of how computers/networks work before you can go off and change things. You'd be running blind other wise. I think that is one of the lowest common denominators we can find, but it's good to actually have an idea of what those skills can be. I think if a basic vi explanation of delete, insert, save doesn't stick, we're doomed. Thanks for volunteering as well, btw. I think from your list I would scrap only the detailed stuff like TLS and encryption. I think a reference would do. Remember we gotta make it short 'n sweet. In pages I'm thinking about 10 max. Jonr: thanks for contributing. I think Rute is definately a good resource: for referring *to*. If they want/need hex, they can find it there (for instance). Tcaptain: you're drawing IMHO the right conclusion: we're only touching fundamentals here. The example you gave is something you see the results of everywhere where people aren't comfortable with handling processes they don't master yet. You're right if you're saying that that needs to be one of the (subliminal) messages we need to send: it takes just a little bit of reading and practice. To you all who volunteered already I hope you view yourself as responsable for this thread, your shared idea's and where it is going. With your input in mind I'd like to start discussing the number of, width and depth of the topics starting next monday (but if you can't wait: go ahead, BMG). *If anyone strongly disagrees with anything said in this thread, idea's, approach, whatever else, I invite you to make your voice heard. This is an open discussion and constructive, positive criticism is welcome, just make sure to explain it clearly. Please join in, please contribute and help your fellow LQ community members! |
:D Uh- I thought it took at least a 6 year old to administer a computer. 4 year old people have no trouble using the mouse, but you have to spell the words for them in order for them to use the keyboard. :rolleyes:
I learned lots of stuff from these: How To Ask Questions The Smart Way O'Reilly's Living Linux articles Doing things in GNU/Linux The Linux Cookbook Linuxplanet Tutorials The NHF's - uh :cry: The Help Files Library And the usual suspects in my sig. |
Quote:
|
One thing that I have seen a movement toward are the GUI programs which new comers to Linux are wanting to use to setup their firewall or router.
While these may be good for some people they can complicate things in a way by concealing what's actually going on with the firewall rules. Is this "Security Tutorial" going to support the use of these GUI's, or would it deal directly with rules and what they are meant to accomplish? Or would it be more general in the way of pointing out a need for certain securities to be in place without actually defining the details ? I guess eventually it would need to be developed to cover everything, or at least have references to existing howtos for each topic. Is it also to include, physical security matters. These are merely discission topics, which need to be discussed, not necessarily to be taken as questions. |
I agree that GUI programs often mess up things and produce errors that wouldn't occur if you would have done everything yourself.
|
Quote:
cheers Jamie... |
Fancypiper: thanks. Both the "Cookbook" and "Doing things" should make for worthy Rute-class docs to refer to.
DavidPhillips: IMHO if we gonna handle GUI's we'll likely end up somewhere up an excrement-filled waterway. GUI's are one of the distro's added value thingies so none will function alike. I agree being able to read a script and use the cmdline would be an advantage. Besides that install/post-install GUI's will be modifying some files (like Nss/resolv/PAM for example), so it'll not be like we need them to create (much) stuff from scratch. I would not object on explaining "generic" GUI's like Webmin but that ain't exactly newbie material, innit? I think we should be able to explain the security basics, which basic steps to take, be as distro-neutral as possible, don't force 'em to use the CLI and for in-depth nfo refer to LQ, references and the D-word. DavidPhillips/markus1982: I didn't notice you ppl volunteering? Please join. I certainly could use your knowledge... Jharris is IMHO right about physical security. If we look at the "common mistakes" that should not be a priority for now. If I where to forecast next week: If you could think about a list of fundamentals we should include, then monday (I won't be around much the next few days) we could begin that discussion more focussed and add some structure. Should we build our doc starting with the highest priority items? Or try to be complementary to their install process? Other ways? If we all agree then we could be able to go into details after that, then draft up the framework, divide, conquer before next weekend... In the meanwhile I'd like to thank you all for the contributions you made already. |
Hmmm fundamentals..
