Changeset 2197589
- Timestamp:
- 06/30/2004 09:20:29 PM (20 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- e40cb61
- Parents:
- f3e295d5
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
general.ent
rf3e295d5 r2197589 1 <!ENTITY day " 29">1 <!ENTITY day "30"> 2 2 <!ENTITY month "06"> 3 3 <!ENTITY year "2004"> … … 28 28 <!ENTITY Linux_PAM-version "0.77"> 29 29 <!ENTITY shadow-version "4.0.4.1"> 30 <!ENTITY iptables-version "1.2. 9">30 <!ENTITY iptables-version "1.2.11"> 31 31 <!ENTITY gnupg-version "1.2.4"> 32 32 <!ENTITY tripwire-version "2.3.1-2"> -
introduction/welcome/changelog.xml
rf3e295d5 r2197589 18 18 19 19 <itemizedlist> 20 21 <listitem><para>June 30th, 2004 [randy]: Updated to iptables-1.2.11; added 22 missing tags in various package instructions.</para></listitem> 20 23 21 24 <listitem><para>June 29th, 2004 [randy]: Added "Additional downloads" section -
postlfs/security/cracklib.xml
rf3e295d5 r2197589 18 18 <title>cracklib-&cracklib-version;</title> 19 19 20 21 20 <sect2> 22 21 <title>Introduction to <application>cracklib</application></title> 23 22 24 <para>The cracklib package contains a library used to enforce strong passwords 25 by comparing user selected passwords to words in a chosen wordlist.</para> 23 <para>The <application>cracklib</application> package contains a library used 24 to enforce strong passwords by comparing user selected passwords to words in a 25 chosen wordlist.</para> 26 26 27 27 <sect3><title>Package information</title> … … 46 46 </itemizedlist> 47 47 48 <para>You will also need to download a wordlist for use with cracklib. There49 are two wordlists to choose from at the following location. Use the 50 <filename>cracklib</filename> word list for good security, or opt for the 51 <filename>allwords</filename> word list for lightweight machines short on 52 <acronym>RAM</acronym>. You can of course choose any other word list that you 53 have at your disposal.</para>48 <para>You will also need to download a wordlist for use with 49 <application>cracklib</application>. There are two wordlists to choose from at 50 the following location. Use the <filename>cracklib</filename> word list for 51 good security, or opt for the <filename>allwords</filename> word list for 52 lightweight machines short on <acronym>RAM</acronym>. You can of course choose 53 any other word list that you have at your disposal.</para> 54 54 55 <para>cracklib (&crackdict-size;): <ulink url="http://www.cotse.com/wordlists/cracklib"/></para> 56 <para>allwords (&alldict-size;): <ulink url="http://www.cotse.com/wordlists/allwords"/></para> 55 <itemizedlist spacing='compact'> 56 <listitem><para>cracklib (&crackdict-size;): <ulink 57 url="http://www.cotse.com/wordlists/cracklib"/></para></listitem> 58 <listitem><para>allwords (&alldict-size;): <ulink 59 url="http://www.cotse.com/wordlists/allwords"/></para></listitem> 60 </itemizedlist> 57 61 58 62 </sect3> … … 63 67 <title>Installation of <application>cracklib</application></title> 64 68 65 <para>First, we need toinstall the chosen word list for cracklib:</para>69 <para>First, install the chosen word list for cracklib:</para> 66 70 67 71 <screen><userinput><command>install -d -m755 /usr/share/dict && … … 72 76 <para>The wordlist is linked to <filename>/usr/share/dict/words</filename> as 73 77 historically, <filename>words</filename> is the primary wordlist in the 74 <filename class="directory">/usr/share/dict</filename> directory. We also echo 75 the value of hostname to a file called <filename>extra.words</filename>. This 76 extra file is intended to be a site specific list which includes easy to guess 77 passwords such as company or department names, user's names, product 78 names, computer names, domain names, etc.