source: postlfs/security/security.xml@ 5f6573d

11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 5f6573d was 5f6573d, checked in by Pierre Labastie <pierre.labastie@…>, 3 years ago

Remove trailing space
  • Property mode set to 100644
File size: 4.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<chapter id="postlfs-security">
9 <?dbhtml filename="security.html"?>
10
11 <title>Security</title>
12
13 <para>
14 Security takes many forms in a computing environment. After some
15 initial discussion, this chapter
16 gives examples of three different types of security: access, prevention
17 and detection.
18 </para>
19
20 <para>
21 Access for users is usually handled by <command>login</command> or an
22 application designed to handle the login function. In this chapter, we show
23 how to enhance <command>login</command> by setting policies with
24 <application>PAM</application> modules. Access via networks can also be
25 secured by policies set by <application>iptables</application>, commonly
26 referred to as a firewall. The Network Security Services (NSS) and
27 Netscape Portable Runtime (NSPR) libraries can be installed and shared
28 among the many applications requiring them. For applications that don't
29 offer the best security, you can use the
30 <application>Stunnel</application> package to wrap an application daemon
31 inside an SSL tunnel.
32 </para>
33
34 <para>
35 Prevention of breaches, like a trojan, are assisted by applications like
36 <application>GnuPG</application>, specifically the ability to confirm
37 signed packages, which recognizes modifications of the tarball
38 after the packager creates it.
39 </para>
40
41 <para>
42 Finally, we touch on detection with a package that stores "signatures"
43 of critical files (defined by the administrator) and then regenerates those
44 "signatures" and compares for files that have been changed.
45 </para>
46
47 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/>
48 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="make-ca.xml"/>
49
50 <!-- sysv only -->
51 <!--<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="consolekit.xml"/>-->
52
53 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>
54 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cryptsetup.xml"/>
55 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl.xml"/>
56 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnupg2.xml"/>
57 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
58 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gpgme.xml"/>
59<!-- archive
60 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="haveged.xml"/>
61-->
62<!-- Leave in alphabetical order of now -->
63 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
64 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
65
66 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap.xml"/>
67 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="linux-pam.xml"/>
68
69 <!-- systemd only -->
70 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="liboauth.xml"/>
71
72 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libpwquality.xml"/>
73 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb.xml"/>
74 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nettle.xml"/>
75 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nss.xml"/>
76 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh.xml"/>
77<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/> -->
78<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl10.xml"/> -->
79 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/>
80 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit.xml"/>
81 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit-gnome.xml"/>
82 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
83 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/>
84 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel.xml"/>
85 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
86 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>
87 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="volume_key.xml"/>
88<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
89 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
90 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nftables.xml"/>
91 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalld.xml"/>-->
92
93</chapter>
Note: See TracBrowser for help on using the repository browser.