Security: Difference between revisions

From SprezzOSWiki
(Created page with "The fewer security mechanisms, the cleaner the design. We believe the majority of useful security automations (outside of a Mandatory Access Control environment) best achieved...")
 
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 2: Line 2:


==Removed Technologies==
==Removed Technologies==
* Kerberos
* SELinux
* SELinux
* TCPWrappers
* TCPWrappers
==Root account==
By default, the root account cannot directly log in. This can be changed post-install with <tt>sudo passwd</tt>, but is discouraged.
==Sudo==
The user created during SprezzOS installation will be added to the <tt>sudo</tt> group, which requires no password by default:<pre>%sudo  ALL=(ALL:ALL) NOPASSWD:ALL</pre>
To add an arbitrary user U to the <tt>sudo</tt> group, run<pre>sudo usermod -G sudo -a U</pre>
{{Handbook}}
[[CATEGORY: SprezzOS Manual]]

Latest revision as of 17:34, 27 March 2013

The fewer security mechanisms, the cleaner the design. We believe the majority of useful security automations (outside of a Mandatory Access Control environment) best achieved via a combination of IPTables, POSIX file-based capabilities, seccomp and virtualization. As a result, several technologies have been deprecated in SprezzOS, as it is felt they served only to complicate the security landscape.

Removed Technologies

  • SELinux
  • TCPWrappers

Root account

By default, the root account cannot directly log in. This can be changed post-install with sudo passwd, but is discouraged.

Sudo

The user created during SprezzOS installation will be added to the sudo group, which requires no password by default:

%sudo   ALL=(ALL:ALL) NOPASSWD:ALL

To add an arbitrary user U to the sudo group, run

sudo usermod -G sudo -a U

{{#switch:|subgroup|child=|none=|#default=

}}{{#if:The Woefully Incomplete SprezzOS Handbook (bold indicates content)|{{#if:|<th scope="col" style="border-left:2px solid #fdfdfd;width:100%;|}}{{#if:|{{#if:The Woefully Incomplete SprezzOS Handbook (bold indicates content)|}}}}{{#if:* Why SprezzOS?}}{{#if:|}}{{#if:Meta|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|{{#if:|}}}}{{#if:* Booting}}{{#if:Environments|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:* Firmware
  • Power Management
  • Storage
  • Printing
  • Sound
  • Graphics
  • Networking|{{#if:The Woefully Incomplete SprezzOS Handbook (bold indicates content)* Why SprezzOS?
  • Getting help
  • Release Model
  • Man pages
  • FAQ* Booting
  • Installation
  • The shell environment
  • The desktop environment|
    • }}{{#if:Hardware|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:* Kernel
  • APT
  • Development
  • Debugging
  • Fonts
  • Webservers
  • External software|
    • {{#if:Software|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:* Security
  • Job scheduling
  • Benchmarking
  • Health/Testing
  • Remote access|
    • {{#if:Admin|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:Consult further resources from among Debian documentation.|{{#if:The Woefully Incomplete SprezzOS Handbook (bold indicates content)* Why SprezzOS?}}}}
    {{#if:{{#switch:|plain|off=1}}{{#if:Handbook||{{#switch:|subgroup|child|none=1}}}}|{{#ifeq:|off|{{#ifeq:|plain| }}|{{#ifeq:|plain|| }}}}|{{#if:Handbook||Error: No name provided}}{{#ifeq:|plain| }}}}
    The Woefully Incomplete SprezzOS Handbook (bold indicates content)
    {{{above}}}
    {{{imageleft}}}
    		Meta
    Environments
    Hardware
    Software
    Admin
    {{{group6}}}
    {{{list6}}}
    {{{group7}}}
    {{{list7}}}
    {{{group8}}}
    {{{list8}}}
    {{{group9}}}
    {{{list9}}}
    {{{group10}}}
    {{{list10}}}
    {{{group11}}}
    {{{list11}}}
    {{{group12}}}
    {{{list12}}}
    {{{group13}}}
    {{{list13}}}
    {{{group14}}}
    {{{list14}}}
    {{{group15}}}
    {{{list15}}}
    {{{group16}}}
    {{{list16}}}
    {{{group17}}}
    {{{list17}}}
    {{{group18}}}
    {{{list18}}}
    {{{group19}}}
    {{{list19}}}
    {{{group20}}}
    {{{list20}}}
    Consult further resources from among Debian documentation.
    {{#switch:|subgroup|child=
    |none=|#default=

    }}{{#ifeq:|Template|{{#ifeq:|child||{{#ifeq:|subgroup||{{#switch:security 

    |doc
|sandbox
|testcases =
|#default = {{#switch:
 |plainlist
 |hlist
 |hlist hnum
 |hlist vcard
 |vcard hlist = 
 |#default = hlist
 }}
}}

    }}}}}}

    Retrieved from "https://www.sprezzatech.com/wiki/index.php?title=Security&oldid=1379"