Changeset 2197589


Ignore:
Timestamp:
06/30/2004 09:20:29 PM (17 years ago)
Author:
Randy McMurchy <randy@…>
Branches:
10.0, 10.1, 11.0, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, ken/refactor-virt, krejzi/svn, lazarus, nosym, perl-modules, qt5new, systemd-11177, systemd-13485, trunk, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
e40cb61
Parents:
f3e295d5
Message:

Updated to iptables-1.2.11; added missing tags in various package instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2403 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
6 edited

Legend:

Unmodified
Added
Removed
  • general.ent

    rf3e295d5 r2197589  
    1 <!ENTITY day          "29">
     1<!ENTITY day          "30">
    22<!ENTITY month        "06">
    33<!ENTITY year         "2004">
     
    2828<!ENTITY Linux_PAM-version            "0.77"> 
    2929<!ENTITY shadow-version               "4.0.4.1"> 
    30 <!ENTITY iptables-version             "1.2.9">
     30<!ENTITY iptables-version             "1.2.11">
    3131<!ENTITY gnupg-version                "1.2.4"> 
    3232<!ENTITY tripwire-version             "2.3.1-2">   
  • introduction/welcome/changelog.xml

    rf3e295d5 r2197589  
    1818
    1919<itemizedlist>
     20
     21<listitem><para>June 30th, 2004 [randy]: Updated to iptables-1.2.11; added
     22missing tags in various package instructions.</para></listitem>
    2023
    2124<listitem><para>June 29th, 2004 [randy]: Added "Additional downloads" section
  • postlfs/security/cracklib.xml

    rf3e295d5 r2197589  
    1818<title>cracklib-&cracklib-version;</title>
    1919
    20 
    2120<sect2>
    2221<title>Introduction to <application>cracklib</application></title>
    2322
    24 <para>The cracklib package contains a library used to enforce strong passwords
    25 by comparing user selected passwords to words in a chosen wordlist.</para>
     23<para>The <application>cracklib</application> package contains a library used
     24to enforce strong passwords by comparing user selected passwords to words in a
     25chosen wordlist.</para>
    2626
    2727<sect3><title>Package information</title>
     
    4646</itemizedlist>
    4747
    48 <para>You will also need to download a wordlist for use with cracklib.  There
    49 are two wordlists to choose from at the following location.  Use the
    50 <filename>cracklib</filename> word list for good security, or opt for the
    51 <filename>allwords</filename> word list for lightweight machines short on
    52 <acronym>RAM</acronym>.  You can of course choose any other word list that you
    53 have at your disposal.</para>
     48<para>You will also need to download a wordlist for use with
     49<application>cracklib</application>. There are two wordlists to choose from at
     50the following location.  Use the <filename>cracklib</filename> word list for
     51good security, or opt for the <filename>allwords</filename> word list for
     52lightweight machines short on <acronym>RAM</acronym>. You can of course choose
     53any other word list that you have at your disposal.</para>
    5454
    55 <para>cracklib (&crackdict-size;): <ulink url="http://www.cotse.com/wordlists/cracklib"/></para>
    56 <para>allwords (&alldict-size;): <ulink url="http://www.cotse.com/wordlists/allwords"/></para>
     55<itemizedlist spacing='compact'>
     56<listitem><para>cracklib (&crackdict-size;): <ulink
     57url="http://www.cotse.com/wordlists/cracklib"/></para></listitem>
     58<listitem><para>allwords (&alldict-size;): <ulink
     59url="http://www.cotse.com/wordlists/allwords"/></para></listitem>
     60</itemizedlist>
    5761
    5862</sect3>
     
    6367<title>Installation of <application>cracklib</application></title>
    6468
    65 <para>First, we need to install the chosen word list for cracklib:</para>
     69<para>First, install the chosen word list for cracklib:</para>
    6670
    6771<screen><userinput><command>install -d -m755 /usr/share/dict &amp;&amp;
     
