2002-07-08 04:28:42 +08:00
|
|
|
<chapter id="postlfs-security">
|
|
|
|
|
<?dbhtml filename="security.html" dir="postlfs"?>
|
|
|
|
|
<title>Security</title>
|
|
|
|
|
|
2003-09-15 04:28:20 +08:00
|
|
|
<para>Security takes many forms in a computing environment. This chapter
|
|
|
|
|
gives examples of three different types of security; access, prevention
|
|
|
|
|
and detection. Access for users is usually handled by
|
|
|
|
|
<command>login</command> or an application designed to handle the login
|
|
|
|
|
function. In this chapter, we show how to enhance
|
|
|
|
|
<command>login</command> by setting policies with
|
|
|
|
|
<application><acronym>PAM</acronym></application> modules. Access via networks
|
|
|
|
|
can also be secured by policies set by
|
|
|
|
|
<application>iptables</application>. Prevention of breaches, like
|
|
|
|
|
trojans, are assisted by applications like <application>gnupg</application>,
|
|
|
|
|
specifically the ability to confirm signed packages, which prevents
|
|
|
|
|
modification of the tarball after the packager creates it. Finally, we touch on
|
|
|
|
|
detection with a package that stores "signatures" and then regenerates those
|
|
|
|
|
"signatures" and compares for files that have been changed.</para>
|
|
|
|
|
|
2002-12-07 23:24:45 +08:00
|
|
|
&shadow;
|
2003-09-15 04:28:20 +08:00
|
|
|
&Linux_PAM;
|
2002-07-08 04:28:42 +08:00
|
|
|
&iptables;
|
|
|
|
|
&postlfs-security-fw;
|
2003-09-15 04:28:20 +08:00
|
|
|
&gnupg;
|
2003-04-04 09:32:17 +08:00
|
|
|
&tripwire;
|
2003-04-27 09:17:18 +08:00
|
|
|
&postlfs-security-syslog;
|
2002-07-08 04:28:42 +08:00
|
|
|
|
|
|
|
|
</chapter>
|
