diff --git a/general.ent b/general.ent index bbce76a06e..34a36b2f43 100644 --- a/general.ent +++ b/general.ent @@ -1,4 +1,4 @@ - + @@ -27,7 +27,7 @@ - + diff --git a/introduction/welcome/changelog.xml b/introduction/welcome/changelog.xml index 84d3a4a6b7..1eda1ae725 100644 --- a/introduction/welcome/changelog.xml +++ b/introduction/welcome/changelog.xml @@ -18,6 +18,9 @@ who wrote what. +June 30th, 2004 [randy]: Updated to iptables-1.2.11; added +missing tags in various package instructions. + June 29th, 2004 [randy]: Added "Additional downloads" section to aspell instructions. diff --git a/postlfs/security/cracklib.xml b/postlfs/security/cracklib.xml index fa00cc27fc..27428fba8c 100644 --- a/postlfs/security/cracklib.xml +++ b/postlfs/security/cracklib.xml @@ -17,12 +17,12 @@ cracklib-&cracklib-version; - Introduction to <application>cracklib</application> -The cracklib package contains a library used to enforce strong passwords -by comparing user selected passwords to words in a chosen wordlist. +The cracklib package contains a library used +to enforce strong passwords by comparing user selected passwords to words in a +chosen wordlist. Package information @@ -45,15 +45,19 @@ url="&patch-root;/cracklib,&cracklib-version;-blfs-1.patch"/> url="&patch-root;/cracklib,&cracklib-version;-heimdal-1.patch"/> -You will also need to download a wordlist for use with cracklib. There -are two wordlists to choose from at the following location. Use the -cracklib word list for good security, or opt for the -allwords word list for lightweight machines short on -RAM. You can of course choose any other word list that you -have at your disposal. +You will also need to download a wordlist for use with +cracklib. There are two wordlists to choose from at +the following location. Use the cracklib word list for +good security, or opt for the allwords word list for +lightweight machines short on RAM. You can of course choose +any other word list that you have at your disposal. -cracklib (&crackdict-size;): -allwords (&alldict-size;): + +cracklib (&crackdict-size;): +allwords (&alldict-size;): + @@ -62,7 +66,7 @@ have at your disposal. Installation of <application>cracklib</application> -First, we need to install the chosen word list for cracklib: +First, install the chosen word list for cracklib: install -d -m755 /usr/share/dict && install -m644 [wordlist] /usr/share/dict && @@ -71,22 +75,23 @@ echo $(hostname) >> /usr/share/dict/extra.words The wordlist is linked to /usr/share/dict/words as historically, words is the primary wordlist in the -/usr/share/dict directory. We also echo -the value of hostname to a file called extra.words. This -extra file is intended to be a site specific list which includes easy to guess -passwords such as company or department names, user's names, product -names, computer names, domain names, etc. +/usr/share/dict directory. Additionally, +the value of hostname is echoed to a file called +extra.words. This extra file is intended to be a site +specific list which includes easy to guess passwords such as company or +department names, user's names, product names, computer names, domain names, +etc. -Now apply the BLFS patch: +Now apply the BLFS patch: patch -Np1 -i ../cracklib,&cracklib-version;-blfs-1.patch -If necessary, apply the heimdal patch: +If necessary, apply the Heimdal patch: cp -R cracklib cracklib_krb5 && patch -Np1 -i ../cracklib,&cracklib-version;-heimdal-1.patch -Finally install the package: +Finally, install the package: make install @@ -94,18 +99,17 @@ patch -Np1 -i ../cracklib,&cracklib-version;-heimdal-1.patch Contents -The cracklib package -contains the libcrack -library. +The cracklib package contains the +libcrack and optionally, the +libcrack_krb5 libraries. Description -libcrack library -The libcrack library -provides a fast dictionary lookup method for strong password -enforcement. +libcrack libraries +The libcrack libraries provide +a fast dictionary lookup method for strong password enforcement. diff --git a/postlfs/security/iptables.xml b/postlfs/security/iptables.xml index 1fd2d75de8..ac78ec9d30 100644 --- a/postlfs/security/iptables.xml +++ b/postlfs/security/iptables.xml @@ -6,8 +6,8 @@ - - + + ]> @@ -29,11 +29,12 @@ a firewall. To use a firewall, as well as installing iptables, you will need to configure the relevant options into your kernel. This is discussed -in the next part of this chapter - . +in the next part of this chapter – +. If you intend to use IPv6 you might consider extending the kernel by running make patch-o-matic in the top-level -directory of the sources of iptables. If you are +source tree directory of iptables. If you are going to do this, on a freshly untarred kernel, you need to run yes "" | make config && make dep first