    7276<para>The wordlist is linked to <filename>/usr/share/dict/words</filename> as
    7377historically, <filename>words</filename> is the primary wordlist in the
    74 <filename class="directory">/usr/share/dict</filename> directory.  We also echo
    75 the value of hostname to a file called <filename>extra.words</filename>.  This
    76 extra file is intended to be a site specific list which includes easy to guess
    77 passwords such as company or department names, user's names, product
    78 names, computer names, domain names, etc.</para>
     78<filename class="directory">/usr/share/dict</filename> directory. Additionally,
     79the value of <command>hostname</command> is echoed to a file called
     80<filename>extra.words</filename>. This extra file is intended to be a site
     81specific list which includes easy to guess passwords such as company or
     82department names, user's names, product names, computer names, domain names,
     83etc.</para>
    7984
    80 <para>Now apply the BLFS patch:</para>
     85<para>Now apply the <acronym>BLFS</acronym> patch:</para>
    8186
    8287<screen><userinput><command>patch -Np1 -i ../cracklib,&cracklib-version;-blfs-1.patch</command></userinput></screen>
    8388
    84 <para>If necessary, apply the heimdal patch:</para>
     89<para>If necessary, apply the <application>Heimdal</application> patch:</para>
    8590
    8691<screen><userinput><command>cp -R cracklib cracklib_krb5 &amp;&amp;
    8792patch -Np1 -i ../cracklib,&cracklib-version;-heimdal-1.patch</command></userinput></screen>
    8893
    89 <para>Finally install the package:</para>
     94<para>Finally, install the package:</para>
    9095<screen><userinput><command>make install</command></userinput></screen>
    9196
     
    95100<title>Contents</title>
    96101
    97 <para>The <application>cracklib</application> package
    98 contains the <filename class="libraryfile">libcrack</filename>
    99 library.</para>
     102<para>The <application>cracklib</application> package contains the
     103<filename class="libraryfile">libcrack</filename> and optionally, the
     104<filename class="libraryfile">libcrack_krb5</filename> libraries.</para>
    100105
    101106</sect2>
     
    103108<sect2><title>Description</title>
    104109
    105 <sect3><title>libcrack library</title>
    106 <para>The <filename class="libraryfile">libcrack</filename> library
    107 provides a fast dictionary lookup method for strong password
    108 enforcement.</para></sect3>
     110<sect3><title>libcrack libraries</title>
     111<para>The <filename class="libraryfile">libcrack</filename> libraries provide
     112a fast dictionary lookup method for strong password enforcement.</para></sect3>
    109113
    110114</sect2>
  • postlfs/security/iptables.xml

    rf3e295d5 r2197589  
    77  <!ENTITY iptables-download-http "http://www.iptables.org/files/iptables-&iptables-version;.tar.bz2">
    88  <!ENTITY iptables-download-ftp  "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2">
    9   <!ENTITY iptables-size          "183 KB">
    10   <!ENTITY iptables-buildsize     "3.4 MB">
     9  <!ENTITY iptables-size          "157 KB">
     10  <!ENTITY iptables-buildsize     "4.4 MB">
    1111  <!ENTITY iptables-time          "0.13 SBU">
    1212]>
     
    3030<application>iptables</application>, you will need
    3131to configure the relevant options into your kernel.  This is discussed
    32 in the next part of this chapter - <xref linkend="postlfs-security-fw-kernel"/>.</para>
     32in the next part of this chapter &ndash;
     33<xref linkend="postlfs-security-fw-kernel"/>.</para>
    3334
    3435<para>If you intend to use <acronym>IP</acronym>v6 you might consider extending
    3536the kernel by running <command>make patch-o-matic</command> in the top-level
    36 directory of the sources of <application>iptables</application>.  If you are
     37source tree directory of <application>iptables</application>.  If you are
    3738going to do this, on a freshly untarred kernel, you need to run
    3839<command>yes "" | make config &amp;&amp; make dep</command> first because
     
    4748into <application>iptables</application> for the features recognized at
    4849compile-time.  Applying a kernel patch may result in errors, often because the
    49 hooks for the patches have changed or because the runme script doesn't
    50 recognize that a patch has already been incorporated.</para>
     50hooks for the patches have changed or because the <command>runme</command>
     51script doesn't recognize that a patch has already been incorporated.</para>
    5152
    5253<para>Note that for most people, patching the kernel is unnecessary.
     
