Konstantin Ryabitsev
9ebcdf3b75
Minor tweaks and take out of BETA
...
Protecting code integrity is ready to go production.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-23 10:50:52 -05:00
Konstantin Ryabitsev
1d3b58d17a
Tweak some wording
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-18 16:41:38 -05:00
Konstantin Ryabitsev
7c7477f20c
What is git PGP integration trying to solve?
...
Per question in #28 , explain why git and pgp integration are useful.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-18 16:32:31 -05:00
Konstantin Ryabitsev
126e4f0b5d
Add a note that cp on sockets will fail, but is ok
...
Per issue #25 .
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-18 08:32:17 -05:00
Konstantin Ryabitsev
8a9d547d3e
Explain why master key is 4096 bits
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-18 08:28:38 -05:00
Konstantin Ryabitsev
d859f24c82
Merge pull request #26 from henrich/master
...
Add GPG4Win installation for Windows Platform
2017-12-18 08:15:17 -05:00
Hideki Yamane
f302bf3478
Add GPG4Win installation for Windows Platform
2017-12-17 13:22:56 +09:00
Konstantin Ryabitsev
e836303976
Merge pull request #24 from ftheile/patch-1
...
Use `--homedir` consistently
2017-12-15 13:53:54 -05:00
Frank Theile
1c36837f07
Use --homedir
consistently
2017-12-15 18:16:41 +01:00
Konstantin Ryabitsev
304cd46a38
Merge pull request #23 from ftheile/patch-2
...
Master key backup: use consistent mount point in all examples
2017-12-15 09:20:28 -05:00
Konstantin Ryabitsev
eaf82430cd
Merge pull request #22 from ftheile/patch-1
...
Always use `~` instead of `$HOME` for consistency
2017-12-15 09:20:01 -05:00
Frank Theile
3162817e7c
Master key backup: use consistent mount point in all examples
2017-12-15 08:53:25 +01:00
Frank Theile
6c208d9583
Always use ~
instead of $HOME
for consistency
2017-12-15 08:15:11 +01:00
Konstantin Ryabitsev
790759787e
Typo and wording fixes
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-14 15:08:16 -05:00
Konstantin Ryabitsev
e44163234d
Add TRANSLATIONS file
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-14 14:28:01 -05:00
Konstantin Ryabitsev
1501d8869d
Set status CURRENT/BETA/OUTDATED
...
Need to mark that the protecting-code-integrity document is not quite
ready to be called final product.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:44:35 -05:00
Konstantin Ryabitsev
eafaf6ccc1
Tweak verbiage
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:37:41 -05:00
Konstantin Ryabitsev
501e4ceb88
Remove the zh_CN translation
...
It's obsolete and I have decided not to track these in the same repo.
Please publish your own forks with translated documents and I will
create a translations.md file with links.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:18:09 -05:00
Konstantin Ryabitsev
3148a35dda
Add U2F section and tweak wks-security doc
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:16:44 -05:00
Konstantin Ryabitsev
34233e9d81
Move to protecting-coide-integrity
...
Largely finishes the document -- will work on updated content in
"trusted team communication" and by reviewing the workstation security
guide.
We need at least a basic workstation security guide for the Mac systems.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-12 16:54:03 -05:00
Konstantin Ryabitsev
9d61a13f1c
Edits and a privacy note for keyservers
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-11 14:07:21 -05:00
Konstantin Ryabitsev
f35667dddc
Add large chunk of git+pgp content
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-08 17:18:53 -05:00
Konstantin Ryabitsev
62815ea38e
Largely finish the PGP/smartcard section
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-07 15:53:50 -05:00
Konstantin Ryabitsev
a93d12f80a
Add more GnuPG bits
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-06 17:07:14 -05:00
Konstantin Ryabitsev
c51f664e8e
More base PGP work
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-05 16:37:05 -05:00
Konstantin Ryabitsev
526b138907
Start on Developer Security Hygiene
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-04 16:46:02 -05:00
Konstantin Ryabitsev
b5b0034191
Remove GrSecurity/PAX and trim down SELinux
...
Now that GrSecurity/PaX are no longer available for free download, it is
almost impossible to get it without paying significant amounts of money.
Remove them from the recommendation, but mention that it remains a
viable option for anyone who has a subscription.
