Documentation Security Beat: Difference between revisions

Revision as of 07:03, 4 June 2014

Beat is open
This beat is now ready to have Fedora 25 content added by the beat writer

<title>Crypto Policy</title>

<para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems. Users that must meet certain cryptographic standards can make the policy change in <filename>//etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para>

<para>The available options are: (1) <literal>LEGACY</literal>, which ensures compatibility with legacy systems - 64-bit security, (2) <literal>DEFAULT</literal>, a reasonable default for today's standards - 80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that is believed to withstand any near-term future attacks - 128-bit security. These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para>

<para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para>

@@ Line 1: / Line 1: @@
-== Security ==
+{{header|docs}}{{Docs_beat_open}}
-This section highlights various security items from Fedora.
+<title>Crypto Policy</title>
-=== Security Enhancements ===
+<para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems.  Users that must meet certain cryptographic standards can make the policy change in <filename>//etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para>
-Fedora continues to improve its many proactive security features.
+<para>The available options are: (1) <literal>LEGACY</literal>, which ensures compatibility with legacy systems - 64-bit security, (2) <literal>DEFAULT</literal>, a reasonable default for today's standards - 80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that is believed to withstand any near-term future attacks - 128-bit security.  These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para>
-http://fedoraproject.org/wiki/Security/Features
+<para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para>
-=== SELinux ===
-The SELinux project pages have troubleshooting tips, explanations, and pointers to documentation and references.  Some useful links include the following:
+[[Category:Docs Project]]
+[[Category:Draft documentation]]
-* New SELinux project pages: http://fedoraproject.org/wiki/SELinux
+[[Category:Documentation beats]]
-* Troubleshooting tips: http://fedoraproject.org/wiki/SELinux/Troubleshooting
-* Frequently Asked Questions: http://docs.fedoraproject.org/selinux-faq/
-* Listing of SELinux commands: http://fedoraproject.org/wiki/SELinux/Commands
-* Details of confined domains: http://fedoraproject.org/wiki/SELinux/Domains
-=== SELinux Enhancements ===
-Different roles are now available, to allow finer-grained access control:
-* <code>guest_t</code> does not allow running <code>setuid</code> binaries, making network connections, or using a GUI.
-* <code>xguest_t</code> disallows network access except for HTTP via a Web browser, and no <code>setuid</code> binaries.
-* <code>user_t</code> is ideal for office users: prevents becoming root via <code>setuid</code> applications.
-* <code>staff_t</code> is same as <code>user_t</code>, except that root-level access via <code>sudo</code> is allowed.
-* <code>unconfined_t</code> provides full access, the same as when not using SELinux.
-Browser plug-ins wrapped with <code>nspluginwrapper</code>, which is the default, are confined by SELinux policy.
-=== Security Audit Package ===
-'''Sectool''' provides users with a tool that can check their systems for security issues. There are libraries included that allow for the customization of system tests. More information can be found at the project home:
-https://fedorahosted.org/sectool
-=== General Information ===
-A general introduction to the many proactive security features in Fedora, current status, and policies is available at http://fedoraproject.org/wiki/Security.
-{{:Docs/Beats/Security/FreeIPA}}

Search

Documentation Security Beat: Difference between revisions

Revision as of 07:03, 4 June 2014