    7172</sect2>
    7273
    73 
    7474<sect2>
    7575<title>Installation of <application>iptables</application></title>
    7676
    77 <para>Install <application>iptables</application> by running the following commands:</para>
     77<para>Install <application>iptables</application> by running the following
     78commands:</para>
    7879
    7980<screen><userinput><command>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin &amp;&amp;
     
    8283</sect2>
    8384
    84 
    8585<sect2>
    8686<title>Command explanations</title>
    8787
    88 <para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles and installs
    89 <application>iptables</application> libraries into <filename
    90 class="directory">/lib</filename>, binaries into <filename
    91 class="directory">/sbin</filename> and the remainder into the
     88<para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles
     89and installs <application>iptables</application> libraries into
     90<filename class="directory">/lib</filename>, binaries into
     91<filename class="directory">/sbin</filename> and the remainder into the
    9292<filename class="directory">/usr</filename> hierarchy instead of
    9393<filename class="directory">/usr/local</filename>. Firewalls are
    94 generally set during the boot process and <filename
    95 class="directory">/usr</filename> may not be mounted at that time.</para>
     94generally activated during the boot process and
     95<filename class="directory">/usr</filename> may not be mounted at that
     96time.</para>
    9697
    9798</sect2>
     
    100101<title>Contents</title>
    101102
    102 <para>The <application>iptables</application> package contains <command>iptables</command>,
    103 <command>iptables-restore</command>, <command>iptables-save</command>,
    104 <command>ip6tables</command> and some libraries.</para>
     103<para>The <application>iptables</application> package contains
     104<command>iptables</command>, <command>iptables-restore</command>,
     105<command>iptables-save</command>, <command>ip6tables</command>
     106and the <filename class='libraryfile'>libip*.so</filename> library
     107modules.</para>
    105108
    106109</sect2>
     
    122125<para>This is the same as <command>iptables</command> but for use with
    123126<acronym>IP</acronym>v6.  As of v1.2.5, it is not as complete as the standard
    124 <acronym>IP</acronym>v4 version, especially with regard to some of the modules.</para>
     127<acronym>IP</acronym>v4 version, especially with regard to some of the
     128modules.</para>
    125129</sect3>
    126130
    127 <sect3><title>libip*.so</title>
     131<sect3><title>libip*.so library modules</title>
    128132<para>These are various modules (implemented as dynamic libraries) which
    129133extend the core functionality of <command>iptables</command>.</para>
  • postlfs/security/linux_pam.xml

    rf3e295d5 r2197589  
    7575
    7676<para><command>autoconf</command>:  This is necessary because the patch
    77 changes where <acronym>PAM</acronym> looks for the cracklib libraries,
    78 requiring regeneration of the configure script.</para>
     77changes where <acronym>PAM</acronym> looks for the
     78<application>cracklib</application> libraries, requiring regeneration of the
     79configure script.</para>
    7980
    8081<para><option>--enable-static-libpam</option>: This switch builds
     
    99100
    100101<sect3><title>Config files</title>
    101 <para><filename>/etc/pam.d</filename> or <filename>/etc/pam.conf</filename>
     102<para><filename>/etc/pam.d/*</filename> or <filename>/etc/pam.conf</filename>
    102103</para></sect3>
    103104
    104105<sect3><title>Configuration Information</title>
    105106
    106 <para>Configuration information is placed in <filename>/etc/pam.d</filename> or
     107<para>Configuration information is placed in
     108<filename class='directory'>/etc/pam.d/</filename> or
    107109<filename>/etc/pam.conf</filename> depending on user preference.  Below are
    108110example files of each type:</para>
     
    145147
    146148<para>The <application>Linux-<acronym>PAM</acronym></application> package
    147 contains <command>unix-chkpwd</command> and <filename
    148 class="libraryfile">libpam</filename>
    149 libraries.</para>
     149contains <command>unix-chkpwd</command>,
     150<filename class="libraryfile">libpam</filename> libraries and
     151<acronym>PAM</acronym> modules.</para>
    150152
    151153</sect2>
     
