Changeset 47274444 for postlfs/security/security.xml
- Timestamp:
- 03/24/2020 07:19:44 PM (4 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- fa3edfef
- Parents:
- 914049f6
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/security.xml
r914049f6 r47274444 16 16 <title>Security</title> 17 17 18 <para>Security takes many forms in a computing environment. After some 19 initial discussion, this chapter 20 gives examples of three different types of security: access, prevention 21 and detection.</para> 18 <para> 19 Security takes many forms in a computing environment. After some 20 initial discussion, this chapter 21 gives examples of three different types of security: access, prevention 22 and detection. 23 </para> 22 24 23 <para>Access for users is usually handled by <command>login</command> or an 24 application designed to handle the login function. In this chapter, we show 25 how to enhance <command>login</command> by setting policies with 26 <application>PAM</application> modules. Access via networks 27 can also be secured by policies set by <application>iptables</application>, 28 commonly referred to as a firewall. The Network Security Services (NSS) and 29 Netscape Portable Runtime (NSPR) libraries can be installed and shared among 30 the many applications requiring them. For applications that don't offer the 31 best security, you can use the <application>Stunnel</application> package to 32 wrap an application daemon inside an SSL tunnel.</para> 25 <para> 26 Access for users is usually handled by <command>login</command> or an 27 application designed to handle the login function. In this chapter, we show 28 how to enhance <command>login</command> by setting policies with 29 <application>PAM</application> modules. Access via networks can also be 30 secured by policies set by <application>iptables</application>, commonly 31 referred to as a firewall. The Network Security Services (NSS) and 32 Netscape Portable Runtime (NSPR) libraries can be installed and shared 33 among the many applications requiring them. For applications that don't 34 offer the best security, you can use the 35 <application>Stunnel</application> package to wrap an application daemon 36 inside an SSL tunnel. 37 </para> 33 38 34 <para>Prevention of breaches, like a trojan, are assisted by applications like 35 <application>GnuPG</application>, specifically the ability to confirm signed 36 packages, which recognizes modifications of the tarball 37 after the packager creates it.</para> 39 <para> 40 Prevention of breaches, like a trojan, are assisted by applications like 41 <application>GnuPG</application>, specifically the ability to confirm 42 signed packages, which recognizes modifications of the tarball 43 after the packager creates it. 44 </para> 38 45 39 <para> Finally, we touch on detection with a package that stores "signatures" 40 of critical files (defined by the administrator) and then regenerates those 41 "signatures" and compares for files that have been changed.</para> 46 <para> 47 Finally, we touch on detection with a package that stores "signatures" 48 of critical files (defined by the administrator) and then regenerates those 49 "signatures" and compares for files that have been changed. 50 </para> 42 51 43 52 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/>
Note:
See TracChangeset
for help on using the changeset viewer.