source: postlfs/security/security.xml@ ac38e9dc

systemd-13485
Last change on this file since ac38e9dc was ac38e9dc, checked in by Douglas R. Reno <renodr@…>, 9 years ago

Import back into SVN from Github

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@16309 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 3.9 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<!--
9$LastChangedBy$
10$Date$
11-->
12
13<chapter id="postlfs-security">
14 <?dbhtml filename="security.html"?>
15
16 <title>Security</title>
17
18 <para>Security takes many forms in a computing environment. After some
19 initial discussion, this chapter
20 gives examples of three different types of security: access, prevention
21 and detection.</para>
22
23 <para>Access for users is usually handled by <command>login</command> or an
24 application designed to handle the login function. In this chapter, we show
25 how to enhance <command>login</command> by setting policies with
26 <application>PAM</application> modules. Access via networks
27 can also be secured by policies set by <application>iptables</application>,
28 commonly referred to as a firewall. The Network Security Services (NSS) and
29 Netscape Portable Runtime (NSPR) libraries can be installed and shared among
30 the many applications requiring them. For applications that don't offer the
31 best security, you can use the <application>Stunnel</application> package to
32 wrap an application daemon inside an SSL tunnel.</para>
33
34 <para>Prevention of breaches, like a trojan, are assisted by applications like
35 <application>GnuPG</application>, specifically the ability to confirm signed
36 packages, which recognizes modifications of the tarball
37 after the packager creates it.</para>
38
39 <para> Finally, we touch on detection with a package that stores "signatures"
40 of critical files (defined by the administrator) and then regenerates those
41 "signatures" and compares for files that have been changed.</para>
42
43 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/>
44 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cacerts.xml"/>
45 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>
46 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl-systemd.xml"/>
47 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnupg2-systemd.xml"/>
48 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
49 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gpgme.xml"/>
50 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="haveged-systemd.xml"/>
51 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables-systemd.xml"/>
52 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling-systemd.xml"/>
53 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap-systemd.xml"/>
54 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="liboauth-systemd.xml"/>
55 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libpwquality-systemd.xml"/>
56 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="linux-pam.xml"/>
57 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb-systemd.xml"/>
58 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nettle.xml"/>
59 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nss.xml"/>
60 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh-systemd.xml"/>
61 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/>
62 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/>
63 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit-systemd.xml"/>
64 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
65 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/>
66 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel-systemd.xml"/>
67 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
68 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>
69
70</chapter>
Note: See TracBrowser for help on using the repository browser.