[b4b71892] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
| 2 | <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
|
---|
| 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 | ]>
|
---|
| 7 |
|
---|
[f45b1953] | 8 | <chapter id="postlfs-security">
|
---|
[bae6e15] | 9 | <?dbhtml filename="security.html"?>
|
---|
[f45b1953] | 10 | <title>Security</title>
|
---|
| 11 |
|
---|
[e1d7dec] | 12 | <para>Security takes many forms in a computing environment. This chapter
|
---|
[419dd50] | 13 | gives examples of three different types of security: access, prevention
|
---|
[cf7ae162] | 14 | and detection.</para>
|
---|
| 15 |
|
---|
| 16 | <para>Access for users is usually handled by <command>login</command> or an
|
---|
| 17 | application designed to handle the login function. In this chapter, we show
|
---|
| 18 | how to enhance <command>login</command> by setting policies with
|
---|
[e1d7dec] | 19 | <application><acronym>PAM</acronym></application> modules. Access via networks
|
---|
[cf7ae162] | 20 | can also be secured by policies set by <application>iptables</application>,
|
---|
[2a7d6c3e] | 21 | commonly referred to as a firewall. For applications that don't offer the
|
---|
| 22 | best security, you can use the <application>Stunnel</application> package to
|
---|
| 23 | wrap an application daemon inside an <acronym>SSL</acronym> tunnel.</para>
|
---|
[cf7ae162] | 24 |
|
---|
| 25 | <para>Prevention of breaches, like a trojan, are assisted by applications like
|
---|
[419dd50] | 26 | <application>GnuPG</application>, specifically the ability to confirm signed
|
---|
[1ea79a1] | 27 | packages, which recognizes modifications of the <acronym>TAR</acronym> ball after
|
---|
[5e18c49c] | 28 | the packager creates it.</para>
|
---|
[cf7ae162] | 29 |
|
---|
| 30 | <para> Finally, we touch on detection with a package that stores "signatures"
|
---|
| 31 | of critical files (defined by the administrator) and then regenerates those
|
---|
[e1d7dec] | 32 | "signatures" and compares for files that have been changed.</para>
|
---|
| 33 |
|
---|
[b4b71892] | 34 | <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cracklib.xml"/>
|
---|
| 35 | <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="linux_pam.xml"/>
|
---|
| 36 | <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="shadow.xml"/>
|
---|
| 37 | <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="iptables.xml"/>
|
---|
| 38 | <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="firewalling.xml"/>
|
---|
| 39 | <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="gnupg.xml"/>
|
---|
| 40 | <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="tripwire.xml"/>
|
---|
| 41 | <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="heimdal.xml"/>
|
---|
| 42 | <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="mitkrb.xml"/>
|
---|
[da4aff6] | 43 | <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cyrus-sasl.xml"/>
|
---|
[2a7d6c3e] | 44 | <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="stunnel.xml"/>
|
---|
[f45b1953] | 45 |
|
---|
| 46 | </chapter>
|
---|