My customer is very new to the Linux environment, and I have to help them create a Linux network security policy, but I can't find any examples on the Web. Can you point me in the right direction? They are using SuSE Linux Enterprise Server 10.
Policies are usually high level and communicate the rules or expectations for everyone in the organization. They can take a long time to develop and an even longer time to get approved by management. This is why you usually want to limit the level of detail you include in a policy document.
Instead of creating written security policy for each and every operating system, platform and application used within the environment, the organization's security policy should require that specific standards and procedures documents be followed. This is where your Linux host standards or procedures would come in. In your standards and procedures documents, you can get as detailed as you want and have more flexibility to make adjustments as time goes on.
If you focus your Web search on Linux security configuration, hardening and standards guides, you will likely find what you are looking for.
This was first published in August 2007