Context Navigation

security.xml@ 47274444

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 47274444 was 47274444, checked in by Pierre Labastie <pieere@…>, 4 years ago

Format postlfs/security and misc/forgotten

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22884 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 4.6 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6	]>
7
8	<!--
9	$LastChangedBy$
10	$Date$
11	-->
12
13	<chapter id="postlfs-security">
14	<?dbhtml filename="security.html"?>
15
16	<title>Security</title>
17
18	<para>
19	Security takes many forms in a computing environment. After some
20	initial discussion, this chapter
21	gives examples of three different types of security: access, prevention
22	and detection.
23	</para>
24
25	<para>
26	Access for users is usually handled by <command>login</command> or an
27	application designed to handle the login function. In this chapter, we show
28	how to enhance <command>login</command> by setting policies with
29	<application>PAM</application> modules. Access via networks can also be
30	secured by policies set by <application>iptables</application>, commonly
31	referred to as a firewall. The Network Security Services (NSS) and
32	Netscape Portable Runtime (NSPR) libraries can be installed and shared
33	among the many applications requiring them. For applications that don't
34	offer the best security, you can use the
35	<application>Stunnel</application> package to wrap an application daemon
36	inside an SSL tunnel.
37	</para>
38
39	<para>
40	Prevention of breaches, like a trojan, are assisted by applications like
41	<application>GnuPG</application>, specifically the ability to confirm
42	signed packages, which recognizes modifications of the tarball
43	after the packager creates it.
44	</para>
45
46	<para>
47	Finally, we touch on detection with a package that stores "signatures"
48	of critical files (defined by the administrator) and then regenerates those
49	"signatures" and compares for files that have been changed.
50	</para>
51
52	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/>
53	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="make-ca.xml"/>
54
55	<!-- sysv only -->
56	<!--<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="consolekit.xml"/>-->
57
58	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>
59	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cryptsetup.xml"/>
60	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl.xml"/>
61	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnupg2.xml"/>
62	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
63	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gpgme.xml"/>
64	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="haveged.xml"/>
65	<!-- Leave in alphabetical order of now -->
66	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
67	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
68
69	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap.xml"/>
70	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="linux-pam.xml"/>
71
72	<!-- systemd only -->
73	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="liboauth.xml"/>
74
75	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libpwquality.xml"/>
76	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb.xml"/>
77	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nettle.xml"/>
78	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nss.xml"/>
79	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh.xml"/>
80	<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/> -->
81	<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl10.xml"/> -->
82	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/>
83	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit.xml"/>
84	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
85	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/>
86	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel.xml"/>
87	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
88	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>
89	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="volume_key.xml"/>
90	<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
91	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
92	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nftables.xml"/>
93	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalld.xml"/>-->
94
95	</chapter>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/security.xml@ 47274444

Download in other formats: