mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-01-27 18:02:12 +08:00
5e18c49cdd
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1303 af4574ff-66df-0310-9fd7-8a98e5e911e0
34 lines
1.3 KiB
XML
34 lines
1.3 KiB
XML
<chapter id="postlfs-security">
|
|
<?dbhtml filename="security.html" dir="postlfs"?>
|
|
<title>Security</title>
|
|
|
|
<para>Security takes many forms in a computing environment. This chapter
|
|
gives examples of three different types of security: access, prevention
|
|
and detection.</para>
|
|
|
|
<para>Access for users is usually handled by <command>login</command> or an
|
|
application designed to handle the login function. In this chapter, we show
|
|
how to enhance <command>login</command> by setting policies with
|
|
<application><acronym>PAM</acronym></application> modules. Access via networks
|
|
can also be secured by policies set by <application>iptables</application>,
|
|
commonly referred to as a firewall.</para>
|
|
|
|
<para>Prevention of breaches, like a trojan, are assisted by applications like
|
|
<application>GnuPG</application>, specifically the ability to confirm signed
|
|
packages, which prevents modification of the <acronym>TAR</acronym> ball after
|
|
the packager creates it.</para>
|
|
|
|
<para> Finally, we touch on detection with a package that stores "signatures"
|
|
of critical files (defined by the administrator) and then regenerates those
|
|
"signatures" and compares for files that have been changed.</para>
|
|
|
|
&Linux_PAM;
|
|
&shadow;
|
|
&iptables;
|
|
&postlfs-security-fw;
|
|
&gnupg;
|
|
&tripwire;
|
|
<!--&postlfs-security-syslog;-->
|
|
|
|
</chapter>
|