Adding doc/HARDENING
The two text files currently in the doc directory are doc/HACKING and doc/TUNING. The latter is the only one that deals with relay operation, and its subject is oddly specific: increasing the maximum number of file descriptors. If we're going to put critical documentation in the codebase, I think it would also be worthwhile to have a basic hardening guide. It could include suggestions like:
- allowing only public key non-root SSH login
- using a firewall
- keeping your system up-to-date
- not running any other programs (especially networked ones)
- considering hardened or security-focused OS choices
Nick suggested that most of the actual information be contained in referenced links, which I agree with. There's no good reason to duplicate effort when there are, for example, so many good SSH hardening guides.
Let me know what you think, or if you have any contributions. If this is generally considered a good idea, I can start writing a draft.
Trac:
Username: mmcc