RFC: HLFS Mission Statement

Archaic archaic at indy.rr.com
Thu Mar 4 20:14:39 PST 2004


"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are, by
definition, not smart enough to debug it."

- Brian Kernighan

-------------- next part --------------
HLFS Mission Statement

    The HLFS team provides the "Hardened LFS" book, which teaches some
    foundational security principles and how to make an LFS/BLFS system
    more secure.

    The HLFS team addresses:
    - both LFS and BLFS installations, in varying degrees;
    - various environments, configurations and applications;
    - basic security policies and strategies;
    - implementation of those policies and strategies.

    The HLFS team will produce a product that:
    - does *not* replace the (B)LFS books;
    - does *not* provide basic education delivered in the (B)LFS books;
    - does *not* supplant commonly available documents, resources or
    - *may* apply to multiple platforms (with x86 being the focus).

    Produce a book that, in reasonable degree:
    - results in a user that is better educated in security issues;
    - delivers a platform less vulnerable to local and network attacks;
    - offers less vulnerability to exploits of OS component weaknesses;
    - remains current as the environment changes;
    - uses the (B)LFS books as a foundation.

    User education will be promoted by:
    - providing an overview of common security concerns;
    - presuming a user's security awareness to be minimal;
    - offering a reasonably comprehensive, but concise, discussion of
      alternate security policy issues;
    - limiting discussion to a level suited to users who have already
      successfully installed and are using a (B)LFS platform (i.e.
      "intermediate-to-advanced" users);
    - publicly discussing any and all issues related to security and
      book content;
    - implementing the strategies below.

    A platform less vulnerable to network attacks is addressed by;
    - providing guidance to basic security policy that may be most
      appropriate to given environments, configurations and applications;
    - demonstrating procedures, processes and commands that implement the
      selected policy on a platform produced via the (B)LFS books;

    Exploit-ability of OS components will be reduced by:
    - discussing common weaknesses of OS components;
    - presenting various types of solutions ("hardening");
    - providing commands and supporting text that provide "hardening".

    To keep the book current, the team will:
    - monitor certain security-related resources on the Internet and
      communicate and incorporate pertinent changes;
    - monitor (B)LFS list activity for advance notice of changes;
    - minimize maintenance effort from (B)LFS book activity by carefully
      selecting what to include directly and what to reference;
    - "release" as close as reasonable to a new (B)LFS book release;

    To use the (B)LFS books as a foundation, the team will:
    - incorporate certain parts of those books, when needed for clarity
      and/or educational benefit;
    - avoid unneeded repetition of (B)LFS book contents;
    - make liberal use of references to those books, and other pertinent
      resources, when such references are relevant to the topic at hand
      (but outside the scope of the book) and will enhance its value;

    Due to the enormity of the subject matter, workload associated with
    the effort and requirement for timeliness, success can only be
    ensured by distributing the tasks among the members of the HLFS
    community. For this reason, volunteers will be solicited to make a
    commitment to certain areas that will support the strategy detailed
    above. Note that one person may occupy multiple roles and multiple
    people may occupy one role. The important item is that the
    responsibilities are adequately addressed.

    Following are functions that need to be *formally* satisfied:
    - provide assistance to the team in conversion of text to the format
      needed to generate the book;
    - ensure style, wording, readability, presentation consistency,
      and completeness;
    - ensure overall communication with {B,H,}LFS occurs as appropriate;
    - ensure various security-related resources are effectively
      monitored for valuable input;
    - ensure we have topic experts with subject area responsibility,
      who generate and maintain text and commands that are specific to
      a certain topic within the scope of the book, stay aware of (B)LFS
      book and environmental changes that affect that area, communicate
      appropriately with HLFS and (B)LFS team members;
    - pre-release verification; verify that processes detailed in the
      book provide the expected results and confirm that the resulting
      platform operates correctly.

    The HLFS book will not specify replacement of (B)LFS book-specified
    components *unless* there is no reasonable alternative to accomplish
    a *needed* goal.

    The team will not sacrifice completeness, robustness or accuracy for
    the sake of timeliness.

More information about the hlfs-dev mailing list