commit 1c563092e88619ee7cbc857be52ec8c289ea21ed
Author: Eric H Christensen <sparks(a)redhat.com>
Date: Fri Jun 27 09:21:37 2014 -0400
Cleaned up a few lines
en-US/Basic_Hardening.xml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/en-US/Basic_Hardening.xml b/en-US/Basic_Hardening.xml
index cbcc833..2562fa8 100644
--- a/en-US/Basic_Hardening.xml
+++ b/en-US/Basic_Hardening.xml
@@ -10,12 +10,12 @@
<section id="sect-Security_Guide-Basic_Hardening-General_Principles">
<title>General Principles</title>
<para><simplelist>
- <member>Encrypt all data transmitted over the network. Encrypting
authentication information (such as passwords) is particularly important.</member>
+ <member>Encrypt all data transmitted over the network. Encrypting
authentication information, such as passwords and cookies, is particularly
important.</member>
<member>Minimize the amount of software installed and running in order to
minimize vulnerability.</member>
<member>Use security-enhancing software and tools whenever available (e.g.
SELinux and IPTables).</member>
<member>Run each network service on a separate server whenever possible. This
minimizes the risk that a compromise of one service could lead to a compromise of
others.</member>
<member>Maintain user accounts. Create a good password policy and enforce its
use. Delete unused user accounts.</member>
- <member>Review system and application logs on a routine basis. Send logs to a
dedicated log server. This prevents intruders from easily avoiding detection by modifying
the local logs.</member>
+ <member>Review system and application logs on a routine basis. Send logs to a
dedicated, centralized log server. This prevents intruders from easily avoiding detection
by modifying the local logs.</member>
<member>Never log in directly as root, unless absolutely necessary.
Administrators should use <command>sudo</command> to execute commands as root
when required. The accounts capable of using sudo are specified in
<filename>/etc/sudoers</filename>, which is edited with the visudo utility.
By default, relevant logs are written to
<filename>/var/log/secure</filename>.</member>
</simplelist></para>
</section>