Hacker News new | past | comments | ask | show | jobs | submit login

Does anyone have any other guides like this? I'm using Arch Linux and want to run nginx on it. I'd like to make sure it's as secure as I can make it before deploying the website.



Pacman doesn't verify the integrity of packages before installing them. This is a pretty major security hole, in my opinion.

If you're concerned about running a secure and stable production server, Arch should probably be your last choice.

Don't get me wrong, I think Arch is a fine distro, I just think rolling releases are a scary idea for production servers.


The NSA's STIGs are a useful resource. If you want the higher-level policies they come from, NIST[0] is one candidate.

If you want documents around the same level of specificity as the STIGs, you'll probably need a non-governmental source. Arch Linux and Nginx are not EAL certified[1] at any level, so the US Government isn't even going to try to secure them.

[0] http://csrc.nist.gov/publications/PubsITLSB.html

[1] http://en.wikipedia.org/wiki/Common_Criteria




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: