Updated to iptables-1.2.11; added missing tags in various package instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2403 af4574ff-66df-0310-9fd7-8a98e5e911e0

general.ent

@@ -1,4 +1,4 @@
-<!ENTITY day          "29">
+<!ENTITY day          "30">
 <!ENTITY month        "06">
 <!ENTITY year         "2004">
 <!ENTITY version      "cvs-&year;&month;&day;">
@@ -27,7 +27,7 @@
 <!ENTITY cracklib-version             "2.7">   
 <!ENTITY Linux_PAM-version            "0.77">  
 <!ENTITY shadow-version               "4.0.4.1">  
-<!ENTITY iptables-version             "1.2.9"> 
+<!ENTITY iptables-version             "1.2.11"> 
 <!ENTITY gnupg-version                "1.2.4">  
 <!ENTITY tripwire-version             "2.3.1-2">   
 <!ENTITY heimdal-version              "0.6.2">   

introduction/welcome/changelog.xml

@@ -18,6 +18,9 @@ who wrote what.</para>
 
 <itemizedlist>
 
+<listitem><para>June 30th, 2004 [randy]: Updated to iptables-1.2.11; added
+missing tags in various package instructions.</para></listitem>
+
 <listitem><para>June 29th, 2004 [randy]: Added "Additional downloads" section 
 to aspell instructions.</para></listitem>
 

postlfs/security/cracklib.xml

@@ -17,12 +17,12 @@
 <?dbhtml filename="cracklib.html"?>
 <title>cracklib-&cracklib-version;</title>
 
-
 <sect2>
 <title>Introduction to <application>cracklib</application></title>
 
-<para>The cracklib package contains a library used to enforce strong passwords
-by comparing user selected passwords to words in a chosen wordlist.</para>
+<para>The <application>cracklib</application> package contains a library used 
+to enforce strong passwords by comparing user selected passwords to words in a 
+chosen wordlist.</para>
 
 <sect3><title>Package information</title>
 <itemizedlist spacing='compact'>
@@ -45,15 +45,19 @@ url="&patch-root;/cracklib,&cracklib-version;-blfs-1.patch"/></para></listitem>
 url="&patch-root;/cracklib,&cracklib-version;-heimdal-1.patch"/></para></listitem>
 </itemizedlist>
 
-<para>You will also need to download a wordlist for use with cracklib.  There
-are two wordlists to choose from at the following location.  Use the
-<filename>cracklib</filename> word list for good security, or opt for the
-<filename>allwords</filename> word list for lightweight machines short on
-<acronym>RAM</acronym>.  You can of course choose any other word list that you
-have at your disposal.</para>
+<para>You will also need to download a wordlist for use with 
+<application>cracklib</application>. There are two wordlists to choose from at 
+the following location.  Use the <filename>cracklib</filename> word list for 
+good security, or opt for the <filename>allwords</filename> word list for 
+lightweight machines short on <acronym>RAM</acronym>. You can of course choose 
+any other word list that you have at your disposal.</para>
 
-<para>cracklib (&crackdict-size;): <ulink url="http://www.cotse.com/wordlists/cracklib"/></para>
-<para>allwords (&alldict-size;): <ulink url="http://www.cotse.com/wordlists/allwords"/></para>
+<itemizedlist spacing='compact'>
+<listitem><para>cracklib (&crackdict-size;): <ulink 
+url="http://www.cotse.com/wordlists/cracklib"/></para></listitem>
+<listitem><para>allwords (&alldict-size;): <ulink 
+url="http://www.cotse.com/wordlists/allwords"/></para></listitem>
+</itemizedlist>
 
 </sect3>
 
@@ -62,7 +66,7 @@ have at your disposal.</para>
 <sect2>
 <title>Installation of <application>cracklib</application></title>
 
-<para>First, we need to install the chosen word list for cracklib:</para>
+<para>First, install the chosen word list for cracklib:</para>
 
 <screen><userinput><command>install -d -m755 /usr/share/dict &amp;&amp;
 install -m644 <replaceable>[wordlist]</replaceable> /usr/share/dict &amp;&amp;
@@ -71,22 +75,23 @@ echo $(hostname) >> /usr/share/dict/extra.words</command></userinput></screen>
 
