Dragon Dragon community released the first Anolis OS Security Guide to escort users' business systems

In recent days, , Dragon lizard community system safety committee SIG, United Alibaba cloud 、 Tongxin software, etc SIG member , Based on the latest Anolis OS The distribution is jointly released Anolis OS 8 Safety best practices （ See the end of the article for download link ）, This best practice is based on Anolis OS 8 Downstream distribution Alibaba Cloud Linux 3 and UOS Server v20 Build the safety experience and practice of large-scale product landing , compatible CIS（Center for Internet Security）、 Equal insurance 2.0 And other safety standards , Provide community users with guidelines for configuring various security functions in the form of a security baseline , Help enterprises and organizations make clearer decisions about security risks .

System security is one of the important foundations for the safe and stable operation of business , With the increasingly fierce network security confrontation , Large scale automatic attack 、 worm 、 blackmail 、APT And other attack forms are also gradually increasing , The system installed by default may have improper port configuration 、 Weak password 、 The security policy configuration is weak 、 Unreasonable system configuration such as missing system patches , It brings great challenges to the safe operation of business systems .
Servers and operating systems are the most basic and important network assets of Cloud Computing , Its safety inspection has also become the top priority , The problem of system configuration security is often to mitigate the threat 、 The first line of defense to reduce risk . meanwhile , With the development of enterprise internationalization , Information security compliance management has become normalized , The network security construction of enterprises and organizations often needs to meet the requirements from the state or regulatory units “ safety standards ”, Such as waiting for insurance 2.0、CIS safety standards 、GDPR wait . Combine these safety compliance requirements , Building the operating system security baseline has become the first step of system security engineering ,Anolis OS 8 Release of security best practices , It aims to provide detailed information for users of dragon lizard community 、 widely 、 Easy to use 、 Configurable best security baseline Configuration Guide , Reduce safety risks caused by insufficient safety control .
Best practices include access-and-control、logging-and-auditing、services、 system-configurations、mandatory-access-control There are five aspects 150 Multiple content , Each safety guideline has an independent markdown Documents are released and maintained in the community project warehouse , And covers the corresponding safety level 、 describe 、 Repair suggestions and scanning detection （ See the end of the text for the link address ）.
Anolis OS 8 Safety best practices divide the level of safety baseline into four levels ： One of them 、 Level II does not affect the performance and ease of use of the system , meanwhile , The first level can complete the scanning detection and automatic repair of error configuration through scripts , The second level often requires the system administrator to manually check and configure ; Level 3 and level 4 safety guidelines may have an impact on system performance and ease of use . The difference between the two is the second level 、 The first level is similar . The definition method of classification can support users to choose and implement different security levels of reinforcement according to the actual security needs , And better meet the configuration security benchmark requirements for different users and different scenarios .
Current corresponding code warehouse security-benchmark Already in gitee The open source , At present, there are already from the dragon lizard community 7 Developers participated in the contribution of the security baseline . At the same time Anolis OS 8 Safety best practices v1.0.0 Release , The corresponding document publishing tools are also open source , The tool is based on python 3 Realization , Support multiple security baselines markdown File conversion merged into PDF Publish documents in format , And be able to target the markdown Flexible configuration of file combination , Allow users to generate customized security baseline standards that meet different security requirements in different scenarios on demand .
Besides , Combined with dragon lizard operating system （Anolis OS） Systematic safety compliance construction , Downstream distribution Alibaba Cloud Linux 2/3 And Tongxin software UnionTech OS Server v20 Recently, we have successively completed the cooperation with internationally renowned safe communities OpenSCAP Product support integration , And become OpenSCAP The first batch of officially supported domestic OS product . With Anolis 8 Release of security best practices , The relevant security baseline configuration can continue to work with OpenSCAP Combine security policies , Further prosper the safe ecology of dragon lizard community .
‍ Dragon lizard community （OpenAnolis） We are committed to providing safe open source operating system distribution for community users （Anolis OS） And security applications , Combined with fully tested and widely verified security standard configuration, it provides support for enterprises and organizations to realize security control more finely .
In the future, we expect more community developers to participate Anolis OS Joint development and improvement of safety best practice baselines . Around this security best practice guide , We will also further develop and fully validate the relevant configuration scanning and repair scripts , It is released in combination with the security tool set to support the automatic verification and reinforcement of system security configuration , help Anolis OS And its downstream manufacturers better meet the requirements of safety compliance , Reduce security risks .
Related links ：
1.Anolis OS 8 Security best practices download ：
https://gitee.com/anolis/security-benchmark/releases
2. Best practices developer guide link address ：
https://gitee.com/anolis/security-benchmark/blob/master/docs/development-guide.md
3.Anolis Safety best practices project warehouse ：
https://gitee.com/anolis/security-benchmark
4. Document tool link address ：
https://gitee.com/anolis/security-benchmark/tree/master/tools/release
—— End ——
Relevant links can be moved to dragon lizard official account （OpenAnolis japalura ）2022 year 7 month 19 Same day push view .