2004-06-10 13:47:11 +08:00
|
|
|
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
|
|
|
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
|
|
|
|
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
|
|
|
|
|
<!ENTITY % general-entities SYSTEM "../../general.ent">
|
|
|
|
|
%general-entities;
|
|
|
|
|
]>
|
|
|
|
|
|
2002-07-08 04:28:42 +08:00
|
|
|
<chapter id="postlfs-security">
|
2004-05-07 04:30:53 +08:00
|
|
|
<?dbhtml filename="security.html"?>
|
2002-07-08 04:28:42 +08:00
|
|
|
<title>Security</title>
|
|
|
|
|
|
2003-09-15 04:28:20 +08:00
|
|
|
<para>Security takes many forms in a computing environment. This chapter
|
2003-09-27 10:37:14 +08:00
|
|
|
gives examples of three different types of security: access, prevention
|
2003-09-22 03:11:48 +08:00
|
|
|
and detection.</para>
|
|
|
|
|
|
|
|
|
|
<para>Access for users is usually handled by <command>login</command> or an
|
|
|
|
|
application designed to handle the login function. In this chapter, we show
|
|
|
|
|
how to enhance <command>login</command> by setting policies with
|
2003-09-15 04:28:20 +08:00
|
|
|
<application><acronym>PAM</acronym></application> modules. Access via networks
|
2003-09-22 03:11:48 +08:00
|
|
|
can also be secured by policies set by <application>iptables</application>,
|
|
|
|
|
commonly referred to as a firewall.</para>
|
|
|
|
|
|
|
|
|
|
<para>Prevention of breaches, like a trojan, are assisted by applications like
|
2003-09-27 10:37:14 +08:00
|
|
|
<application>GnuPG</application>, specifically the ability to confirm signed
|
2004-05-30 13:30:47 +08:00
|
|
|
packages, which recognizes modifications of the <acronym>TAR</acronym> ball after
|
2003-10-04 22:23:39 +08:00
|
|
|
the packager creates it.</para>
|
2003-09-22 03:11:48 +08:00
|
|
|
|
|
|
|
|
<para> Finally, we touch on detection with a package that stores "signatures"
|
|
|
|
|
of critical files (defined by the administrator) and then regenerates those
|
2003-09-15 04:28:20 +08:00
|
|
|
"signatures" and compares for files that have been changed.</para>
|
|
|
|
|
|
2004-06-10 13:47:11 +08:00
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cracklib.xml"/>
|
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="linux_pam.xml"/>
|
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="shadow.xml"/>
|
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="iptables.xml"/>
|
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="firewalling.xml"/>
|
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="gnupg.xml"/>
|
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="tripwire.xml"/>
|
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="heimdal.xml"/>
|
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="mitkrb.xml"/>
|
2002-07-08 04:28:42 +08:00
|
|
|
|
|
|
|
|
</chapter>
|
