source: postlfs/security/security.xml@ f1ce80b

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../../general.ent">
  %general-entities;
]>

<!--
$LastChangedBy$
$Date$
-->

<chapter id="postlfs-security">
  <?dbhtml filename="security.html"?>

  <title>Security</title>

  <para>Security takes many forms in a computing environment. After some
  initial discussion, this chapter
  gives examples of three different types of security: access, prevention
  and detection.</para>

  <para>Access for users is usually handled by <command>login</command> or an
  application designed to handle the login function.  In this chapter, we show
  how to enhance <command>login</command> by setting policies with
  <application>PAM</application> modules.  Access via networks
  can also be secured by policies set by <application>iptables</application>,
  commonly referred to as a firewall. The Network Security Services (NSS) and
  Netscape Portable Runtime (NSPR) libraries can be installed and shared among
  the many applications requiring them. For applications that don't offer the
  best security, you can use the <application>Stunnel</application> package to
  wrap an application daemon inside an SSL tunnel.</para>

  <para>Prevention of breaches, like a trojan, are assisted by applications like
  <application>GnuPG</application>, specifically the ability to confirm signed
  packages, which recognizes modifications of the tarball
  after the packager creates it.</para>

  <para> Finally, we touch on detection with a package that stores "signatures"
  of critical files (defined by the administrator) and then regenerates those
  "signatures" and compares for files that have been changed.</para>

  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cacerts.xml"/>

  <!-- sysv only -->
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="consolekit.xml"/>

  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnupg2.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gpgme.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="haveged.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="linux-pam.xml"/>

  <!-- systemd only -->
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="liboauth.xml"/>

  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libpwquality.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nettle.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nss.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>

</chapter>