because otherwise the patch-o-matic command is likely to fail while setting up @@ -46,8 +47,8 @@ class="directory">/usr/src/linux-[version] ) to see which features are available. Support will only be compiled into iptables for the features recognized at compile-time. Applying a kernel patch may result in errors, often because the -hooks for the patches have changed or because the runme script doesn't -recognize that a patch has already been incorporated. +hooks for the patches have changed or because the runme +script doesn't recognize that a patch has already been incorporated. Note that for most people, patching the kernel is unnecessary. With the later 2.4.x kernels, most functionality is already available @@ -70,38 +71,40 @@ url="&iptables-download-ftp;"/> - Installation of <application>iptables</application> -Install iptables by running the following commands: +Install iptables by running the following +commands: make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin && make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install - Command explanations -PREFIX=/usr LIBDIR=/lib BINDIR=/sbin: Compiles and installs -iptables libraries into /lib, binaries into /sbin and the remainder into the +PREFIX=/usr LIBDIR=/lib BINDIR=/sbin: Compiles +and installs iptables libraries into +/lib, binaries into +/sbin and the remainder into the /usr hierarchy instead of /usr/local. Firewalls are -generally set during the boot process and /usr may not be mounted at that time. +generally activated during the boot process and +/usr may not be mounted at that +time. Contents -The iptables package contains iptables, -iptables-restore, iptables-save, -ip6tables and some libraries. +The iptables package contains +iptables, iptables-restore, +iptables-save, ip6tables +and the libip*.so library +modules. @@ -121,10 +124,11 @@ experimental. ip6tables This is the same as iptables but for use with IPv6. As of v1.2.5, it is not as complete as the standard -IPv4 version, especially with regard to some of the modules. +IPv4 version, especially with regard to some of the +modules. -libip*.so +libip*.so library modules These are various modules (implemented as dynamic libraries) which extend the core functionality of iptables. diff --git a/postlfs/security/linux_pam.xml b/postlfs/security/linux_pam.xml index 7e83813649..bd3c07fdb3 100644 --- a/postlfs/security/linux_pam.xml +++ b/postlfs/security/linux_pam.xml @@ -74,8 +74,9 @@ ln -sf ../../lib/libpamc.so.&Linux_PAM-version; /usr/lib/libpamc.soCommand explanations autoconf: This is necessary because the patch -changes where PAM looks for the cracklib libraries, -requiring regeneration of the configure script. +changes where PAM looks for the +cracklib libraries, requiring regeneration of the +configure script. : This switch builds static PAM libraries as well as the dynamic libraries. @@ -98,12 +99,13 @@ guidelines. Config files -/etc/pam.d or /etc/pam.conf +/etc/pam.d/* or /etc/pam.conf Configuration Information -Configuration information is placed in /etc/pam.d or +Configuration information is placed in +/etc/pam.d/ or /etc/pam.conf depending on user preference. Below are example files of each type: @@ -144,9 +146,9 @@ for a list of various modules available. Contents The Linux-PAM package -contains unix-chkpwd and libpam -libraries. +contains unix-chkpwd, +libpam libraries and +PAM modules. @@ -158,8 +160,13 @@ in read protected databases. libpam libraries libpam libraries provide the -interfaces between applications and the modules included with -PAM. +interfaces between applications and the PAM modules. + + +<acronym>PAM</acronym> modules +PAM modules are the Pluggable Authentication Modules +installed in /lib/security/. + diff --git a/postlfs/security/shadow.xml b/postlfs/security/shadow.xml index cb215fb5c3..61d03b37c1 100644 --- a/postlfs/security/shadow.xml +++ b/postlfs/security/shadow.xml @@ -31,7 +31,6 @@ Passwords created after this change will be encrypted using --> - Introduction to <application>Shadow</application> @@ -55,11 +54,11 @@ this will allow programs like login and - -Installation of <application>shadow</application> +Installation of <application>Shadow</application> -Reinstall shadow by running the following commands: +Reinstall Shadow by running the following +commands: patch -Np1 -i ../shadow-&shadow-version;-pam-1.patch && LIBS="-lpam -lpam_misc" ./configure --libdir=/usr/lib \ @@ -76,14 +75,14 @@ ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so - Command explanations ---without-libcrack: This switch tells shadow -not to use libcrack. This is desired as -Linux-PAM already -contains libcrack. +--without-libcrack: This switch tells +Shadow not to use +libcrack. This is desired as +Linux-PAM already contains +libcrack.