source: postlfs/security/security.xml

trunk
Last change on this file was ab4fdfc, checked in by Pierre Labastie <pierre.labastie@…>, 3 months ago

Change all xml decl to encoding=utf-8
  • Property mode set to 100644
File size: 4.8 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<chapter id="postlfs-security">
9 <?dbhtml filename="security.html"?>
10
11 <title>Security</title>
12
13 <para>
14 Security takes many forms in a computing environment. After some
15 initial discussion, this chapter
16 gives examples of three different types of security: access, prevention
17 and detection.
18 </para>
19
20 <para>
21 Access for users is usually handled by <command>login</command> or an
22 application designed to handle the login function. In this chapter, we show
23 how to enhance <command>login</command> by setting policies with
24 <application>PAM</application> modules. Access via networks can also be
25 secured by policies set by <application>iptables</application>, commonly
26 referred to as a firewall. The Network Security Services (NSS) and
27 Netscape Portable Runtime (NSPR) libraries can be installed and shared
28 among the many applications requiring them. For applications that don't
29 offer the best security, you can use the
30 <application>Stunnel</application> package to wrap an application daemon
31 inside an SSL tunnel.
32 </para>
33
34 <para>
35 Prevention of breaches, like a trojan, are assisted by applications like
36 <application>GnuPG</application>, specifically the ability to confirm
37 signed packages, which recognizes modifications of the tarball
38 after the packager creates it.
39 </para>
40
41 <para>
42 Finally, we touch on detection with a package that stores "signatures"
43 of critical files (defined by the administrator) and then regenerates those
44 "signatures" and compares for files that have been changed.
45 </para>
46
47 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/>
48 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="make-ca.xml"/>
49
50 <!-- sysv only -->
51 <!--<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="consolekit.xml"/>-->
52
53 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>
54 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cryptsetup.xml"/>
55 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl.xml"/>
56 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnupg2.xml"/>
57 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
58 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gpgme.xml"/>
59<!-- archive
60 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="haveged.xml"/>
61-->
62<!-- Leave in alphabetical order of now -->
63 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
64 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
65
66 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap.xml"/>
67 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="linux-pam.xml"/>
68
69 <!-- systemd only -->
70 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="liboauth.xml"/>
71
72 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libpwquality.xml"/>
73 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb.xml"/>
74 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nettle.xml"/>
75 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nss.xml"/>
76 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh.xml"/>
77<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/> -->
78<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl10.xml"/> -->
79 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/>
80 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit.xml"/>
81 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit-gnome.xml"/>
82 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
83 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/>
84 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel.xml"/>
85 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
86 <!-- comment out until shadow really abandon su -->
87 <!--xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="util-linux.xml"/-->
88 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>
89<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="volume_key.xml"/>-->
90<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
91 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
92 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nftables.xml"/>
93 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalld.xml"/>-->
94
95</chapter>
Note: See TracBrowser for help on using the repository browser.