    159161<sect3><title>libpam libraries</title>
    160162<para><filename class="libraryfile">libpam</filename> libraries provide the
    161 interfaces between applications and the modules included with
    162 <acronym>PAM</acronym>.</para></sect3>
     163interfaces between applications and the <acronym>PAM</acronym> modules.</para>
     164</sect3>
     165
     166<sect3><title><acronym>PAM</acronym> modules</title>
     167<para><acronym>PAM</acronym> modules are the Pluggable Authentication Modules
     168installed in <filename class='directory'>/lib/security/</filename>.</para>
     169</sect3>
    163170
    164171</sect2>
  • postlfs/security/shadow.xml

    rf3e295d5 r2197589  
    3232-->
    3333
    34 
    3534<sect2>
    3635<title>Introduction to <application>Shadow</application></title>
     
    5655</sect2>
    5756
    58 
    59 <sect2>
    60 <title>Installation of <application>shadow</application></title>
    61 
    62 <para>Reinstall shadow by running the following commands:</para>
     57<sect2>
     58<title>Installation of <application>Shadow</application></title>
     59
     60<para>Reinstall <application>Shadow</application> by running the following
     61commands:</para>
    6362
    6463<screen><userinput><command>patch -Np1 -i ../shadow-&shadow-version;-pam-1.patch &amp;&amp;
     
    7776</sect2>
    7877
    79 
    8078<sect2>
    8179<title>Command explanations</title>
    8280
    83 <para><parameter>--without-libcrack</parameter>: This switch tells shadow
    84 not to use libcrack. This is desired as
    85 <application>Linux-<acronym>PAM</acronym></application> already
    86 contains libcrack.</para>
     81<para><parameter>--without-libcrack</parameter>: This switch tells
     82<application>Shadow</application> not to use
     83<filename class='libraryfile'>libcrack</filename>. This is desired as
     84<application>Linux-<acronym>PAM</acronym></application> already contains
     85<filename class='libraryfile'>libcrack</filename>.</para>
    8786
    8887<!--  Leftover from older instructions????
     
    9392</sect2>
    9493
    95 
    96 <sect2>
    97 <title>Configuring <application><acronym>PAM</acronym></application> to work
    98 with <application>shadow</application></title>
     94<sect2>
     95<title>Configuring <application>Linux-<acronym>PAM</acronym></application> to work
     96with <application>Shadow</application></title>
    9997
    10098<sect3><title>Config files</title>
     
    102100<filename>/etc/pam.d/passwd</filename>,
    103101<filename>/etc/pam.d/su</filename>,
    104 <filename>/etc/pam.d/shadow</filename>, and
    105 <filename>/etc/pam.d/useradd</filename></para>
     102<filename>/etc/pam.d/shadow</filename>,
     103<filename>/etc/pam.d/useradd</filename>, and
     104<filename>/etc/pam.d/chage</filename> &ndash;
     105alternatively, <filename>/etc/pam.conf</filename></para>
    106106</sect3>
    107107
    108108<sect3><title>Configuration Information</title>
    109109
    110 <para>Add the following <application><acronym>PAM</acronym></application>
    111 configuration files to <filename class="directory">/etc/pam.d</filename> (or add them to
    112 <filename>/etc/pam.conf</filename> with the additional field for the program).
    113 </para>
     110<para>Add the following <application>Linux-<acronym>PAM</acronym></application>
     111configuration files to <filename class="directory">/etc/pam.d/</filename> (or
     112add them to <filename>/etc/pam.conf</filename> with the additional field for
     113the program).</para>
     114
    114115<screen><userinput><command>cat &gt; /etc/pam.d/login &lt;&lt; "EOF"</command>
    115116# Begin /etc/pam.d/login
     
    183184allow anyone with an account on the machine to use programs
    184185that do not specifically have a configuration file of their own. After
    185 testing <application><acronym>PAM</acronym></application> for proper
     186testing <application>Linux-<acronym>PAM</acronym></application> for proper
    186187configuration, it can be changed to the following:</para>
    187188
Note: See TracChangeset for help on using the changeset viewer.