Maybe the ways that your system can be taken over or messed with from someone outside? I think that would be a great place to start...outline the dangers as it were...and then outline the solutions to each (or at least general practices to protect against these vectors) ie: - trojan executables (this would require some sort of intro to user IDs and file permissions) - root exploits (or would that go under the same heading as trojans?) - insecure daemons Maybe what it means to firewall a system? I find a lot of newbies don't know about it...they can visualize a wall, but I've known some people who have avoided installing firewalls because "they don't want to be blocked off the net". just spitballing here. |
I will help as much as I can, my time is limited for the next couple of weeks.
In regard to physical security it could be very basic. The thing that comes to mind for me is that any box can be stolen. Gaining root access and changing a users password is trivial. This brings up the point of do you store sensative data, passwords, bookmarks to your bank, online broker, paypal with cached unencrypted passwords, email clients , etc. Also the thought of recovery from loss in the event of theft, fire. Offsite backups, etc. Is your laptop with your cached passwords left laying on your car seat while you go into Wal-Mart? |
I just remembered another good guide.
K12 Linux Network Administration Course This course will take you through several server management tasks. The skills you need to be a Linux server administrator will be learned in the context of these tasks. We've tried to select the most important and most useful tasks with a goal of learning basic unix skills in context. As you move from task to task your unix skills will grow and you will learn more about the Linux operating system. Each task will have a "Unix Commands" section and a "Tips & Tricks" section. These may be referenced in the index at any time. You may add to "Tips & Tricks" and provide feedback throughout the course. It has a good security section. |
Just a note, what would be the focus of this document? The newbie home user? Or something for the office?
The only reason I ask is because a lot of security books focus a good chunk on tightening physical security (ie: bios passwords, locking doors to servers etc) and I figure for a home user that stuff is basically useless...but essential for an office admin.. I know I pretty much skipped those chapters til I was bored one day...I mean I don't admin an office network and never will (I'm a programmer analyst, promotted this week to systems analyst) but I do administer a nice network at home...which if I locked it up would mean getting beat over the head by my SO :D |
I think whatever the focus, physical security should be touched upon. For example, one of my computers allows the user to bypass the BIOS password by changing a DIP switch on the motherboard. Which means any intruder with access to the motherboard could do the same, if he/she knew the switch to alter. Which means that the BIOS password is far from foolproof.
|
Well that's true...but lets face it, at home do you really have to worry about someone physically hacking the machine?
Well I guess if you have a pain in the butt little brother or something.... I mean how many people break into a house to hack? (As opposed to just ripping off the PC and selling it?) |
Quote:
|
In all honesty, if there's a section titled "Lock down your home pc so if it get stolen out of your home and sold on the black market, nobody can access" would make me roll my eyes at the stereotypical ultra parania of computer geeks. I just don't think it's needed for an ultra newbie documentation.
|
simple question
Well Ive been looking through all of the links that you have posted at the top of the security forum and there is just too much information there for me to digest. I am looking forward to reading this security HOW TO for newbies when you finally get it written.
|
Oh so I guess my question would be: When do you anticipate getting something like that finished? Please dont feel like I am trying to put on the pressure or anything. I am just wondering. Oh, and if I could help out somehow by say editing or something, let me know. Keep in mind though, that I am a TOTAL newbie at this Linux stuff.
|
I would be interested in helping. Proofreading, trying different methods,
input from a newer linux user. Have the time to help right now so let me know what I can do. |
To all of you who posted wrt physical security, and especially DavidPhillips who reminded me of my own "laptop days" at a large international (thnx for reminding me), if we look at single-user home boxen it doesn't make that much sense unless you're paranoid, but if we look a bit further at ppl sharing a box in a dorm or house, laptop users and more of those situations, I think we should include a piece about physical security. Raising awareness is a good thing. Security, a state of *awareness*, after all, being.
