Product SiteDocumentation Site

Community Services Infrastructure

Security Policy

Information Technology Security Policies

Edition 1

Mike McGrath

Fedora Project Infrastructure

Kevin Fenzi

Fedora Project Infrastructure

Legal Notice

Copyright © 2011 The Fedora Project.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
For guidelines on the permitted uses of the Fedora trademarks, refer to
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
All other trademarks are the property of their respective owners.
This is the official security policy for The Fedora Project. Below is a list of chapters for consideration. End users (non engineers/admins) should go directly to reading chapter '3 - End User Security Introduction'.

1. CSI Introduction
1.1. Introduction
1.2. What to do
1.3. External Sources and References
2. Host Security Introduction
2.1. Prerequisites
2.2. Host General Security
2.2.1. Suggested /etc/sysctl.conf config
2.3. IPTables Configuration
2.3.1. Suggested /etc/sysconfig/iptables configuration
2.4. Host Security Categories
2.5. System Identification
2.5.1. System Identification Example
3. End User Security Introduction
3.1. End User Standards
3.1.1. Administrative Exceptions
3.2. Security Incidents
3.3. External Sources and References
4. Incident Response
4.1. Introduction
4.1.1. The Rules
4.1.2. Incident Response Team
4.1.3. Management
4.2. Prerequisite Tasks
4.3. Assessment and Communication
4.3.1. Management Chain Notification
4.3.2. Threat Assessment
4.3.3. Entry Investigation
4.3.4. Impact-Assessment
4.3.5. Partner Communication
4.3.6. Public Disclosure
4.4. Actions
4.4.1. Investigation
4.4.2. Data Integrity Plan
4.4.3. Re-secure Environment Plan
A. Revision History