Felipe Alfaro Solana wrote:
You have no real way to protect someone from getting into to your system if the intruder has physical access. Such questions come up pretty frequently. In general, Fedora systems have good defaults where developers have analyzed and settled upon something or the other. While we explain security in such documents we need to document the other potential ways the system can be configured to be secured better and explain why the defaults are such. Its a given that we want the defaults to be as secure as possible, so we shouldnt be proactive about reporting enhancements to make it as such instead of documenting workarounds wherever possible.http://www.fedoraproject.org/wiki/SecurityBasicsIf one of the goals of Fedora Core is being secure right from the start, why is the user allowed to enter single-user without supplying the root password (sulogin)?
There is a hardening guide languishing in CVS for quite sometime. Its better to combine the above documents and make it a comprehensive guide. Security is a huge topic to cover.
regards Rahul