Security Handbook/Status
From Gentoo Wiki
Jump to:navigation
Jump to:search
Introduction
This is an overview of the status of the Security Handbook as of 2023, 09-01.
Important
Nothing here currently indicates the accuracy of content on any page.
Nothing here currently indicates the accuracy of content on any page.
Legend
Here is the legend currently in use for the "last substantial update" columns below:
| Year(s) | Color |
|---|---|
| 2023 | |
| 2018-2022 | |
| 2016-2017 | |
| ≤ 2015 | |
| DNE/stub | |
| WIP | No color |
It was determined by having a decent number of small edits in a given year, or at least one edit of ± a few hundred characters. 2020-2022 saw no significant changes, hence collapsing that span of time into one grouping.
Feel free to use this page or its talk page to give general feedback, suggest new pages, suggest changes to handbook structure or scope, or add any references that might be useful. It is meant to be a sort of project management dashboard and scratchpad as well as status page.
Introduction and theory
| Page | Last substantial update | Completeness | Notes/Plans/Ideas |
|---|---|---|---|
| Security concepts | |||
| General security guidance |
Hardware
| Page | Last substantial update | Completeness | Notes/Plans/Ideas |
|---|---|---|---|
| Bring TPM/Yubikey pages under this category. Physical device security subpage (e.g. Kensington cables). Side-channel attacks, device fingerprinting. |
Firmware
| Page | Last substantial update | Completeness | Notes/Plans/Ideas |
|---|---|---|---|
| Firmware security | fwupd, coreboot/libreboot | ||
| Firmware security/AMD | PSP, SEV, SME | ||
| Firmware security/Intel |
Software
| Page | Last substantial update | Completeness | Notes/Plans/Ideas |
|---|---|---|---|
| Staying up-to-date | |||
| Boot Path Security | Bring Secure Boot/Trusted Boot pages under this category. | ||
| Mounting partitions | |||
| Kernel security | |||
| Kernel security/Kernel Lockdown | |||
| Kernel security/Kernel Self-Protection Project | |||
| Linux security modules | |||
| User and group limitations | |||
| File permissions | |||
| PAM | |||
| Firewalls and network security | Bring ufw/firewalld pages under this category. Add eBPF firewall page. | ||
| Firewalls and network security/iptables | |||
| Firewalls and network security/nftables | |||
| Securing services | |||
| Chrooting and virtual servers |
Data and information
| Page | Last substantial update | Completeness | Notes/Plans/Ideas |
|---|---|---|---|
| Information Security | Perhaps put File Permissions page under this category |
Logs and auditing
| Page | Last substantial update | Completeness | Notes/Plans/Ideas |
|---|---|---|---|
| Logging | rsyslog | ||
| Intrusion detection |
External resources
Introduction
Hardware
- https://en.wikipedia.org/wiki/Hardware_security
- https://en.wikipedia.org/wiki/Computer_security_compromised_by_hardware_failure
Firmware
Examples of other security handbooks