tex: add stuff on security policies

2023-05-25 17:05:05 +02:00 · 2023-05-25 17:05:05 +02:00 · 8b3b3be4e4
commit 8b3b3be4e4
parent 23c57658a5
1 changed files with 5 additions and 0 deletions
--- a/tex/text.tex
+++ b/tex/text.tex
@ -1445,6 +1445,11 @@ therefore only be available over \texttt{localhost}.
 It goes without saying that the operator should substitute values of any
 default configuration secrets with the new ones that were securely generated.

+System-wide security policies should target highest feasible security level, if
+at all available (such as by default on Fedora or RHEL), firewalls should be
+configured and SELinux (kernel-level mandatory access control and security
+policy mechanism) running in \emph{enforcing} mode, if available.
+

 \n{2}{Deployment recommendations}