Changeset 2dbd7a5f
- Timestamp:
- 05/14/2005 03:23:17 PM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 12.2, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gimp3, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/for-12.3, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/spidermonkey128, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 322f172
- Parents:
- 5a5bbbf
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/security.xml
r5a5bbbf r2dbd7a5f 7 7 8 8 <chapter id="postlfs-security"> 9 <?dbhtml filename="security.html"?> 10 <title>Security</title> 9 <?dbhtml filename="security.html"?> 11 10 12 <para>Security takes many forms in a computing environment. This chapter 13 gives examples of three different types of security: access, prevention 14 and detection.</para> 11 <title>Security</title> 15 12 16 <para>Access for users is usually handled by <command>login</command> or an 17 application designed to handle the login function. In this chapter, we show 18 how to enhance <command>login</command> by setting policies with 19 <application><acronym>PAM</acronym></application> modules. Access via networks 20 can also be secured by policies set by <application>iptables</application>, 21 commonly referred to as a firewall. For applications that don't offer the 22 best security, you can use the <application>Stunnel</application> package to 23 wrap an application daemon inside an <acronym>SSL</acronym> tunnel.</para> 13 <para>Security takes many forms in a computing environment. This chapter 14 gives examples of three different types of security: access, prevention 15 and detection.</para> 24 16 25 <para>Prevention of breaches, like a trojan, are assisted by applications like 26 <application>GnuPG</application>, specifically the ability to confirm signed 27 packages, which recognizes modifications of the <acronym>TAR</acronym> ball 28 after the packager creates it.</para> 17 <para>Access for users is usually handled by <command>login</command> or an 18 application designed to handle the login function. In this chapter, we show 19 how to enhance <command>login</command> by setting policies with 20 <application>PAM</application> modules. Access via networks 21 can also be secured by policies set by <application>iptables</application>, 22 commonly referred to as a firewall. For applications that don't offer the 23 best security, you can use the <application>Stunnel</application> package to 24 wrap an application daemon inside an SSL tunnel.</para> 29 25 30 <para> Finally, we touch on detection with a package that stores "signatures" 31 of critical files (defined by the administrator) and then regenerates those 32 "signatures" and compares for files that have been changed.</para> 26 <para>Prevention of breaches, like a trojan, are assisted by applications like 27 <application>GnuPG</application>, specifically the ability to confirm signed 28 packages, which recognizes modifications of the TAR ball 29 after the packager creates it.</para> 33 30 34 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssl.xml"/> 35 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cracklib.xml"/> 36 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="linux_pam.xml"/> 37 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="shadow.xml"/> 38 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="iptables.xml"/> 39 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="firewalling.xml"/> 40 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="gnupg.xml"/> 41 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="tripwire.xml"/> 42 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="heimdal.xml"/> 43 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="mitkrb.xml"/> 44 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cyrus-sasl.xml"/> 45 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="stunnel.xml"/> 31 <para> Finally, we touch on detection with a package that stores "signatures" 32 of critical files (defined by the administrator) and then regenerates those 33 "signatures" and compares for files that have been changed.</para> 34 35 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssl.xml"/> 36 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cracklib.xml"/> 37 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="linux_pam.xml"/> 38 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="shadow.xml"/> 39 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="iptables.xml"/> 40 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="firewalling.xml"/> 41 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="gnupg.xml"/> 42 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="tripwire.xml"/> 43 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="heimdal.xml"/> 44 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="mitkrb.xml"/> 45 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cyrus-sasl.xml"/> 46 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="stunnel.xml"/> 46 47 47 48 </chapter>
Note:
See TracChangeset
for help on using the changeset viewer.