Description
I always think that checklists such as this -i.e. especially security-oriented ones- would be much more useful, as they would let you learn the why behind the how, if they provided authoritative references to their assertions.
Let's take a concrete example: https://github.com/trimstray/the-practical-linux-hardening-guide/blob/daf846aab98f0bdafd32acf398589b7468c42a74/README.md#eight_pointed_black_star-secure-proc-filesystem
The proc pseudo-filesystem /proc should be mounted with hidepid. When setting hidepid to 2, directories entries in /proc will hidden.
When I read this, I immediately have the following questions:
- Why should I do this? (I guess in this case the question could be phrased "Why is it important to hide the directory entries in /proc?")
- Is there a consensus in the Linux community that this is a sane thing to do? If there's a consensus, why it's not the default?
- What can happen if I don't?
- What happens if I do? Do I gain/lose functionality (or performance, or what have you)?
- What's the meaning of the parameter 2? Are there other possible values? Why should you choose 2 specifically instead of a different value (w.r.t. to the goal stated in the first point)?
I'm not arguing you should provide an explicit answer to all of the above (it wouldn't be a checklist anymore...). I am just arguing such a checklist would become much more useful and credible if it at least included links to authoritative sources that justify[1] the items on the checklist.
Just my 2 cents, keep up the good work!
[1] at least for non-obvious points; e.g. I don't think you need to justify "forcing the use of strong passwords"