 <para>The wordlist is linked to <filename>/usr/share/dict/words</filename> as 
 historically, <filename>words</filename> is the primary wordlist in the 
-<filename class="directory">/usr/share/dict</filename> directory.  We also echo 
-the value of hostname to a file called <filename>extra.words</filename>.  This 
-extra file is intended to be a site specific list which includes easy to guess 
-passwords such as company or department names, user's names, product 
-names, computer names, domain names, etc.</para>
+<filename class="directory">/usr/share/dict</filename> directory. Additionally, 
+the value of <command>hostname</command> is echoed to a file called 
+<filename>extra.words</filename>. This extra file is intended to be a site 
+specific list which includes easy to guess passwords such as company or 
+department names, user's names, product names, computer names, domain names, 
+etc.</para>
 
-<para>Now apply the BLFS patch:</para>
+<para>Now apply the <acronym>BLFS</acronym> patch:</para>
 
 <screen><userinput><command>patch -Np1 -i ../cracklib,&cracklib-version;-blfs-1.patch</command></userinput></screen>
 
-<para>If necessary, apply the heimdal patch:</para>
+<para>If necessary, apply the <application>Heimdal</application> patch:</para>
 
 <screen><userinput><command>cp -R cracklib cracklib_krb5 &amp;&amp;
 patch -Np1 -i ../cracklib,&cracklib-version;-heimdal-1.patch</command></userinput></screen>
 
-<para>Finally install the package:</para>
+<para>Finally, install the package:</para>
 <screen><userinput><command>make install</command></userinput></screen>
 
 </sect2>
@@ -94,18 +99,17 @@ patch -Np1 -i ../cracklib,&cracklib-version;-heimdal-1.patch</command></userinpu
 <sect2>
 <title>Contents</title>
 
-<para>The <application>cracklib</application> package 
-contains the <filename class="libraryfile">libcrack</filename> 
-library.</para>
+<para>The <application>cracklib</application> package contains the 
+<filename class="libraryfile">libcrack</filename> and optionally, the 
+<filename class="libraryfile">libcrack_krb5</filename> libraries.</para>
 
 </sect2>
 
 <sect2><title>Description</title>
 
-<sect3><title>libcrack library</title>
-<para>The <filename class="libraryfile">libcrack</filename> library
-provides a fast dictionary lookup method for strong password
-enforcement.</para></sect3>
+<sect3><title>libcrack libraries</title>
+<para>The <filename class="libraryfile">libcrack</filename> libraries provide 
+a fast dictionary lookup method for strong password enforcement.</para></sect3>
 
 </sect2>
 

postlfs/security/iptables.xml

@@ -6,8 +6,8 @@
 
   <!ENTITY iptables-download-http "http://www.iptables.org/files/iptables-&iptables-version;.tar.bz2">
   <!ENTITY iptables-download-ftp  "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2">
-  <!ENTITY iptables-size          "183 KB">
-  <!ENTITY iptables-buildsize     "3.4 MB">
+  <!ENTITY iptables-size          "157 KB">
+  <!ENTITY iptables-buildsize     "4.4 MB">
   <!ENTITY iptables-time          "0.13 SBU">
 ]>
 
@@ -29,11 +29,12 @@ a firewall.</para>
 <para>To use a firewall, as well as installing
 <application>iptables</application>, you will need
 to configure the relevant options into your kernel.  This is discussed
-in the next part of this chapter - <xref linkend="postlfs-security-fw-kernel"/>.</para>
+in the next part of this chapter &ndash; 
+<xref linkend="postlfs-security-fw-kernel"/>.</para>
 
 <para>If you intend to use <acronym>IP</acronym>v6 you might consider extending
 the kernel by running <command>make patch-o-matic</command> in the top-level
-directory of the sources of <application>iptables</application>.  If you are 
+source tree directory of <application>iptables</application>.  If you are 
 going to do this, on a freshly untarred kernel, you need to run 
 <command>yes "" | make config &amp;&amp; make dep</command> first because 
 otherwise the patch-o-matic command is likely to fail while setting up
@@ -46,8 +47,8 @@ class="directory">/usr/src/linux-<replaceable>[version]</replaceable>
 </filename>) to see which features are available.  Support will only be compiled
 into <application>iptables</application> for the features recognized at 
 compile-time.  Applying a kernel patch may result in errors, often because the 
-hooks for the patches have changed or because the runme script doesn't 
-recognize that a patch has already been incorporated.</para>
+hooks for the patches have changed or because the <command>runme</command> 
+script doesn't recognize that a patch has already been incorporated.</para>
 
 <para>Note that for most people, patching the kernel is unnecessary.
 With the later 2.4.x kernels, most functionality is already available
@@ -70,38 +71,40 @@ url="&iptables-download-ftp;"/></para></listitem>
 