</para> 78 <filename class="directory">/usr/share/dict</filename> directory. Additionally, 79 the value of <command>hostname</command> is echoed to a file called 80 <filename>extra.words</filename>. This extra file is intended to be a site 81 specific list which includes easy to guess passwords such as company or 82 department names, user's names, product names, computer names, domain names, 83 etc.</para> 79 84 80 <para>Now apply the BLFSpatch:</para>85 <para>Now apply the <acronym>BLFS</acronym> patch:</para> 81 86 82 87 <screen><userinput><command>patch -Np1 -i ../cracklib,&cracklib-version;-blfs-1.patch</command></userinput></screen> 83 88 84 <para>If necessary, apply the heimdalpatch:</para>89 <para>If necessary, apply the <application>Heimdal</application> patch:</para> 85 90 86 91 <screen><userinput><command>cp -R cracklib cracklib_krb5 && 87 92 patch -Np1 -i ../cracklib,&cracklib-version;-heimdal-1.patch</command></userinput></screen> 88 93 89 <para>Finally install the package:</para>94 <para>Finally, install the package:</para> 90 95 <screen><userinput><command>make install</command></userinput></screen> 91 96 … … 95 100 <title>Contents</title> 96 101 97 <para>The <application>cracklib</application> package 98 contains the <filename class="libraryfile">libcrack</filename>99 library.</para>102 <para>The <application>cracklib</application> package contains the 103 <filename class="libraryfile">libcrack</filename> and optionally, the 104 <filename class="libraryfile">libcrack_krb5</filename> libraries.</para> 100 105 101 106 </sect2> … … 103 108 <sect2><title>Description</title> 104 109 105 <sect3><title>libcrack library</title> 106 <para>The <filename class="libraryfile">libcrack</filename> library 107 provides a fast dictionary lookup method for strong password 108 enforcement.</para></sect3> 110 <sect3><title>libcrack libraries</title> 111 <para>The <filename class="libraryfile">libcrack</filename> libraries provide 112 a fast dictionary lookup method for strong password enforcement.</para></sect3> 109 113 110 114 </sect2> -
postlfs/security/iptables.xml
rf3e295d5 r2197589 7 7 <!ENTITY iptables-download-http "http://www.iptables.org/files/iptables-&iptables-version;.tar.bz2"> 8 8 <!ENTITY iptables-download-ftp "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2"> 9 <!ENTITY iptables-size "1 83KB">10 <!ENTITY iptables-buildsize " 3.4 MB">9 <!ENTITY iptables-size "157 KB"> 10 <!ENTITY iptables-buildsize "4.4 MB"> 11 11 <!ENTITY iptables-time "0.13 SBU"> 12 12 ]> … … 30 30 <application>iptables</application>, you will need 31 31 to configure the relevant options into your kernel. This is discussed 32 in the next part of this chapter - <xref linkend="postlfs-security-fw-kernel"/>.</para> 32 in the next part of this chapter – 33 <xref linkend="postlfs-security-fw-kernel"/>.</para> 33 34 34 35 <para>If you intend to use <acronym>IP</acronym>v6 you might consider extending 35 36 the kernel by running <command>make patch-o-matic</command> in the top-level 36 directory of the sourcesof <application>iptables</application>. If you are37 source tree directory of <application>iptables</application>. If you are 37 38 going to do this, on a freshly untarred kernel, you need to run 38 39 <command>yes "" | make config && make dep</command> first because … … 47 48 into <application>iptables</application> for the features recognized at 48 49 compile-time. Applying a kernel patch may result in errors, often because the 49 hooks for the patches have changed or because the runme script doesn't50 recognize that a patch has already been incorporated.</para>50 hooks for the patches have changed or because the <command>runme</command> 51 script doesn't recognize that a patch has already been incorporated.