the-practical-linux-hardening-guide icon indicating copy to clipboard operation
the-practical-linux-hardening-guide copied to clipboard

Published 20 hours ago verified publisher icon trimstray

Please add references

Open CAFxX opened this issue 6 years ago • 5 comments
trafficstars

I always think that checklists such as this -i.e. especially security-oriented ones- would be much more useful, as they would let you learn the why behind the how, if they provided authoritative references to their assertions.

Let's take a concrete example: https://github.com/trimstray/the-practical-linux-hardening-guide/blob/daf846aab98f0bdafd32acf398589b7468c42a74/README.md#eight_pointed_black_star-secure-proc-filesystem

The proc pseudo-filesystem /proc should be mounted with hidepid. When setting hidepid to 2, directories entries in /proc will hidden.

When I read this, I immediately have the following questions:

  • Why should I do this? (I guess in this case the question could be phrased "Why is it important to hide the directory entries in /proc?")
  • Is there a consensus in the Linux community that this is a sane thing to do? If there's a consensus, why it's not the default?
  • What can happen if I don't?
  • What happens if I do? Do I gain/lose functionality (or performance, or what have you)?
  • What's the meaning of the parameter 2? Are there other possible values? Why should you choose 2 specifically instead of a different value (w.r.t. to the goal stated in the first point)?

I'm not arguing you should provide an explicit answer to all of the above (it wouldn't be a checklist anymore...). I am just arguing such a checklist would become much more useful and credible if it at least included links to authoritative sources that justify[1] the items on the checklist.

Just my 2 cents, keep up the good work!

[1] at least for non-obvious points; e.g. I don't think you need to justify "forcing the use of strong passwords"

CAFxX avatar Jan 24 '19 23:01 CAFxX

It's a great idea!

This project is still, hmm... at an early stage of development. There are a lot of things to add and improve.

I'll certainly take your suggestion into this. Thank you very much for every support and criticism.

trimstray avatar Jan 25 '19 13:01 trimstray

A bit of a newbie to open source, but I wouldn't mind looking into this and starting to add some references. Do I have your clearance to proceed?

EternalLearner42 avatar Jan 26 '19 03:01 EternalLearner42

@EternalLearner42 : yes please :+1:

trimstray avatar Jan 26 '19 07:01 trimstray

Alright, I'll get to work. As this is my first issue, I might take a while to get a hang of git. Please be patient

EternalLearner42 avatar Jan 26 '19 16:01 EternalLearner42

There. As I state in the PR, I was unsure what exactly to reference in the later stages of the document.

I submit this more as a way to see if these changes are to your liking than as definitive addition to this project.

Go ahead and tell me what you think and what you'd like to change in the future.

EternalLearner42 avatar Jan 26 '19 20:01 EternalLearner42