source: postlfs/security/security.xml@ f7415c4d

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 9.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since f7415c4d was f7415c4d, checked in by Bruce Dubbs <bdubbs@…>, 4 years ago

Comment out the nftables and firewalld sections until
we can make them a bit more usable.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22759 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 4.5 KB
RevLine 
[b4b71892]1<?xml version="1.0" encoding="ISO-8859-1"?>
[6732c094]2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
[b4b71892]4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
[276015d2]8<!--
9$LastChangedBy$
10$Date$
11-->
12
[f45b1953]13<chapter id="postlfs-security">
[2dbd7a5f]14 <?dbhtml filename="security.html"?>
15
16 <title>Security</title>
17
[6ed5123]18 <para>Security takes many forms in a computing environment. After some
19 initial discussion, this chapter
[2dbd7a5f]20 gives examples of three different types of security: access, prevention
21 and detection.</para>
22
23 <para>Access for users is usually handled by <command>login</command> or an
24 application designed to handle the login function. In this chapter, we show
25 how to enhance <command>login</command> by setting policies with
26 <application>PAM</application> modules. Access via networks
27 can also be secured by policies set by <application>iptables</application>,
[30f88917]28 commonly referred to as a firewall. The Network Security Services (NSS) and
29 Netscape Portable Runtime (NSPR) libraries can be installed and shared among
30 the many applications requiring them. For applications that don't offer the
[2dbd7a5f]31 best security, you can use the <application>Stunnel</application> package to
32 wrap an application daemon inside an SSL tunnel.</para>
33
34 <para>Prevention of breaches, like a trojan, are assisted by applications like
35 <application>GnuPG</application>, specifically the ability to confirm signed
[d2223d8]36 packages, which recognizes modifications of the tarball
[2dbd7a5f]37 after the packager creates it.</para>
38
39 <para> Finally, we touch on detection with a package that stores "signatures"
40 of critical files (defined by the administrator) and then regenerates those
41 "signatures" and compares for files that have been changed.</para>
42
[6ed5123]43 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/>
[2198a32]44 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="make-ca.xml"/>
[f1ce80b]45
46 <!-- sysv only -->
[9014137]47 <!--<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="consolekit.xml"/>-->
[f1ce80b]48
[e05cd03f]49 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>
[6dcb9e77]50 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cryptsetup.xml"/>
[08f1ff7]51 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl.xml"/>
[e05cd03f]52 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnupg2.xml"/>
[7ded7e3]53 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
[b358845]54 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gpgme.xml"/>
[ddf46c4]55 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="haveged.xml"/>
[f7415c4d]56<!-- Leave in alphabetical order of now -->
57 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
58 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
59
[68876b7]60 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap.xml"/>
[7ded7e3]61 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="linux-pam.xml"/>
[f1ce80b]62
63 <!-- systemd only -->
64 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="liboauth.xml"/>
65
[f97d5f6]66 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libpwquality.xml"/>
[e05cd03f]67 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb.xml"/>
[0c6c35d]68 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nettle.xml"/>
[e05cd03f]69 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nss.xml"/>
[08f1ff7]70 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh.xml"/>
[b51c6f5c]71<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/> -->
72<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl10.xml"/> -->
[691bb91]73 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/>
[e05cd03f]74 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit.xml"/>
[08f1ff7]75 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
[7a5b2e77]76 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/>
[08f1ff7]77 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel.xml"/>
78 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
79 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>
[6dcb9e77]80 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="volume_key.xml"/>
[f7415c4d]81<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
[14c0be2f]82 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
83 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nftables.xml"/>
[f7415c4d]84 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalld.xml"/>-->
[f45b1953]85
86</chapter>
Note: See TracBrowser for help on using the repository browser.