mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-01-26 08:42:12 +08:00
3609a85de8
Add umockdev to the book Adjust libgudev so that the test suite is present Change the umockdev reference from external to internal in gnome-settings-daemon and upower Move notification-daemon to System Utilities Move polkit-gnome to Security git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22934 af4574ff-66df-0310-9fd7-8a98e5e911e0
97 lines
4.7 KiB
XML
97 lines
4.7 KiB
XML
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY % general-entities SYSTEM "../../general.ent">
|
|
%general-entities;
|
|
]>
|
|
|
|
<!--
|
|
$LastChangedBy$
|
|
$Date$
|
|
-->
|
|
|
|
<chapter id="postlfs-security">
|
|
<?dbhtml filename="security.html"?>
|
|
|
|
<title>Security</title>
|
|
|
|
<para>
|
|
Security takes many forms in a computing environment. After some
|
|
initial discussion, this chapter
|
|
gives examples of three different types of security: access, prevention
|
|
and detection.
|
|
</para>
|
|
|
|
<para>
|
|
Access for users is usually handled by <command>login</command> or an
|
|
application designed to handle the login function. In this chapter, we show
|
|
how to enhance <command>login</command> by setting policies with
|
|
<application>PAM</application> modules. Access via networks can also be
|
|
secured by policies set by <application>iptables</application>, commonly
|
|
referred to as a firewall. The Network Security Services (NSS) and
|
|
Netscape Portable Runtime (NSPR) libraries can be installed and shared
|
|
among the many applications requiring them. For applications that don't
|
|
offer the best security, you can use the
|
|
<application>Stunnel</application> package to wrap an application daemon
|
|
inside an SSL tunnel.
|
|
</para>
|
|
|
|
<para>
|
|
Prevention of breaches, like a trojan, are assisted by applications like
|
|
<application>GnuPG</application>, specifically the ability to confirm
|
|
signed packages, which recognizes modifications of the tarball
|
|
after the packager creates it.
|
|
</para>
|
|
|
|
<para>
|
|
Finally, we touch on detection with a package that stores "signatures"
|
|
of critical files (defined by the administrator) and then regenerates those
|
|
"signatures" and compares for files that have been changed.
|
|
</para>
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="make-ca.xml"/>
|
|
|
|
<!-- sysv only -->
|
|
<!--<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="consolekit.xml"/>-->
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cryptsetup.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnupg2.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gpgme.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="haveged.xml"/>
|
|
<!-- Leave in alphabetical order of now -->
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="linux-pam.xml"/>
|
|
|
|
<!-- systemd only -->
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="liboauth.xml"/>
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libpwquality.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nettle.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nss.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh.xml"/>
|
|
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/> -->
|
|
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl10.xml"/> -->
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit-gnome.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="volume_key.xml"/>
|
|
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nftables.xml"/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalld.xml"/>-->
|
|
|
|
</chapter>
|