</para> 51 52 52 53 <para>Note that for most people, patching the kernel is unnecessary. … … 71 72 </sect2> 72 73 73 74 74 <sect2> 75 75 <title>Installation of <application>iptables</application></title> 76 76 77 <para>Install <application>iptables</application> by running the following commands:</para> 77 <para>Install <application>iptables</application> by running the following 78 commands:</para> 78 79 79 80 <screen><userinput><command>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin && … … 82 83 </sect2> 83 84 84 85 85 <sect2> 86 86 <title>Command explanations</title> 87 87 88 <para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles and installs89 <application>iptables</application> libraries into <filename 90 class="directory">/lib</filename>, binaries into <filename 91 class="directory">/sbin</filename> and the remainder into the88 <para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles 89 and installs <application>iptables</application> libraries into 90 <filename class="directory">/lib</filename>, binaries into 91 <filename class="directory">/sbin</filename> and the remainder into the 92 92 <filename class="directory">/usr</filename> hierarchy instead of 93 93 <filename class="directory">/usr/local</filename>. Firewalls are 94 generally set during the boot process and <filename 95 class="directory">/usr</filename> may not be mounted at that time.</para> 94 generally activated during the boot process and 95 <filename class="directory">/usr</filename> may not be mounted at that 96 time.</para> 96 97 97 98 </sect2> … … 100 101 <title>Contents</title> 101 102 102 <para>The <application>iptables</application> package contains <command>iptables</command>, 103 <command>iptables-restore</command>, <command>iptables-save</command>, 104 <command>ip6tables</command> and some libraries.</para> 103 <para>The <application>iptables</application> package contains 104 <command>iptables</command>, <command>iptables-restore</command>, 105 <command>iptables-save</command>, <command>ip6tables</command> 106 and the <filename class='libraryfile'>libip*.so</filename> library 107 modules.</para> 105 108 106 109 </sect2> … … 122 125 <para>This is the same as <command>iptables</command> but for use with 123 126 <acronym>IP</acronym>v6. As of v1.2.5, it is not as complete as the standard 124 <acronym>IP</acronym>v4 version, especially with regard to some of the modules.</para> 127 <acronym>IP</acronym>v4 version, especially with regard to some of the 128 modules.</para> 125 129 </sect3> 126 130 127 <sect3><title>libip*.so </title>131 <sect3><title>libip*.so library modules</title> 128 132 <para>These are various modules (implemented as dynamic libraries) which 129 133 extend the core functionality of <command>iptables</command>.</para> -
postlfs/security/linux_pam.xml
rf3e295d5 r2197589 75 75 76 76 <para><command>autoconf</command>: This is necessary because the patch 77 changes where <acronym>PAM</acronym> looks for the cracklib libraries, 78 requiring regeneration of the configure script.</para> 77 changes where <acronym>PAM</acronym> looks for the 78 <application>cracklib</application> libraries, requiring regeneration of the 79 configure script.</para> 79 80 80 81 <para><option>--enable-static-libpam</option>: This switch builds … … 99 100 100 101 <sect3><title>Config files</title> 101 <para><filename>/etc/pam.d </filename> or <filename>/etc/pam.conf</filename>102 <para><filename>/etc/pam.d/*</filename> or <filename>/etc/pam.conf</filename> 102 103 </para></sect3> 103 104 104 105 <sect3><title>Configuration Information</title> 105 106 106 <para>Configuration information is placed in <filename>/etc/pam.d</filename> or 107 <para>Configuration information is placed in 108 <filename class='directory'>/etc/pam.d/</filename> or 107 109 <filename>/etc/pam.conf</filename> depending on user preference. Below are 108 110 example files of each type:</para> … … 145 147 146 148 <para>The <application>Linux-<acronym>PAM</acronym></application> package 147 contains <command>unix-chkpwd</command> and <filename148 class="libraryfile">libpam</filename>149 libraries.</para>149 contains <command>unix-chkpwd</command>, 150 <filename class="libraryfile">libpam</filename> libraries and 151 <acronym>PAM</acronym> modules.