[PATCH] various tweaks and updates for CSI doc
by Kevin Fenzi
Here's a patch with some fixes and updates to the Fedora CSI doc...
comments or questions welcome!
kevin
--
diff --git a/security-policy/en-US/Author_Group.xml b/security-policy/en-US/Author_Group.xml
index 2903efa..b76c94f 100644
--- a/security-policy/en-US/Author_Group.xml
+++ b/security-policy/en-US/Author_Group.xml
@@ -13,5 +13,14 @@
</affiliation>
<email>mmcgrath(a)redhat.com</email>
</author>
+ <author>
+ <firstname>Kevin</firstname>
+ <surname>Fenzi</surname>
+ <affiliation>
+ <orgname>Fedora Project</orgname>
+ <orgdiv>Infrastructure</orgdiv>
+ </affiliation>
+ <email>kfenzi(a)redhat.com</email>
+ </author>
</authorgroup>
diff --git a/security-policy/en-US/Book_Info.xml b/security-policy/en-US/Book_Info.xml
index 1d7548a..85120f6 100644
--- a/security-policy/en-US/Book_Info.xml
+++ b/security-policy/en-US/Book_Info.xml
@@ -7,7 +7,7 @@
<title>security-policy</title>
<subtitle>Information Technology Security Policies</subtitle>
<productname>Documentation</productname>
- <productnumber>0.2</productnumber>
+ <productnumber>0.3</productnumber>
<edition>1</edition>
<pubsnumber>1</pubsnumber>
<abstract>
diff --git a/security-policy/en-US/Revision_History.xml b/security-policy/en-US/Revision_History.xml
index 35c65f4..9356721 100644
--- a/security-policy/en-US/Revision_History.xml
+++ b/security-policy/en-US/Revision_History.xml
@@ -21,6 +21,20 @@
</simplelist>
</revdescription>
</revision>
+ <revision>
+ <revnumber>2</revnumber>
+ <date>Fri Sep 22 2011</date>
+ <author>
+ <firstname>Kevin</firstname>
+ <surname>Fenzi</surname>
+ <email>kfenzi(a)redhat.com</email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Cleaned up links and names and added content.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
</revhistory>
</simpara>
</appendix>
diff --git a/security-policy/en-US/enduser-standard.xml b/security-policy/en-US/enduser-standard.xml
index 99fadac..755e236 100644
--- a/security-policy/en-US/enduser-standard.xml
+++ b/security-policy/en-US/enduser-standard.xml
@@ -66,6 +66,12 @@
</seglistitem>
<seglistitem>
<seg></seg>
+ <seg>Should</seg>
+ <seg>ssh known hosts</seg>
+ <seg>When using ssh to access machines, the ssh host key for the host should be checked against the canon version at: https://admin.fedoraproject.org/ssh_known_hosts.</seg>
+ </seglistitem>
+ <seglistitem>
+ <seg></seg>
<seg>Must</seg>
<seg>Desktop Locking</seg>
<seg>Any time you physically leave your workstation or any other host that contains a user input or output device such as a keyboard, mouse, or monitor, either lock the screen or shell, or log out completely.</seg>
@@ -74,7 +80,7 @@
<seg></seg>
<seg>Should Not</seg>
<seg>Password Reuse</seg>
- <seg>Avoid reusing passwords in environments where there is not a single sign on capability. This is especially important in the case of password protected keys, encrypted shares, access to sensitive personal sites such as banking or other finances, and so on. Always maintain different passwords wherever possible.</seg>
+ <seg>Avoid reusing passwords in environments where there is not a single sign on capability. This is especially important in the case of password protected keys, encrypted shares, access to sensitive personal sites such as banking or other finances, and so on. Always maintain different passwords wherever possible. Password storage applications can be used to assist as long as the passphrase to open the application is a strong one.</seg>
</seglistitem>
<seglistitem>
<seg></seg>
@@ -112,6 +118,18 @@
<seg>Stolen or Missing Equipment</seg>
<seg>Any stolen or missing equpment containing any sensitive data including passwords or keys, whether encrypted or not, must be reported as quickly as possible. When handled expediently, issues due to missing equipment can be easily mitigated.</seg>
</seglistitem>
+ <seglistitem>
+ <seg></seg>
+ <seg>Should</seg>
+ <seg>selinux</seg>
+ <seg>Wherever possible, users should run their workstation in selinux "enforcing" mode.</seg>
+ </seglistitem>
+ <seglistitem>
+ <seg></seg>
+ <seg>Should</seg>
+ <seg>Updates</seg>
+ <seg>Updates should be applied in a timely manner to workstations. When security updates that fix severe vulnerabilities are available, they should be applied as soon as possible.</seg>
+ </seglistitem>
</segmentedlist>
</para>
<section id="EndUser-Standard-Admin-Exceptions">
diff --git a/security-policy/en-US/security-policy.ent b/security-policy/en-US/security-policy.ent
index 5ab9b2f..d8dae67 100644
--- a/security-policy/en-US/security-policy.ent
+++ b/security-policy/en-US/security-policy.ent
@@ -1,6 +1,6 @@
<!ENTITY PRODUCT "Community Services Infrastructure">
<!ENTITY BOOKID "security-policy">
-<!ENTITY YEAR "2009">
+<!ENTITY YEAR "2011">
<!ENTITY HOLDER "The Fedora Project">
<!ENTITY PUBLIC-RELATIONS-DELEGATE "fpl(a)fedoraproject.org">
<!ENTITY ORGANIZATION-NAME "The Fedora Project">
@@ -8,5 +8,5 @@
<!ENTITY SECURITY-TEAM-DELEGATE "admin fedoraproject.org">
<!ENTITY CHIEF-SECURITY-OFFICER "admin fedoraproject.org">
<!ENTITY CHIEF-INFORMATION-OFFICER "admin fedoraproject.org">
-<!ENTITY HELPDESK-ADDRESS "fedora-infrastructure-list(a)redhat.com">
+<!ENTITY HELPDESK-ADDRESS "infrastructuret(a)lists.fedoraproject.org">
<!ENTITY SECURITY-POLICY-URL
"http://infrastructure.fedoraproject.org/csi/security-policy/">
12 years, 7 months