Archive

Archive for the ‘Fedora Docs’ Category

Fedora Docs’ FAD 2014

2014-03-23 Leave a comment

It’s good to get a team together, face-to-face, that usually only meets virtually via IRC on occasion.  The Fedora Docs Project team recently had such an opportunity when they met in the Red Hat offices in Raleigh and Brno.  Linked by a video teleconference, the two groups converged to discuss new work-flows for Publican 4, hacking on some guides, discussing management issues, and working to get the new Docs website built and configured.  Here are some of the highlights of the event:

Work-flow update for Publican 4

The release of Fedora 20 also saw the release of Publican 4.  Publican 4 isn’t quite backwards compatible with the Publican 2 we were using so an update to our work-flow was necessary.  We’ve also made it to a point in our work where using the old web.git repo for publishing just isn’t working any longer.  The new way of publishing involves using Koji to build our documents in RPMs and place them safely into a repository where they can be grabbed by our backend server and be published to the world.  This change not only represents new commands but also a different mindset to publishing.  The new procedures were documented and tested so we’ll be able to start utilizing these as soon as our backend server gets fixed.

Guides hacked upon

You know those guides that seem to languish?  Yeah, I’ve got a few of those.  I did spend some time working on a few guides that will hopefully go live for Fedora 20 or 21.

Accessibility Guide

The Accessibility Guide has really taken a backseat in recent releases.  I’m not sure much has changed for many users but it’s good to keep the document current for any new users that may require a little assistance in making their computer work for them.  I was able to take a lot of stuff out of the guide, mostly GNOME packages that are no longer in Fedora and add a couple of packages I found for KDE.  I’m hoping I can do a better review of what’s available in Fedora before Fedora 21 comes around.

Amateur Radio Guide

I finally got around to adding CQRLOG to the guide.  I really love CQRLOG as a logging program so I’m happy to share some of that information with other amateur radio operators that come to Fedora looking for a FOSS solution for their radio activities.  John made a few additions as well so I suspect the next release will have some added goodness that people should find helpful.

Documentation Guide

This is where I spent most of my time working.  The style guide was moved from the wiki into the guide and other useful information was added as well.

Jargon Guide

This guide has never really seen the light of day.  This is due to the fact that translations of this guide would be nearly useless as they wouldn’t be in any particular order.  Publican 4 fixes this long-standing bug and so I, once again, have hope to publish this book.

Security Guide

Yeah, there’s always some hacking on the security guide when I’m around.  This time there was some testing of the new Yubikey Neo and getting them to do tricks inside Fedora.

New backend server

Jared worked very diligently to create a new backend server.  Unfortunately the documentation was lacking and so we weren’t able to complete the build.  Work continues on this effort.

Videos of the FAD

Because most of the event took place over our video chat you can watch the videos from the meeting: Friday, Saturday, and Sunday.

What’s next for the Fedora Security Guide

2013-06-25 4 comments

The Fedora Security Guide has had a very complicated background.  The guide, itself, started out as a series of entries on the Moin Moin wiki.  The original article explained how to setup LUKS for full-disk encryption.  That article sparked additional articles discussing setting up encryption for both data-at-rest and data-in-motion.  When development was eventually moved to DocBookXML Red Hat donated its security guide code to Fedora’s guide which filled in the subject matter well.  That combined effort later went on to create the Fedora Security Guide and, downstream, the RHEL 6 Security Guide.

I’m very proud of the effort that went into the guide from both Fedora community members and Red Hat-related contributors.  Lots of information is now available in the guide and I’ve heard from more than several people that they use it as a reference for answering questions, hardening their systems, and understanding concepts.  Hearing this type of feedback is quite helpful and knowing that my contributions are helping others is what drives my work on this guide.

I’ve noticed, though, that it has become incredibly difficult to maintain all this content.  Much of it is clearly scope-creep from the original plan for the document.  With much talk about the Fedora 20 release being a rebuilding release I thought it might be a good time to redefine the scope and goals.  Having a somewhat narrower scope should help keep the document on topic and make it a better guide overall.

With that I propose the following:

Scope – The Fedora Security Guide documents instructions for hardening installations of certain high-visibility services that are shipped with Fedora.  Additionally, instructions and concepts for securing data-at-rest and data-in-motion will also be maintained as long as the solutions are shipped from within the Fedora repositories.

Goals -

  1. Document hardening instructions for high-visibility services such as Apache (httpd), postgresql and MariaDB, OpenSSH, and bind.
  2. Document hardening instructions for the “average desktop user”.
  3. Document means of encrypting data-at-rest.
  4. Document means of encryption and authenticating data-in-motion.

This is just an idea and comments are welcome.  I’ll start hacking and cutting soon, though.

Secure Boot Guide for Fedora

2013-02-11 2 comments

The last few weeks has seen Red Hat‘s Product Security Team documenting lots of previously undocumented data on Fedora’s Secure Boot featureFedora‘s Secure Boot Guide contains information on how the implementation is being done, what tools are being used or are available to work with this feature, and what pieces and parts are required to make this feature work.  I encourage everyone to take a look at this guide and file bugs against the guide if there is information that isn’t clear or data that is missing.

We’re not done with the guide, yet, and I’ll be releasing a new draft usually every week on Friday afternoons (Eastern Time).

