source: postlfs/security/security.xml@ d5cc78a

11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since d5cc78a was 3609a85, checked in by Douglas R. Reno <renodr@…>, 4 years ago

Update to gnome-settings-daemon-3.36.0
Add umockdev to the book
Adjust libgudev so that the test suite is present
Change the umockdev reference from external to internal in gnome-settings-daemon and upower
Move notification-daemon to System Utilities
Move polkit-gnome to Security

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22934 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 4.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<!--
9$LastChangedBy$
10$Date$
11-->
12
13<chapter id="postlfs-security">
14 <?dbhtml filename="security.html"?>
15
16 <title>Security</title>
17
18 <para>
19 Security takes many forms in a computing environment. After some
20 initial discussion, this chapter
21 gives examples of three different types of security: access, prevention
22 and detection.
23 </para>
24
25 <para>
26 Access for users is usually handled by <command>login</command> or an
27 application designed to handle the login function. In this chapter, we show
28 how to enhance <command>login</command> by setting policies with
29 <application>PAM</application> modules. Access via networks can also be
30 secured by policies set by <application>iptables</application>, commonly
31 referred to as a firewall. The Network Security Services (NSS) and
32 Netscape Portable Runtime (NSPR) libraries can be installed and shared
33 among the many applications requiring them. For applications that don't
34 offer the best security, you can use the
35 <application>Stunnel</application> package to wrap an application daemon
36 inside an SSL tunnel.
37 </para>
38
39 <para>
40 Prevention of breaches, like a trojan, are assisted by applications like
41 <application>GnuPG</application>, specifically the ability to confirm
42 signed packages, which recognizes modifications of the tarball
43 after the packager creates it.
44 </para>
45
46 <para>
47 Finally, we touch on detection with a package that stores "signatures"
48 of critical files (defined by the administrator) and then regenerates those
49 "signatures" and compares for files that have been changed.
50 </para>
51
52 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/>
53 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="make-ca.xml"/>
54
55 <!-- sysv only -->
56 <!--<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="consolekit.xml"/>-->
57
58 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>
59 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cryptsetup.xml"/>
60 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl.xml"/>
61 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnupg2.xml"/>
62 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
63 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gpgme.xml"/>
64 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="haveged.xml"/>
65<!-- Leave in alphabetical order of now -->
66 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
67 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
68
69 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap.xml"/>
70 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="linux-pam.xml"/>
71
72 <!-- systemd only -->
73 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="liboauth.xml"/>
74
75 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libpwquality.xml"/>
76 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb.xml"/>
77 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nettle.xml"/>
78 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nss.xml"/>
79 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh.xml"/>
80<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/> -->
81<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl10.xml"/> -->
82 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/>
83 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit.xml"/>
84 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit-gnome.xml"/>
85 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
86 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/>
87 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel.xml"/>
88 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
89 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>
90 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="volume_key.xml"/>
91<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
92 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
93 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nftables.xml"/>
94 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalld.xml"/>-->
95
96</chapter>
Note: See TracBrowser for help on using the repository browser.