From Fedora Project Wiki

(format-security)
 
(15 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{header|docs}}{{Docs_beat_open}}
+
{{header|docs}}
  
== Crypto Policy ==
+
{{Docs_beat_closed}}
 
 
<para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems.  Users that must meet certain cryptographic standards can make the policy change in <filename>//etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para>
 
 
 
<para>The available options are: (1) <literal>LEGACY</literal>, which ensures compatibility with legacy systems - 64-bit security, (2) <literal>DEFAULT</literal>, a reasonable default for today's standards - 80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that is believed to withstand any near-term future attacks - 128-bit security.  These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para>
 
 
 
<para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para>
 
 
 
== systemd PrivateDevices and PrivateNetwork ==
 
Fedora is now more secure, as many long-running '''systemd''' services now run with physical device access and/or network access turned off. See [https://fedoraproject.org/wiki/Documentation_System_Daemons_Beat#systemd_PrivateDevices_and_PrivateNetwork] (NOTE:xref)
 
 
 
== Format Security ==
 
 
 
Starting with Fedora 21, all packages built by GCC will compile with the flag *-Werror=format-security* .  While this change has no user-visible change, it represents a substantial effort by Fedora packagers to protect your system from an entire class of vulnerability.
 
 
 
You can learn more about the security issues mitigated by Fedora's defensive security practices at https://fedoraproject.org/wiki/Format-Security-FAQ
 
  
 
[[Category:Docs Project]]
 
[[Category:Docs Project]]
 
[[Category:Draft documentation]]
 
[[Category:Draft documentation]]
 
[[Category:Documentation beats]]
 
[[Category:Documentation beats]]

Latest revision as of 01:33, 20 September 2016

DocsProject Header docTeam1.png


Warning.png
Beat Closed on Wiki
Work on beats has now moved to git at https://pagure.io/fedora-docs/release-notes. If you have changes or additions, please contact the docs team via #fedora-docs, docs@lists.fedoraproject.org, or with the release-notes BZ component.