10.0
10.1
11.0
11.1
11.2
11.3
12.0
12.1
12.2
6.0
6.1
6.2
6.2.0
6.2.0-rc1
6.2.0-rc2
6.3
6.3-rc1
6.3-rc2
6.3-rc3
7.10
7.4
7.5
7.6
7.6-blfs
7.6-systemd
7.7
7.8
7.9
8.0
8.1
8.2
8.3
8.4
9.0
9.1
basic
bdubbs/svn
elogind
gimp3
gnome
kde5-13430
kde5-14269
kde5-14686
kea
ken/TL2024
ken/inkscape-core-mods
ken/tuningfonts
krejzi/svn
lazarus
lxqt
nosym
perl-modules
plabs/newcss
plabs/python-mods
python3.11
qt5new
rahul/power-profiles-daemon
renodr/vulkan-addition
systemd-11177
systemd-13485
trunk
upgradedb
v5_1
v5_1-pre1
xry111/for-12.3
xry111/intltool
xry111/llvm18
xry111/soup3
xry111/spidermonkey128
xry111/test-20220226
xry111/xf86-video-removal
Last change
on this file since 16308d7 was 5e18c49c, checked in by Larry Lawrence <larry@…>, 21 years ago |
compound word edits, a2ps expanded intro
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1303 af4574ff-66df-0310-9fd7-8a98e5e911e0
|
-
Property mode
set to
100644
|
File size:
1.3 KB
|
Rev | Line | |
---|
[f45b1953] | 1 | <chapter id="postlfs-security">
|
---|
| 2 | <?dbhtml filename="security.html" dir="postlfs"?>
|
---|
| 3 | <title>Security</title>
|
---|
| 4 |
|
---|
[e1d7dec] | 5 | <para>Security takes many forms in a computing environment. This chapter
|
---|
[419dd50] | 6 | gives examples of three different types of security: access, prevention
|
---|
[cf7ae162] | 7 | and detection.</para>
|
---|
| 8 |
|
---|
| 9 | <para>Access for users is usually handled by <command>login</command> or an
|
---|
| 10 | application designed to handle the login function. In this chapter, we show
|
---|
| 11 | how to enhance <command>login</command> by setting policies with
|
---|
[e1d7dec] | 12 | <application><acronym>PAM</acronym></application> modules. Access via networks
|
---|
[cf7ae162] | 13 | can also be secured by policies set by <application>iptables</application>,
|
---|
| 14 | commonly referred to as a firewall.</para>
|
---|
| 15 |
|
---|
| 16 | <para>Prevention of breaches, like a trojan, are assisted by applications like
|
---|
[419dd50] | 17 | <application>GnuPG</application>, specifically the ability to confirm signed
|
---|
[5e18c49c] | 18 | packages, which prevents modification of the <acronym>TAR</acronym> ball after
|
---|
| 19 | the packager creates it.</para>
|
---|
[cf7ae162] | 20 |
|
---|
| 21 | <para> Finally, we touch on detection with a package that stores "signatures"
|
---|
| 22 | of critical files (defined by the administrator) and then regenerates those
|
---|
[e1d7dec] | 23 | "signatures" and compares for files that have been changed.</para>
|
---|
| 24 |
|
---|
| 25 | &Linux_PAM;
|
---|
[7915966] | 26 | &shadow;
|
---|
[f45b1953] | 27 | &iptables;
|
---|
| 28 | &postlfs-security-fw;
|
---|
[e1d7dec] | 29 | &gnupg;
|
---|
[ce2adc3] | 30 | &tripwire;
|
---|
[cf7ae162] | 31 | <!--&postlfs-security-syslog;-->
|
---|
[f45b1953] | 32 |
|
---|
| 33 | </chapter>
|
---|
Note:
See
TracBrowser
for help on using the repository browser.