[b4b71892] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
[6732c094] | 2 | <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
[b4b71892] | 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 | ]>
|
---|
| 7 |
|
---|
[276015d2] | 8 | <!--
|
---|
| 9 | $LastChangedBy$
|
---|
| 10 | $Date$
|
---|
| 11 | -->
|
---|
| 12 |
|
---|
[f45b1953] | 13 | <chapter id="postlfs-security">
|
---|
[2dbd7a5f] | 14 | <?dbhtml filename="security.html"?>
|
---|
| 15 |
|
---|
| 16 | <title>Security</title>
|
---|
| 17 |
|
---|
[6ed5123] | 18 | <para>Security takes many forms in a computing environment. After some
|
---|
| 19 | initial discussion, this chapter
|
---|
[2dbd7a5f] | 20 | gives examples of three different types of security: access, prevention
|
---|
| 21 | and detection.</para>
|
---|
| 22 |
|
---|
| 23 | <para>Access for users is usually handled by <command>login</command> or an
|
---|
| 24 | application designed to handle the login function. In this chapter, we show
|
---|
| 25 | how to enhance <command>login</command> by setting policies with
|
---|
| 26 | <application>PAM</application> modules. Access via networks
|
---|
| 27 | can also be secured by policies set by <application>iptables</application>,
|
---|
[30f88917] | 28 | commonly referred to as a firewall. The Network Security Services (NSS) and
|
---|
| 29 | Netscape Portable Runtime (NSPR) libraries can be installed and shared among
|
---|
| 30 | the many applications requiring them. For applications that don't offer the
|
---|
[2dbd7a5f] | 31 | best security, you can use the <application>Stunnel</application> package to
|
---|
| 32 | wrap an application daemon inside an SSL tunnel.</para>
|
---|
| 33 |
|
---|
| 34 | <para>Prevention of breaches, like a trojan, are assisted by applications like
|
---|
| 35 | <application>GnuPG</application>, specifically the ability to confirm signed
|
---|
[d2223d8] | 36 | packages, which recognizes modifications of the tarball
|
---|
[2dbd7a5f] | 37 | after the packager creates it.</para>
|
---|
| 38 |
|
---|
| 39 | <para> Finally, we touch on detection with a package that stores "signatures"
|
---|
| 40 | of critical files (defined by the administrator) and then regenerates those
|
---|
| 41 | "signatures" and compares for files that have been changed.</para>
|
---|
| 42 |
|
---|
[6ed5123] | 43 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/>
|
---|
[0d7900a] | 44 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cacerts.xml"/>
|
---|
[f1ce80b] | 45 |
|
---|
| 46 | <!-- sysv only -->
|
---|
[08f1ff7] | 47 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="consolekit.xml"/>
|
---|
[f1ce80b] | 48 |
|
---|
[e05cd03f] | 49 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>
|
---|
[08f1ff7] | 50 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl.xml"/>
|
---|
[e05cd03f] | 51 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnupg2.xml"/>
|
---|
[7ded7e3] | 52 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
|
---|
[b358845] | 53 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gpgme.xml"/>
|
---|
[ddf46c4] | 54 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="haveged.xml"/>
|
---|
[7ded7e3] | 55 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
|
---|
| 56 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
|
---|
[68876b7] | 57 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap.xml"/>
|
---|
[7ded7e3] | 58 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="linux-pam.xml"/>
|
---|
[f1ce80b] | 59 |
|
---|
| 60 | <!-- systemd only -->
|
---|
| 61 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="liboauth.xml"/>
|
---|
| 62 |
|
---|
[f97d5f6] | 63 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libpwquality.xml"/>
|
---|
[e05cd03f] | 64 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb.xml"/>
|
---|
[0c6c35d] | 65 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nettle.xml"/>
|
---|
[e05cd03f] | 66 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nss.xml"/>
|
---|
[08f1ff7] | 67 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh.xml"/>
|
---|
| 68 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/>
|
---|
[691bb91] | 69 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/>
|
---|
[e05cd03f] | 70 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit.xml"/>
|
---|
[08f1ff7] | 71 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
|
---|
[7a5b2e77] | 72 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/>
|
---|
[08f1ff7] | 73 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel.xml"/>
|
---|
| 74 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
|
---|
| 75 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>
|
---|
[f45b1953] | 76 |
|
---|
| 77 | </chapter>
|
---|