[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux vs. NT Security contest

> I for one, would like to see manual pages improved so that these
> things more obvious to newbies.  Security considerations for packages
> should be listed at the top or bottom of relevant man pages.
> Some developers in our group have been doing so recently for programmer
> type manuals, like mktemp(3), strcpy(3), sprintf(3), fgets(3) and such.
> I think it would be really cool if people out there started sending us
> suggestions for relevant notes we should be adding to the man pages
> for various daemons.

How many similarities are there between the various daemons?  I'd like
to work on this, but I'm not sure I'm qualified.  If the same concerns
tend to pop up over and over again, I could probably pick it up.  I'd
be happy to do clerical work on a project to update the man pages
though -- I could maintain a list of pages that need work, and set up
a web page where people could look at proposed changes.

Is there any interest in more HOTWO style documentation?  As a newbie,
this is the kind of documentation that I'd like to see.  I haven't run
into anything that's terribly daunting so far, but for someone who
hasn't spent a fair amount of time with unix some of this stuff might
be a little terse.

I think it would be very cool to see things like an IPsec HOWTO, an
AFS HOWTO, an intrusion detection HOWTO, etc.  Actually, I think it
would be very cool to write those, if people would put up with my
stupid questions, and point out my mistakes.  Even something simple
like a HOWTO on laying out filesystems and dealing with disk
partitions would probably be helpful for newbies.

Another class of documentation that might be helpful would be
something that tries to convey the philsophical perspective you need
to take when you're trying to run a secure system, and how it relates
specificly to OpenBSD.  

For example, I'm curious about the software in the ports tree, and how
safe it is.  I've gotten burned by "make install" on other systems,
and I'm not sure if I should be squeamish about it with packages in
the ports tree.  Or whether or not I should rip thorugh inetd.conf and
turn off everything I don't need when I do a fresh install, the way I
do with linux.

The point is that there's an awful lot of stuff that a lot of you guys
have internalized, and which isn't written down anywhere.