</para> 150 152 151 153 </sect2> … … 159 161 <sect3><title>libpam libraries</title> 160 162 <para><filename class="libraryfile">libpam</filename> libraries provide the 161 interfaces between applications and the modules included with 162 <acronym>PAM</acronym>.</para></sect3> 163 interfaces between applications and the <acronym>PAM</acronym> modules.</para> 164 </sect3> 165 166 <sect3><title><acronym>PAM</acronym> modules</title> 167 <para><acronym>PAM</acronym> modules are the Pluggable Authentication Modules 168 installed in <filename class='directory'>/lib/security/</filename>.</para> 169 </sect3> 163 170 164 171 </sect2> -
postlfs/security/shadow.xml
rf3e295d5 r2197589 32 32 --> 33 33 34 35 34 <sect2> 36 35 <title>Introduction to <application>Shadow</application></title> … … 56 55 </sect2> 57 56 58 59 < sect2>60 <title>Installation of <application>shadow</application></title> 61 62 <para>Reinstall shadow by running the followingcommands:</para>57 <sect2> 58 <title>Installation of <application>Shadow</application></title> 59 60 <para>Reinstall <application>Shadow</application> by running the following 61 commands:</para> 63 62 64 63 <screen><userinput><command>patch -Np1 -i ../shadow-&shadow-version;-pam-1.patch && … … 77 76 </sect2> 78 77 79 80 78 <sect2> 81 79 <title>Command explanations</title> 82 80 83 <para><parameter>--without-libcrack</parameter>: This switch tells shadow 84 not to use libcrack. This is desired as 85 <application>Linux-<acronym>PAM</acronym></application> already 86 contains libcrack.</para> 81 <para><parameter>--without-libcrack</parameter>: This switch tells 82 <application>Shadow</application> not to use 83 <filename class='libraryfile'>libcrack</filename>. This is desired as 84 <application>Linux-<acronym>PAM</acronym></application> already contains 85 <filename class='libraryfile'>libcrack</filename>.</para> 87 86 88 87 <!-- Leftover from older instructions???? … … 93 92 </sect2> 94 93 95 96 <sect2> 97 <title>Configuring <application><acronym>PAM</acronym></application> to work 98 with <application>shadow</application></title> 94 <sect2> 95 <title>Configuring <application>Linux-<acronym>PAM</acronym></application> to work 96 with <application>Shadow</application></title> 99 97 100 98 <sect3><title>Config files</title> … … 102 100 <filename>/etc/pam.d/passwd</filename>, 103 101 <filename>/etc/pam.d/su</filename>, 104 <filename>/etc/pam.d/shadow</filename>, and 105 <filename>/etc/pam.d/useradd</filename></para> 102 <filename>/etc/pam.d/shadow</filename>, 103 <filename>/etc/pam.d/useradd</filename>, and 104 <filename>/etc/pam.d/chage</filename> – 105 alternatively, <filename>/etc/pam.conf</filename></para> 106 106 </sect3> 107 107 108 108 <sect3><title>Configuration Information</title> 109 109 110 <para>Add the following <application><acronym>PAM</acronym></application> 111 configuration files to <filename class="directory">/etc/pam.d</filename> (or add them to 112 <filename>/etc/pam.conf</filename> with the additional field for the program). 113 </para> 110 <para>Add the following <application>Linux-<acronym>PAM</acronym></application> 111 configuration files to <filename class="directory">/etc/pam.d/</filename> (or 112 add them to <filename>/etc/pam.conf</filename> with the additional field for 113 the program).</para> 114 114 115 <screen><userinput><command>cat > /etc/pam.d/login << "EOF"</command> 115 116 # Begin /etc/pam.d/login … … 183 184 allow anyone with an account on the machine to use programs 184 185 that do not specifically have a configuration file of their own. After 185 testing <application> <acronym>PAM</acronym></application> for proper186 testing <application>Linux-<acronym>PAM</acronym></application> for proper 186 187 configuration, it can be changed to the following:</para> 187 188
Note:
See TracChangeset
for help on using the changeset viewer.