Fancypiper: thnx for the K12 link. Even tho it isn't awfully verbose it looks like a good checklist to use. DavidPhillips, Kroenecker and twilli227: thanks for joining. All help will be usefull somehow. Kroenecker: don't worry. Pressure is a good thing as long as it stays at the "positive stress" levels... As for fundamentals let's discuss* dividing it in three main area's: I. filesystem, what: users/groups, kernel/modules, (extended) permissions, bootloader, partitioning, physical sec, integrity. How: find (suid/sgid), lsattr, modutils, psutils, lsof, (Aide, Samhain etc etc). II. users, what: root user, (privileged) system users, human users, processes, authentication, (resource) limits, logging. How: w, last utils, sa, psutils, lsof, (logwatch, Tiger, lsat, env_audit?). III. networking, what: services, sharing, serving, fw basics (ex (D|S)NAT?), sysctl, TCP Wrappers, authentication, IDS basics. How: Netfilter, netstat, lsof, chkrootkit, (nmap, nessus, tcpdump, Snort, Lsat?). *I mean, this is possibly not how we should introduce it to newbies if we don't want to get entangled in a web of explanations, but more of an inventory. Each item in an area should be made subject to these three questions: what, how and why. IMHO especially the "why" part will be important because providing good reasons will give them the power to decide which parts to implement right away and what the user would benefit from that. I think we should also end with an "Did you know?"/FAQ part. That would also allow us to place any items we can't categorize. Just my 2 sheep goin astray. |
If you're new to this thread plz first read the *whole* thread.
Hmm. No one in for a 'lil bit of discussion? Doesn't have to be a heated debate, but I sure could do with some feedback... Please join in, please contribute and help your fellow LQ community members! |
I feel that using those three key words is a good way to break up each subject. And including a misc. type category (Did you know?) helps to deal with any leaks. I think that the next big step has to be agreement upon what falls into what category. I am a total newbie, but where does doublechecking the status of your system fall? Would that be in filesystems? If that sort of thing is already included in the list above, I have simply revealed my ignorance. Sorry:) Maybe that is a part of integrity. Maybe that spans more than one. That of course, will be the key. Regardless, someone with the knowhow should put up what they feel is a comprehensive list concerning each of the three categories. Then those people in the know can really evaluate whether or not the three categories above genuinely can be separated and worked on by three groups of individuals. That's what I think should naturally follow.
If you ask me, it looks good. |
I would be willing to proof read and actually setup a system using this.
If I had a how-to (tutorial) on something. Who would I send it to, to have it looked at? |
Kroenecker: thanks for thinking out loud (kinda reminds me of usability testing), it sure helps to see how newbies look at it to help us decide if we gotta realign stuff. For now I wouldn't worry about which goes where, it's just that I'm trying to get an idea of completeness.
Tangle: thanks for joining! Having some people do an actual install following the tutorial will be the final (and very necessary) test. If we get this project moving on, that point could be reached in about two, max three, weeks I guesstimate. In the meantime, if you find any docs not already mentioned in this thread that are about security AND look like written with newbies in mind, then I would appreciate it if you post the link. --- Please join in, contribute and help your fellow LQ community members! If you're new to this thread plz first read the *whole* thread. |
Random thought:
Elementary security would start with disabling un-needed services before connecting to a network/internet, I would think. 1. How would a newbie find out what services are running? I am sort of lost for command line tools for Redhat, Mandrake and the "newbieized distros" seem to have changed their service daemon files and strange new scripts are appearing in old plain text config files. :scratch: Are there common command line configuration files that can be pointed to when the clickety-clicky breaks? I seem to be getting more and more lost with the changes those distros have made. 2. How would the newbie turn off those services and know what ones to leave on? That was my major puzzle untill I installed Gentoo. That is the only distro I feel real comfortable with now and I hesitate to recommend it to newbies because of today's instant grattitude attitude. I made a rhyme! :) |
Elementary security would start with disabling un-needed services before connecting to a network/internet, I would think.
Yes, I thought about that too. If I transmogrify that thought to the tut setup, it would mean having a pre-install, installtime and post-install division? I am sort of lost for command line tools (..) I spose you mean apps like "chkconfig"? Good point. CLI service apps. How would the newbie turn off those services and know what ones to leave on? That was my major puzzle untill I installed Gentoo. Ok, how do they fix that problem then? Are they SYSV compatible? (I'd think so) Hell, even Slack has got SYSV compatibility :-] I think we could well post a list of services, how to recognize 'em and how to shut them down for both SYSV and BSD-stylee distro's. Next thing to worry about then would be what it would break :-] |
| All times are GMT -5. The time now is 12:49 AM. |