Consolidating Linux info from multiple places to one place that makes sense
Why is this change being made?
The Security Practices page in the handbook contains several different references to recommended Linux configurations, these are mixed in with other general practices. This causes problems in the following areas:
- As new team members try to configure their new Dell Linux system, they often find the information confusing and hard to follow, resulting in multiple questions to the Security Team in Slack channels
- If we are to point an auditor to where our Linux configuration recommendations are, we will now have a single and easy-to-read source. Security Compliance requested simplification of the recommendations specifically.
- Originally the instructions were rather terse as Linux was considered an option for Engineering only. It has subsequently been approved as an alternative for all departments, therefore the instructions were in need of slight updating to cover finer points in more detail, eliminating more questions from team members outside of Engineering.
The amount of material, which may seem voluminous, has been previously approved and is a combination of cut and paste from different sources. This is considered step one in a multi-step process of updating the Security Practices page, as outlined in https://gitlab.com/gitlab-com/gl-security/engineering/issues/766
Does this MR meet the acceptance criteria?
Yes
Conformity
-
Added description to this MR explaining the reasons for the proposed change, per say-why-not-just-what