freebsd security - Apr 2003 - Administrativia: Documentation project slightly on hold (sorry!)

Hello security folks

I (not so) recently asked for volunteers to the security documentation
project. I got delightfully large number of volunteers! Thank you!

Right now I have some personal (medical) issues to deal with, and I'll
be out of town for the next 2 weeks. When I get back, we can move ahead
at top speed.

The project will have 3 parts.

FAQ: This will cover any kind of basic security question. The intent is
     that the FAQ's should be the nitty-gritty quick-but-not-so-obvious
     tidbits that will make a sysadmins life easier in a collection. They
     should be the kind of thing that could be done as tip-of-the-day
     by something like fortune(6).

HOWTOs: These would be longer documents where (perhaps) step-by-step
        setups are described. Eg, I want to write one where a FreeBSD
        Cluster-type NIS/Kerberos5 setup is described in a foolproof
        way.

HANDBOOK: The handbook is in serious need of updating. For this list,
          only the security parts are of relevance.

Folks can get on with it right away. Discussing the FAQ is specifically
on-topic for this list (as long as it is focussed!). PLEASE PLEASE
keep the technical focus. I don't want this list to degenerate into
questions@ noise again.

The others should be considered carefully, but (eg) if someone wrote a
HOWTO and posted it here for review, it would be on-topic as long as it
was a _security_ HOWTO. Markup issues are off-topic and irrelevant to
this list.

The choice of actual markup will be chosen later, but you can't go far
wrong if you use DocBook or DocBook/XML. Whatever you use for your
document, be prepared to modify the markup, so the safest may be plain
ole ASCII.

PS: When I get back, I'll also look at the issue of an open
    security-questions@ list.

M
--
Mark Murray
iumop ap!sdn w,I idlaH

On 2003-04-06 22:28, markm@freebsd.org wrote:
> Hello security folks
> I (not so) recently asked for volunteers to the security documentation
> project. I got delightfully large number of volunteers! Thank you!
> [...]
> Right now I have some personal (medical) issues to deal with,
Sorry to hear about this.  My wishes for all to turn out well!
> The project will have 3 parts.
> HANDBOOK: The handbook is in serious need of updating. For this list,
>           only the security parts are of relevance.
I've been meaning to sit down and rewrite the "firewalls" section
of
handbook/security/ for a while now, mostly to rearrange stuff and add
new sections that describe ipfilter firewalls.

If this seems like a part of what you wanted, let me know and I'll come
back in a couple of days with some proof of concept stuff.

- Giorgos

Hi,

Can anybody point me out to some ressource that would explain me what this 
line in /var/log/messages means :
Apr  6 23:51:05 device /kernel: in6_purgeaddr: failed to remove a route to 
the p2p destination: fe80:0008::02e0:7dff:fe88:41e1 on tun0, errno=65

I don't have a clue about ipv6, and nothing on the box that message come 
from should use it afaik.

Note that this happened at the time that computer was doing its daily ADSL 
reconnection.
System on this box :  FreeBSD 4.8-RC (STABLE) built on Mon Mar 31.

Never seen that kind of message before. Should i worry about it ?

I supose i should remove ipv6 support from kernel as i don't need it. Was 
there any kind of security issue related to ipv6 released yet ?


thanks for your attention, and forgive my poor english :]

--
	Guy

On Sun, Apr 06, 2003 at 10:28:35PM +0100, markm@freebsd.org
wrote:
> The project will have 3 parts.
> 
> FAQ: This will cover any kind of basic security question. The intent is
>      that the FAQ's should be the nitty-gritty quick-but-not-so-obvious
>      tidbits that will make a sysadmins life easier in a collection. They
>      should be the kind of thing that could be done as tip-of-the-day
>      by something like fortune(6).
First off, hope your health improves!

Second, glad to see this going.

Third, we have a "Security" section in the existing FAQ. Please do not
divide FAQs among different FAQs; either add to the existing FAQ, or
take the security questions from the current FAQ and incorporate them
into your new FAQ.

==ml

-- 
Michael Lucas		mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org
http://www.BlackHelicopters.org/~mwlucas/

           Absolute BSD:   http://www.AbsoluteBSD.com/