linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-01-24 15:12:11 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Tagged security.xml

Browse Source 
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4207 af4574ff-66df-0310-9fd7-8a98e5e911e0
This commit is contained in:
Manuel Canales Esparcia 2005-05-14 15:23:17 +00:00
parent 5a5bbbfdb5
commit 2dbd7a5f82
1 changed files with 33 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
postlfs/security/security.xml
View File

@ -6,42 +6,43 @@
]>
<chapter id="postlfs-security">
<?dbhtml filename="security.html"?>
<title>Security</title>
<?dbhtml filename="security.html"?>
<para>Security takes many forms in a computing environment. This chapter
gives examples of three different types of security: access, prevention
and detection.</para>
<title>Security</title>
<para>Access for users is usually handled by <command>login</command> or an
application designed to handle the login function. In this chapter, we show
how to enhance <command>login</command> by setting policies with
<application><acronym>PAM</acronym></application> modules. Access via networks
can also be secured by policies set by <application>iptables</application>,
commonly referred to as a firewall. For applications that don't offer the
best security, you can use the <application>Stunnel</application> package to
wrap an application daemon inside an <acronym>SSL</acronym> tunnel.</para>
<para>Security takes many forms in a computing environment. This chapter
gives examples of three different types of security: access, prevention
and detection.</para>
<para>Prevention of breaches, like a trojan, are assisted by applications like
<application>GnuPG</application>, specifically the ability to confirm signed
packages, which recognizes modifications of the <acronym>TAR</acronym> ball
after the packager creates it.</para>
<para>Access for users is usually handled by <command>login</command> or an
application designed to handle the login function. In this chapter, we show
how to enhance <command>login</command> by setting policies with
<application>PAM</application> modules. Access via networks
can also be secured by policies set by <application>iptables</application>,
commonly referred to as a firewall. For applications that don't offer the
best security, you can use the <application>Stunnel</application> package to
wrap an application daemon inside an SSL tunnel.</para>
<para> Finally, we touch on detection with a package that stores "signatures"
of critical files (defined by the administrator) and then regenerates those
"signatures" and compares for files that have been changed.</para>
<para>Prevention of breaches, like a trojan, are assisted by applications like
<application>GnuPG</application>, specifically the ability to confirm signed
packages, which recognizes modifications of the TAR ball
after the packager creates it.</para>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssl.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cracklib.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="linux_pam.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="iptables.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="firewalling.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="gnupg.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="tripwire.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="heimdal.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="mitkrb.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cyrus-sasl.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="stunnel.xml"/>
<para> Finally, we touch on detection with a package that stores "signatures"
of critical files (defined by the administrator) and then regenerates those
"signatures" and compares for files that have been changed.</para>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssl.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cracklib.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="linux_pam.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="iptables.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="firewalling.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="gnupg.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="tripwire.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="heimdal.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="mitkrb.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cyrus-sasl.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="stunnel.xml"/>
</chapter>