source: postlfs/security/security.xml@ f1ce80b

10.0 10.1 11.0 7.10 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind ken/refactor-virt lazarus nosym perl-modules qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since f1ce80b was f1ce80b, checked in by DJ Lucas <dj@…>, 5 years ago

[systemd-merge] - Section II layout

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@17433 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 3.9 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<!--
9$LastChangedBy$
10$Date$
11-->
12
13<chapter id="postlfs-security">
14 <?dbhtml filename="security.html"?>
15
16 <title>Security</title>
17
18 <para>Security takes many forms in a computing environment. After some
19 initial discussion, this chapter
20 gives examples of three different types of security: access, prevention
21 and detection.</para>
22
23 <para>Access for users is usually handled by <command>login</command> or an
24 application designed to handle the login function. In this chapter, we show
25 how to enhance <command>login</command> by setting policies with
26 <application>PAM</application> modules. Access via networks
27 can also be secured by policies set by <application>iptables</application>,
28 commonly referred to as a firewall. The Network Security Services (NSS) and
29 Netscape Portable Runtime (NSPR) libraries can be installed and shared among
30 the many applications requiring them. For applications that don't offer the
31 best security, you can use the <application>Stunnel</application> package to
32 wrap an application daemon inside an SSL tunnel.</para>
33
34 <para>Prevention of breaches, like a trojan, are assisted by applications like
35 <application>GnuPG</application>, specifically the ability to confirm signed
36 packages, which recognizes modifications of the tarball
37 after the packager creates it.</para>
38
39 <para> Finally, we touch on detection with a package that stores "signatures"
40 of critical files (defined by the administrator) and then regenerates those
41 "signatures" and compares for files that have been changed.</para>
42
43 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/>
44 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cacerts.xml"/>
45
46 <!-- sysv only -->
47 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="consolekit.xml"/>
48
49 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>
50 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl.xml"/>
51 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnupg2.xml"/>
52 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
53 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gpgme.xml"/>
54 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="haveged.xml"/>
55 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="iptables.xml"/>
56 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="firewalling.xml"/>
57 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap.xml"/>
58 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="linux-pam.xml"/>
59
60 <!-- systemd only -->
61 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="liboauth.xml"/>
62
63 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libpwquality.xml"/>
64 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb.xml"/>
65 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nettle.xml"/>
66 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nss.xml"/>
67 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh.xml"/>
68 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/>
69 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/>
70 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit.xml"/>
71 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
72 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/>
73 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel.xml"/>
74 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
75 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>
76
77</chapter>
Note: See TracBrowser for help on using the repository browser.