source: postlfs/security/security.xml@ 7a5b2e77

10.0 10.1 11.0 11.1 11.2 11.3 7.10 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/inkscape-core-mods krejzi/svn lazarus nosym perl-modules plabs/python-mods qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/soup3 xry111/test-20220226
Last change on this file since 7a5b2e77 was 7a5b2e77, checked in by Fernando de Oliveira <fernando@…>, 9 years ago

New package: ssh-askpass-6.4p1. Remove instructions to build it and rephrase pkexec and other parts of Gparted-0.17.0.

git-svn-id: svn:// af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 3.8 KB
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
13<chapter id="postlfs-security">
14 <?dbhtml filename="security.html"?>
16 <title>Security</title>
18 <para>Security takes many forms in a computing environment. After some
19 initial discussion, this chapter
20 gives examples of three different types of security: access, prevention
21 and detection.</para>
23 <para>Access for users is usually handled by <command>login</command> or an
24 application designed to handle the login function. In this chapter, we show
25 how to enhance <command>login</command> by setting policies with
26 <application>PAM</application> modules. Access via networks
27 can also be secured by policies set by <application>iptables</application>,
28 commonly referred to as a firewall. The Network Security Services (NSS) and
29 Netscape Portable Runtime (NSPR) libraries can be installed and shared among
30 the many applications requiring them. For applications that don't offer the
31 best security, you can use the <application>Stunnel</application> package to
32 wrap an application daemon inside an SSL tunnel.</para>
34 <para>Prevention of breaches, like a trojan, are assisted by applications like
35 <application>GnuPG</application>, specifically the ability to confirm signed
36 packages, which recognizes modifications of the tarball
37 after the packager creates it.</para>
39 <para> Finally, we touch on detection with a package that stores "signatures"
40 of critical files (defined by the administrator) and then regenerates those
41 "signatures" and compares for files that have been changed.</para>
43 <xi:include xmlns:xi="" href="vulnerabilities.xml"/>
44 <xi:include xmlns:xi="" href="acl.xml"/>
45 <xi:include xmlns:xi="" href="attr.xml"/>
46 <xi:include xmlns:xi="" href="cacerts.xml"/>
47 <xi:include xmlns:xi="" href="consolekit.xml"/>
48 <xi:include xmlns:xi="" href="cracklib.xml"/>
49 <xi:include xmlns:xi="" href="cyrus-sasl.xml"/>
50 <xi:include xmlns:xi="" href="gnupg2.xml"/>
51 <xi:include xmlns:xi="" href="gnutls.xml"/>
52 <xi:include xmlns:xi="" href="gpgme.xml"/>
53 <xi:include xmlns:xi="" href="iptables.xml"/>
54 <xi:include xmlns:xi="" href="firewalling.xml"/>
55 <xi:include xmlns:xi="" href="libcap.xml"/>
56 <xi:include xmlns:xi="" href="linux-pam.xml"/>
57 <xi:include xmlns:xi="" href="mitkrb.xml"/>
58 <xi:include xmlns:xi="" href="nettle.xml"/>
59 <xi:include xmlns:xi="" href="nss.xml"/>
60 <xi:include xmlns:xi="" href="openssh.xml"/>
61 <xi:include xmlns:xi="" href="openssl.xml"/>
62 <xi:include xmlns:xi="" href="p11-kit.xml"/>
63 <xi:include xmlns:xi="" href="polkit.xml"/>
64 <xi:include xmlns:xi="" href="shadow.xml"/>
65 <xi:include xmlns:xi="" href="ssh-askpass.xml"/>
66 <xi:include xmlns:xi="" href="stunnel.xml"/>
67 <xi:include xmlns:xi="" href="sudo.xml"/>
68 <xi:include xmlns:xi="" href="tripwire.xml"/>
Note: See TracBrowser for help on using the repository browser.