Seems like a nice and comfortable way to set sane defaults for nginx, Apache, MySQL, PostgreSQL and some Unix stuff - but they really should have been set by each software in the first place.
I like, the private touch the screencast and the developer-designed website gives the project, even if part of a big company. This actually raises its credibility.
Yes, and it seems to me that distros (at least those intended for "enterprise") should be hardened by default also. If I install RHEL or OEL and then have to run a Chef or Puppet config to "harden" it, something is wrong.
Well, thats been tried and rejected by the user base. If you harden too much it becomes a real PITA to do anything productive (SELinux running in strict mode).
RHEL aims to be secure, while also remaining fairly compatible with previous versions.
Red Hat do have documentation on how to harden, but most users don't use it and instead turn SELinux completely off as one of the first configuration steps.
Very cool, but seems like it would be nice to have the hardening steps documented outside of code too (for those of us with more exotic provisioning tastes).
I completely agree. I was looking for the SSH settings but I don't use Puppet or Chef. This is why I prefer shell scripts so I can see what's going on and run parts of it on my own.
I don't really have a problem with that, to be honest--I certainly don't run an IPv6 network internally (and neither does anyone else on AWS) and IPv6 translation can happen at the edges.
Nitpicking: T-Mobile is the international mobile branch of Deutsche Telekom, not just in the US (though there is a US subsidiary).
Other branches include T-Online (private ISP, actually a former subsidiary), T-Systems (subsidiary proving services to the public sector and larger corporations) and T-Home (which I have trouble telling apart from T-Online). There may be other branches too, but in practice most people in Germany just lump them all together anyway.
I like, the private touch the screencast and the developer-designed website gives the project, even if part of a big company. This actually raises its credibility.