Fedora’s Amateur Radio Guide

2011-12-11 Leave a comment

Cross posting to Radio W4OTN blog.

Earlier today John WB8RCR and I released the Fedora Amateur Radio Guide.  Depicting many of the programs available in Fedora’s repositories, these free and open source software packages provides many tools to turn any amateur radio operator into a truly geeky operator.

John did a wonderful job putting together the guide to include twenty-one software packages.  And while there is still work to do we wanted to get it out the door now so that Fedora users could take advantage of what was complete.  We hope you find it useful!

GRUB2 not documented in the Fedora Security Guide

2011-11-01 1 comment

I received a report that the Fedora Security Guide does not address GRUB2.  Yep, it doesn’t.  I’m hoping to update the text sooner than later and make it available to the masses.  Just wanted to put the word out there that hardening instructions for GRUB2 are not in the guide, yet.  That is all.

Categories: Security Guide

Removing the Fedora Release Notes from the releases.

2011-09-11 Leave a comment

Twice a year the Fedora Docs team runs around with their hair on fire trying to get the Release Notes bits put together, translated, and packaged.  The packaging requirement puts a lot of strain on the process, though, as thousands of lines of code go into the documentation, they are all new every release, and most of the time are only available at the last minute based on changes to code in other programs.

To reduce the strain on the process I’d like to propose that the Release Notes not be packaged (in RPM) and included in the releases and only be made available on the Fedora Docs website.

This proposal will be sent to the Fedora Docs and I encourage anyone with an opinion on this to reply to that message.

Creative Commons License
Sparks’ Fedora Project Journal by Eric H Christensen is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

Things to bring to the FAD@OLF

2011-09-07 Leave a comment

Coming to the Fedora Activity Day at Ohio Linux Fest (OLF) this weekend?  Here’s a short list of stuff you should bring with you:

  1. Laptop – Because you can’t work if you can’t type and you can’t type unless you have some sort of portable computing device.  If you insist on bringing the desktop, though, we won’t laugh.
  2. Ethernet Cable – Yep, good old fashioned Cat 5 (or the groovy new fashioned Cat 6) cable would be a great thing to bring.  Why?  Because we will have a wired connection (and hopefully a switch hint to Jared) in the FAD room at OLF.  We can never be sure of the airwaves but we hope the copper will be kind to us.
  3. Power Strip – Want to make friends?  Bring a power strip with a long electrical cable attached.  There are never enough outlets at the talks and perhaps that pretty girl or cute guy is in need of a few electrons.  Be an implementer!
  4. Bits – Sure, you can sync all the repositories when you get to OLF but how long is that going to take?  Those that control the Intertubes are probably not aware of the onslaught that is about to occur by dropping hundreds of bit-needy geeks into a single location in Columbus.  Had they known what was coming we would be seeing large amounts of fiber being stretched across the country to be terminated at OLF.  Grabbing a git diff probably won’t be difficult but do everyone a favor and bring your bits with you.
  5. Clothes – Okay, now that you have your bags packed with every type of cable to connect every kind of device to your computer and to the wall you’ll need some sort of body covering.  Not saying anything bad about you but there’s a time and place for everything and some people don’t need the distraction during the classes.  It’s okay, though.  T-shirts roll up nicely and can be stuffed in among the wires and parts.  A change of underwear may also be warranted but I’m leaving that up to you.

So get all that stuff, throw it in a bag, and be there!  If you haven’t registered for OLF, yet, do it now!  If you haven’t signed up for the FAD please add your name to the list.

Creative Commons License
Sparks’ Fedora Project Journal by Eric H Christensen is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

OpenSSH Guide

2011-04-03 Leave a comment

Last May, Scott (sradvan) started work on an OpenSSH guide for Fedora.  It contained information on what SSH was, how to setup a client and server, and how to use SSH.  While it isn’t finished I have published it to the Fedora Documentation website (under Fedora Draft Documentation) so that others may have a chance to review it and provide feedback/patches.

There should be a new component for the OpenSSH Guide on Red Hat’s Bugzilla instance under the Fedora Documentation product.  Please let us know of any problems or suggestions you might have (patches welcome and encouraged!).

Categories: OpenSSH Guide

dd or scrub, which is better for throwing random bits at your hard drive?

2011-01-28 Leave a comment

The other day I received a note on IRC asking for a change to the Fedora Security Guide.  The change would be on the LUKS procedure, specifically the process for writing random bits to the hard drive before putting the encrypted partition on top.

Because my current schedule doesn’t allow for research I was hoping others could help me determine if scrub is a valid replacement for dd.  Specifically if scrub is faster without hurting security.

I believe the command for scrub is:
scrub -f -S -p random -b 8M /dev/md0
which would replace the dd command:
dd if=/dev/urandom of=/dev/

Anyone have any comments?

Categories: Security Guide

Yubikey addition to the Fedora Security Guide

2010-10-20 Leave a comment

Thanks to Zoglesby, we now have new instructions for using Yubikey with your computer running Fedora! We’ll be finalizing the text and it may make a late entry in the F14 version of the Fedora Security Guide (or an early entry to the F15 version). Stay tuned!

Categories: Security Guide, Yubikey
Follow

Get every new post delivered to your Inbox.

Join 202 other followers