Security Handbook

From Gentoo Wiki
Jump to:navigation Jump to:search
Security Handbook
Concepts
General Guidance
Boot Path Security
Information Security
Logging
Mounting partitions
User and group limitations
File permissions
PAM
Kernel security
Firewalls and Network Security
Securing services
Chrooting and virtual servers
Intrusion detection
Staying up-to-date
Warning
Much of the content of the Security handbook has not been modified since 2010 and may be a bit behind the times. Until further notice treat the content with caution.

The Security Handbook supplements the Gentoo Handbook and aims to provide valuable guidance on Gentoo Linux security and cybersecurity in general.

As with the Gentoo Handbook, this document is broken up into multiple sections. These are linked individually below and may be followed in-order; for convenience the all-in-one-page Security handbook may be found here.

This handbook is informed by industry best practice (e.g. the Australian Cyber Security Centre's Information Security Manual (ISM) and other similar documents).

It is important to note that cyber security is not a static field. As such, this handbook will be updated as new information becomes available and users are advised to check back regularly.

Contents

Introduction and theory

Security concepts
Important concepts to consider
General security guidance
Some general security guidance for those that want a TL;DR

Hardware security

Firmware security

Firmware security
Firmware security considerations.

Software security

Local

Staying up-to-date
Ensuring the latest security updates.
Boot Path Security
Security between the Boot ROM and the Linux Kernel
Mounting partitions
/etc/fstab provides many security options.
Kernel security
Instructions for securing the kernel.
Linux security modules
An overview of mandatory access control options.
User and group limitations
provides detail on controlling the system's resource usage of users via limits and quotas.
File permissions
Securing local files.
PAM
Pluggable Authentication Modules.

Remote

Firewalls and network security
A guide on packet filtering and network security options in the kernel.
iptables
nftables
Securing services
Help on ensuring system daemons are secure and controlling access to services.
Chrooting and virtual servers
Isolating servers.

Data and information security

Information Security
Keeping data secure

Logs and auditing

Logging
Choose between (at least) three different system loggers.
Intrusion detection
How to discover if intruders have entered a system.

This page is based on a document formerly found on our main website gentoo.org.
The following people contributed to the original document: Kim Nielsen (author), John P. Davis (editor), Eric R. Stockbridge (editor), Carl Anderson (editor), Jorge Paulo (editor), Benny Chuang (editor), Sune Jeppesen (editor), Tiemo Kieft (editor), Zack Gilburd (editor), Dan Margolis (editor), and ) on April 2, 2010.
They are listed here because wiki history does not allow for any external attribution. If you edit the wiki article, please do not add yourself here; your contributions are recorded on each article's associated history page.