 </sect2>
 
-
 <sect2>
 <title>Installation of <application>iptables</application></title>
 
-<para>Install <application>iptables</application> by running the following commands:</para>
+<para>Install <application>iptables</application> by running the following 
+commands:</para>
 
 <screen><userinput><command>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin &amp;&amp;
 make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install</command></userinput></screen>
 
 </sect2>
 
-
 <sect2>
 <title>Command explanations</title>
 
-<para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles and installs 
-<application>iptables</application> libraries into <filename
-class="directory">/lib</filename>, binaries into <filename
-class="directory">/sbin</filename> and the remainder into the 
+<para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles 
+and installs <application>iptables</application> libraries into 
+<filename class="directory">/lib</filename>, binaries into 
+<filename class="directory">/sbin</filename> and the remainder into the 
 <filename class="directory">/usr</filename> hierarchy instead of 
 <filename class="directory">/usr/local</filename>. Firewalls are
-generally set during the boot process and <filename
-class="directory">/usr</filename> may not be mounted at that time.</para>
+generally activated during the boot process and 
+<filename class="directory">/usr</filename> may not be mounted at that 
+time.</para>
 
 </sect2>
 
 <sect2>
 <title>Contents</title>
 
-<para>The <application>iptables</application> package contains <command>iptables</command>,
-<command>iptables-restore</command>, <command>iptables-save</command>,
-<command>ip6tables</command> and some libraries.</para>
+<para>The <application>iptables</application> package contains 
+<command>iptables</command>, <command>iptables-restore</command>, 
+<command>iptables-save</command>, <command>ip6tables</command> 
+and the <filename class='libraryfile'>libip*.so</filename> library
+modules.</para>
 
 </sect2>
 
@@ -121,10 +124,11 @@ experimental.</para>
 <sect3 id="ip6tables" xreflabel="ip6tables"><title>ip6tables</title>
 <para>This is the same as <command>iptables</command> but for use with
 <acronym>IP</acronym>v6.  As of v1.2.5, it is not as complete as the standard 
-<acronym>IP</acronym>v4 version, especially with regard to some of the modules.</para>
+<acronym>IP</acronym>v4 version, especially with regard to some of the 
+modules.</para>
 </sect3>
 
-<sect3><title>libip*.so</title>
+<sect3><title>libip*.so library modules</title>
 <para>These are various modules (implemented as dynamic libraries) which
 extend the core functionality of <command>iptables</command>.</para>
 </sect3>

postlfs/security/linux_pam.xml

@@ -74,8 +74,9 @@ ln -sf ../../lib/libpamc.so.&Linux_PAM-version; /usr/lib/libpamc.so</command></u
 <title>Command explanations</title>
 
 <para><command>autoconf</command>:  This is necessary because the patch 
-changes where <acronym>PAM</acronym> looks for the cracklib libraries, 
-requiring regeneration of the configure script.</para>
+changes where <acronym>PAM</acronym> looks for the 
+<application>cracklib</application> libraries, requiring regeneration of the 
+configure script.</para>
 
 <para><option>--enable-static-libpam</option>: This switch builds
 static <acronym>PAM</acronym> libraries as well as the dynamic libraries.</para>
@@ -98,12 +99,13 @@ guidelines.</para>
 </title>
 
 <sect3><title>Config files</title>
-<para><filename>/etc/pam.d</filename> or <filename>/etc/pam.conf</filename>
+<para><filename>/etc/pam.d/*</filename> or <filename>/etc/pam.conf</filename>
 </para></sect3>
 
 <sect3><title>Configuration Information</title>
 
-<para>Configuration information is placed in <filename>/etc/pam.d</filename> or
+<para>Configuration information is placed in 
+<filename class='directory'>/etc/pam.d/</filename> or
 <filename>/etc/pam.conf</filename> depending on user preference.  Below are
 example files of each type:</para>
 
@@ -144,9 +146,9 @@ for a list of various modules available.</para>
 <title>Contents</title>
 
 <para>The <application>Linux-<acronym>PAM</acronym></application> package 
-contains <command>unix-chkpwd</command> and <filename
-class="libraryfile">libpam</filename> 
-libraries.</para>
+contains <command>unix-chkpwd</command>, 
+<filename class="libraryfile">libpam</filename> libraries and 
+<acronym>PAM</acronym> modules.</para>
 
