Changeset 3df86b66 for postlfs/security
- Timestamp:
- 09/30/2003 07:21:06 PM (21 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, v5_0, v5_0-pre1, v5_1, v5_1-pre1, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 2df36e4
- Parents:
- b028890
- Location:
- postlfs/security
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/firewalling/masqrouter.xml
rb028890 r3df86b66 3 3 4 4 <para>A true Firewall has two interfaces, one connected to an intranet, 5 in this example, eth0, and one connected to the internet, here, ppp0. 5 in this example, <emphasis role="strong">eth0</emphasis>, and one 6 connected to the internet, here, <emphasis role="strong">ppp0</emphasis>. 6 7 To provide the maximum security against the box itself being broken into, 7 make sure that there are no servers running on it, especially not X11 et 8 make sure that there are no servers running on it, especially not 9 <application>X11</application> et 8 10 al. And, as a general principle, the box itself should not access any untrusted 9 11 service (Think of a name server giving answers that make your … … 88 90 <para>Note: if the interface you're connecting to the Internet 89 91 doesn't connect via ppp, you will need to change 90 < userinput>ppp+</userinput> to the name of the interface which you are92 <replaceable>ppp+</replaceable> to the name of the interface which you are 91 93 using. If you are using the same interface type to connect to both your 92 94 intranet and the internet, you need to use the actual name of the 93 interface such as <emphasis >eth<userinput>0</userinput></emphasis>,95 interface such as <emphasis role="strong">eth0</emphasis>, 94 96 on both interfaces.</para> 95 97 -
postlfs/security/gnupg/gnupg-exp.xml
rb028890 r3df86b66 2 2 <title>Command explanations</title> 3 3 4 <para>< command>--libexecdir=/usr/sbin</command>: This command4 <para><option>--libexecdir=/usr/sbin</option>: This command 5 5 creates a <filename>gnupg</filename> directory in <filename>/usr/sbin</filename> instead of 6 6 <filename>/usr/libexec</filename>.</para> -
postlfs/security/iptables/iptables-exp.xml
rb028890 r3df86b66 2 2 <title>Command explanations</title> 3 3 4 <para>< command>PREFIX=/usr</command>: Compiles and installs4 <para><parameter>PREFIX=/usr</parameter>: Compiles and installs 5 5 <application>iptables</application> into the 6 6 <filename class="directory">/usr</filename> hierarchy instead of -
postlfs/security/pam/linux_pam-exp.xml
rb028890 r3df86b66 2 2 <title>Command explanations</title> 3 3 4 <para>< command>--enable-static-libpam</command>: This switch builds4 <para><option>--enable-static-libpam</option>: This switch builds 5 5 static <acronym>PAM</acronym> libraries as well as the dynamic libraries.</para> 6 6 7 <para>< command>--with-mailspool=/var/mail</command>: This switch makes7 <para><option>--with-mailspool=/var/mail</option>: This switch makes 8 8 the mailspool directory <acronym>FHS</acronym> compliant.</para> 9 9 10 <para>< command>--enable-read-both-confs</command>: This switch lets the local administrator choose which configuration file setup to use.</para>10 <para><option>--enable-read-both-confs</option>: This switch lets the local administrator choose which configuration file setup to use.</para> 11 11 12 12 <para><command>mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a 13 /usr/lib</command> 13 /usr/lib</command>: This command moves the static libraries to 14 14 <filename>/usr/lib</filename> to comply with <acronym>FHS</acronym>.</para> 15 15 -
postlfs/security/shadow/shadow-exp.xml
rb028890 r3df86b66 2 2 <title>Command explanations</title> 3 3 4 <para><command>cp debian/securetty /etc/securetty</command> 4 <para><command>cp debian/securetty /etc/securetty</command>: This 5 5 command sets the tty's that allow logins through <acronym>PAM</acronym>.</para> 6 6 -
postlfs/security/tripwire/tripwire-config.xml
rb028890 r3df86b66 38 38 tripwire -m i</command></userinput></screen> 39 39 40 <para>During configuration tripwire will create 2keys: a site key and40 <para>During configuration tripwire will create two (2) keys: a site key and 41 41 a local key which will be stored in <filename class="directory">/etc/tripwire/ 42 42 </filename>.</para> -
postlfs/security/tripwire/tripwire-exp.xml
rb028890 r3df86b66 2 2 <title>Command explanations</title> 3 3 4 <para><command>ln -s make /usr/bin/gmake</command> 4 <para><command>ln -s make /usr/bin/gmake</command>: The reason we create the 5 5 <command>gmake</command> symlink is that <application>Tripwire</application> 6 6 will only install if the symlink is present. It may be safely removed after 7 7 installation.</para> 8 8 9 <para><command>gmake release</command> 9 <para><command>gmake release</command>: This command creates the 10 10 <application>Tripwire</application> binaries.</para> 11 11 12 <para><command>cp install.{sh,cfg} .</command> 12 <para><command>cp install.{sh,cfg} .</command>: These are copied to the main 13 13 <application>Tripwire</application> directory so that the script can be used to 14 14 install the package.</para> 15 15 16 <para><command>cp policy/*.txt /usr/share/doc/tripwire</command> 16 <para><command>cp policy/*.txt /usr/share/doc/tripwire</command>: This command 17 17 installs the documentation.</para> 18 18
Note:
See TracChangeset
for help on using the changeset viewer.