|
|
| (111 intermediate revisions by 19 users not shown) |
| Line 1: |
Line 1: |
| − | == Security ==
| + | {{header|docs}} |
| | | | |
| − | This section highlights various security items from Fedora.
| + | {{Docs_beat_closed}} |
| | | | |
| − | === Security Enhancements ===
| + | [[Category:Docs Project]] |
| − | | + | [[Category:Draft documentation]] |
| − | Fedora continues to improve its many proactive security features.
| + | [[Category:Documentation beats]] |
| − | | |
| − | http://fedoraproject.org/wiki/Security/Features
| |
| − | | |
| − | === SELinux ===
| |
| − | | |
| − | The SELinux project pages have troubleshooting tips, explanations, and pointers to documentation and references. Some useful links include the following:
| |
| − | | |
| − | * New SELinux project pages: http://fedoraproject.org/wiki/SELinux
| |
| − | * Troubleshooting tips: http://fedoraproject.org/wiki/SELinux/Troubleshooting
| |
| − | * Frequently Asked Questions: http://docs.fedoraproject.org/selinux-faq/
| |
| − | * Listing of SELinux commands: http://fedoraproject.org/wiki/SELinux/Commands
| |
| − | * Details of confined domains: http://fedoraproject.org/wiki/SELinux/Domains
| |
| − | | |
| − | === SELinux Enhancements ===
| |
| − | | |
| − | Different roles are now available, to allow finer-grained access control:
| |
| − | | |
| − | * <code>guest_t</code> does not allow running <code>setuid</code> binaries, making network connections, or using a GUI.
| |
| − | * <code>xguest_t</code> disallows network access except for HTTP via a Web browser, and no <code>setuid</code> binaries.
| |
| − | * <code>user_t</code> is ideal for office users: prevents becoming root via <code>setuid</code> applications.
| |
| − | * <code>staff_t</code> is same as <code>user_t</code>, except that root-level access via <code>sudo</code> is allowed.
| |
| − | * <code>unconfined_t</code> provides full access, the same as when not using SELinux.
| |
| − | | |
| − | Browser plug-ins wrapped with <code>nspluginwrapper</code>, which is the default, are confined by SELinux policy.
| |
| − | | |
| − | === Security Audit Package ===
| |
| − | | |
| − | '''SecTool''' provides users with a tool that can check their systems for security issues. There are libraries included that allow for the customization of system tests. More information can be found at the project home:
| |
| − | | |
| − | https://fedorahosted.org/sectool
| |
| − | | |
| − | === General Information ===
| |
| − | | |
| − | A general introduction to the many proactive security features in Fedora, current status, and policies is available at http://fedoraproject.org/wiki/Security.
| |
| − | | |
| − | {{:Docs/Beats/Security/FreeIPA}}
| |