 </sect2>
 
@@ -158,8 +160,13 @@ in read protected databases.</para></sect3>
 
 <sect3><title>libpam libraries</title>
 <para><filename class="libraryfile">libpam</filename> libraries provide the 
-interfaces between applications and the modules included with 
-<acronym>PAM</acronym>.</para></sect3>
+interfaces between applications and the <acronym>PAM</acronym> modules.</para>
+</sect3>
+
+<sect3><title><acronym>PAM</acronym> modules</title>
+<para><acronym>PAM</acronym> modules are the Pluggable Authentication Modules 
+installed in <filename class='directory'>/lib/security/</filename>.</para>
+</sect3>
 
 </sect2>
 

postlfs/security/shadow.xml

@@ -31,7 +31,6 @@ Passwords created after this change will be encrypted using
 </sect2>
 -->
 
-
 <sect2>
 <title>Introduction to <application>Shadow</application></title>
 
@@ -55,11 +54,11 @@ this will allow programs like <command>login</command> and
 </sect3>
 </sect2>
 
-
 <sect2>
-<title>Installation of <application>shadow</application></title>
+<title>Installation of <application>Shadow</application></title>
 
-<para>Reinstall shadow by running the following commands:</para>
+<para>Reinstall <application>Shadow</application> by running the following 
+commands:</para>
 
 <screen><userinput><command>patch -Np1 -i ../shadow-&shadow-version;-pam-1.patch &amp;&amp;
 LIBS="-lpam -lpam_misc" ./configure --libdir=/usr/lib \
@@ -76,14 +75,14 @@ ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</command></userinput></screen>
 
 </sect2>
 
-
 <sect2>
 <title>Command explanations</title>
 
-<para><parameter>--without-libcrack</parameter>: This switch tells shadow
-not to use libcrack. This is desired as
-<application>Linux-<acronym>PAM</acronym></application> already
-contains libcrack.</para>
+<para><parameter>--without-libcrack</parameter>: This switch tells 
+<application>Shadow</application> not to use 
+<filename class='libraryfile'>libcrack</filename>. This is desired as
+<application>Linux-<acronym>PAM</acronym></application> already contains 
+<filename class='libraryfile'>libcrack</filename>.</para>
 
 <!--  Leftover from older instructions????
 <para><command>cp debian/securetty /etc/securetty</command>: This
@@ -92,25 +91,27 @@ command sets the tty's that allow logins through <acronym>PAM</acronym>.</para>
 
 </sect2>
 
-
 <sect2>
-<title>Configuring <application><acronym>PAM</acronym></application> to work 
-with <application>shadow</application></title>
+<title>Configuring <application>Linux-<acronym>PAM</acronym></application> to work 
+with <application>Shadow</application></title>
 
 <sect3><title>Config files</title>
 <para><filename>/etc/pam.d/login</filename>,
 <filename>/etc/pam.d/passwd</filename>,
 <filename>/etc/pam.d/su</filename>,
-<filename>/etc/pam.d/shadow</filename>, and
-<filename>/etc/pam.d/useradd</filename></para>
+<filename>/etc/pam.d/shadow</filename>, 
+<filename>/etc/pam.d/useradd</filename>, and 
+<filename>/etc/pam.d/chage</filename> &ndash; 
+alternatively, <filename>/etc/pam.conf</filename></para>
 </sect3>
 
 <sect3><title>Configuration Information</title>
 
-<para>Add the following <application><acronym>PAM</acronym></application> 
-configuration files to <filename class="directory">/etc/pam.d</filename> (or add them to
-<filename>/etc/pam.conf</filename> with the additional field for the program).
-</para>
+<para>Add the following <application>Linux-<acronym>PAM</acronym></application> 
+configuration files to <filename class="directory">/etc/pam.d/</filename> (or 
+add them to <filename>/etc/pam.conf</filename> with the additional field for 
+the program).</para>
+
 <screen><userinput><command>cat &gt; /etc/pam.d/login &lt;&lt; "EOF"</command>
 # Begin /etc/pam.d/login
 
@@ -182,7 +183,7 @@ password    required        pam_permit.so
 <para>Currently, <filename>/etc/pam.d/other</filename> is configured to
 allow anyone with an account on the machine to use programs
 that do not specifically have a configuration file of their own. After
-testing <application><acronym>PAM</acronym></application> for proper 
+testing <application>Linux-<acronym>PAM</acronym></application> for proper 
 configuration, it can be changed to the following:</para>
 
 <screen><userinput><command>cat &gt; /etc/pam.d/other &lt;&lt; "EOF"</command>