source: postlfs/security/security.xml@ d2223d8

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since d2223d8 was d2223d8, checked in by Bruce Dubbs <bdubbs@…>, 18 years ago

Change 'TAR ball' to 'tarball' for now.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5963 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 2.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<chapter id="postlfs-security">
9 <?dbhtml filename="security.html"?>
10
11 <title>Security</title>
12
13 <para>Security takes many forms in a computing environment. This chapter
14 gives examples of three different types of security: access, prevention
15 and detection.</para>
16
17 <para>Access for users is usually handled by <command>login</command> or an
18 application designed to handle the login function. In this chapter, we show
19 how to enhance <command>login</command> by setting policies with
20 <application>PAM</application> modules. Access via networks
21 can also be secured by policies set by <application>iptables</application>,
22 commonly referred to as a firewall. The Network Security Services (NSS) and
23 Netscape Portable Runtime (NSPR) libraries can be installed and shared among
24 the many applications requiring them. For applications that don't offer the
25 best security, you can use the <application>Stunnel</application> package to
26 wrap an application daemon inside an SSL tunnel.</para>
27
28 <para>Prevention of breaches, like a trojan, are assisted by applications like
29 <application>GnuPG</application>, specifically the ability to confirm signed
30 packages, which recognizes modifications of the tarball
31 after the packager creates it.</para>
32
33 <para> Finally, we touch on detection with a package that stores "signatures"
34 of critical files (defined by the administrator) and then regenerates those
35 "signatures" and compares for files that have been changed.</para>
36
37 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssl.xml"/>
38 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cracklib.xml"/>
39 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="linux-pam.xml"/>
40 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="shadow.xml"/>
41 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="iptables.xml"/>
42 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="firewalling.xml"/>
43 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="gnupg.xml"/>
44 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="tripwire.xml"/>
45 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="heimdal.xml"/>
46 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="mitkrb.xml"/>
47 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cyrus-sasl.xml"/>
48 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="stunnel.xml"/>
49 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="sudo.xml"/>
50 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="nss.xml"/>
51
52</chapter>
Note: See TracBrowser for help on using the repository browser.