Bill Oliver <ven...@billoblog.com> wrote: > > I grew up on Red Hat/Fedora years ago, but moved to Ubuntu because > > some software I used was available in binary form only in that > > distro. Recently, I've moved back to Fedora. One thing i took > > advantage of when I was using Ubuntu was the free level one Ubuntu > > Pro program that provided some useful security scripts and such. > > Is there an equivalent or near-equivalent to Ubuntu Pro at the free > > personal level for Fedora? Are there any standardized security > > checklists, etc. available?
Jonathan Billings: > Perhaps you’re interested in something like OpenSCAP security > profiles, which Fedora suppets: > > https://static.open-scap.org/ssg-guides/ssg-fedora-guide-standard.html I wonder if anyone vets that information? For instance, I scrolled through that and came across the section about users should be forced to periodically change their password. That's always been dumb advice, even if only recently its starting to get realised. People have trouble remembering passwords, so they make stupidly simple ones (*that* should be prevented, and can be), or write it down right next to their computer (*that* can't be done programatically), or use the same password across different services (also can't be prevented programatically). Making them change their password just amplifies that problem. This isn't the movies, where they crack a code one character at a time, with the system telling they've made step-by-step success. So keeping or changing a password makes no iota of difference to guessing games. Someone hammering away at your password (which shouldn't be allowed by the system, that's the *real* problem) can randomly crack what it is now, or whatever you change it to, it won't matter how new or old it is. Pot luck is pot luck. You could even be setting it to a code that's in the queue to be tried in a short while. I just looked for the obvious stupid one, there's probably other bad things in there. There's always been stupid advice, and people blithely go along with it. -- uname -rsvp Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