Additionally, trim down the SELinux section to remove the detailed
instructions on audit2allow and staff_u. Such details are probably
best suited for a dedicated document.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-11-15 15:47:42 -05:00
Konstantin Ryabitsev
9cbd84f07d
Add Intel ME recommendation (closing issue #12 )
...
Preparing for end-of-2017 update to the recommendations.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-11-13 19:24:16 -05:00
Konstantin Ryabitsev
8f1b807f37
Merge pull request #18 from ronignc/master
...
Corrected the URL for Fedora Security Guide
2017-09-12 16:02:33 -04:00
ronignc
b4e1828b46
Corrected the URL for Fedora Security Guide
2017-09-12 13:31:14 -03:00
Konstantin Ryabitsev
cdfc1d246e
Update a handful of recommendations for early 2017
...
Largely the same stuff, but modify a few recommendations and add a
couple of other ones. See CHANGELOG.md for complete details.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-01-22 17:33:28 -05:00
Konstantin Ryabitsev
424aa0316d
Merge pull request #15 from wyangsun/patch-1
...
Create linux-workstation-security.zh_CN.md
2015-12-24 10:06:07 -08:00
KS
b94a5d4f0a
Merge pull request #1 from mricon/patch-2
...
Rename to linux-workstation-security.zh_CN.md
2015-12-18 10:53:04 +08:00
Konstantin Ryabitsev
1293fac4fc
Rename linux-workstation-security in Chinese.md to linux-workstation-security.zh_CN.md
...
Let's use locale names.
2015-12-17 10:21:17 -05:00
KS
5b8592858f
Create linux-workstation-security in Chinese.md
...
This document is very nice , I have translated it into Chinese. ^.^
2015-12-17 21:37:41 +08:00
Konstantin Ryabitsev
855099a721
Merge pull request #13 from mopsfelder/master
...
Fix typo in semanage command
2015-09-25 09:58:06 -04:00
Murilo Opsfelder Araujo
56a7d0f9a6
Fix typo in semanage command
2015-09-24 23:02:50 -03:00
Konstantin Ryabitsev
0720d94443
Use less ambiguous language
2015-09-10 09:01:33 -04:00
Konstantin Ryabitsev
9b5d82de70
Merge pull request #11 from pdxmph/linuxcom_links
...
Add links to Linux.com Q&A
2015-09-03 13:03:07 -04:00
Mike Hall
dc66ec032a
Add links to Linux.com Q&A
...
This commit adds links to the Linux.com Q&A on the motivation behind
releasing these documents.
2015-09-03 09:18:50 -07:00
Konstantin Ryabitsev
5a68aa9800
Reword target audience
2015-09-02 15:14:50 -04:00
Konstantin Ryabitsev
9bd419e531
Better state the intended audience
2015-09-02 15:11:30 -04:00
Konstantin Ryabitsev
d2a9893951
Clarify purpose
...
Make it clear that these are NOT official Linux Foundation policies,
just general-purpose policies adapted from those used internally by the
Linux Foundation IT.
2015-09-02 12:34:33 -04:00
Konstantin Ryabitsev
bbc17d8c69
Missed a _
2015-09-01 10:14:46 -04:00
Konstantin Ryabitsev
e0b54ea1ee
Content updates to address some criticism
...
- Use ESSENTIAL/NICE/PARANOID instead of CRITICAL/MODERATE/LOW/PARANOID
- Use GrSecurity/PaX uniformly
- Add a note on weak passphrases
- The browser you run in a VM does not have to be Chrome/Chromium
- Add a section on hibernating vs. suspending
2015-09-01 10:07:05 -04:00
Konstantin Ryabitsev
f87800736e
Mention encrypting the /boot partition
...
Closes #10
2015-08-31 10:05:01 -04:00
Konstantin Ryabitsev
5703c1796e
Make section on firewire be less opinionated
2015-08-28 16:23:49 -04:00
Konstantin Ryabitsev
5aa733cddc
Merge pull request #8 from SnakeDoc/patch-1
...
spelling fix
2015-08-28 13:06:31 -04:00
Jason Sipula
deb573e7b2
spelling fix
2015-08-28 10:04:30 -07:00
Konstantin Ryabitsev
760b743856
Merge pull request #5 from terrorbyte/master
...
Grsecurity provides RBAC, not PaX
2015-08-28 12:30:43 -04:00