- Timestamp:
- 10/04/2003 02:23:39 PM (21 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, v5_0, v5_0-pre1, v5_1, v5_1-pre1, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- c2ee009c
- Parents:
- 5fd03d2
- Location:
- postlfs
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/config/bootdisk.xml
r5fd03d2 r5e18c49c 14 14 15 15 <para>Heeding the warning, the rescue disk created here has no 16 dependency on the host system's resources, other than basic boot -ability16 dependency on the host system's resources, other than basic bootability 17 17 and hardware soundness. At a minimum, the most common sorts of failures 18 18 requiring a rescue boot disk should be addressed by the contents of the … … 74 74 compiled with same compiler used to make the kernel.</para> 75 75 76 <para>The rescue -image must include support for the file system of your76 <para>The rescue image must include support for the file system of your 77 77 choice (we presume ext2/3 here), ramdisk and initial ramdisk (initrd). 78 78 Disable everything that you can in the kernel configuration. You should -
postlfs/config/config.xml
r5fd03d2 r5e18c49c 13 13 these files can be found in the <filename>/etc</filename> hierarchy. 14 14 There are often graphical configuration programs available for different 15 subsystems but most are simply pretty front ends to the process15 subsystems but most are simply pretty front ends to the process 16 16 of editing the file. The advantage of text-only configuration is that 17 17 you can edit parameters using your favorite text editor, whether that -
postlfs/editors/emacs/emacs-desc.xml
r5fd03d2 r5e18c49c 41 41 42 42 <sect3><title>grep-changelog</title> 43 <para><command>grep-changelog</command> prints entries in Change Logs matching various44 criteria.</para></sect3>43 <para><command>grep-changelog</command> prints entries in Change Logs matching 44 various criteria.</para></sect3> 45 45 46 46 <sect3><title>rcs-checkin</title> -
postlfs/security/firewalling/busybox.xml
r5fd03d2 r5e18c49c 6 6 Examples of this can be when you want to admin your box from another host 7 7 on your intranet or use it as a proxy or a name server. Note: Outlining a true 8 concept howto protect a server that offers services on the internet8 concept of how to protect a server that offers services on the Internet 9 9 goes far beyond the scope of this document, 10 10 see <xref linkend="postlfs-security-fw-disclaimer"/>.</para> … … 16 16 <xref linkend="postlfs-security-fw-masqRouter"/> for some more details.</para> 17 17 18 <para>If the services you'd like to offer do not need to access the internet18 <para>If the services you'd like to offer do not need to access the Internet 19 19 themselves, like internal-only samba- or name-servers, it's quite 20 20 simple and should still be acceptable from a security standpoint. -
postlfs/security/firewalling/intro.xml
r5fd03d2 r5e18c49c 1 1 <sect2 id="postlfs-security-fw-intro" xreflabel="Firewalling Introduction"> 2 <title>Introduction to Firewall ing</title>2 <title>Introduction to Firewall Creation</title> 3 3 4 4 <para>The general purpose of a firewall is to protect a network … … 16 16 may wish to choose which services are accessible by certain machines, 17 17 you may wish to limit which machines or applications are allowed 18 to have internet access, or you may simply not trust some of your18 to have Internet access, or you may simply not trust some of your 19 19 apps or users. 20 20 In these situations you might benefit by using a firewall.</para> … … 39 39 <para>This is a setup or program, for Windows commercially sold by 40 40 companies such as Symantec, of which they claim or pretend that it 41 secures a home or desktop-pc with internet access. This topic is41 secures a home or desktop-pc with Internet access. This topic is 42 42 highly relevant for users who do not know the ways their computers 43 might be accessed via the internet and how to disable these,43 might be accessed via the Internet and how to disable these, 44 44 especially if they are always online and if they are connected via 45 45 broadband links.</para></sect3> 46 46 47 47 <sect3><title><xref linkend="postlfs-security-fw-masqRouter"/></title> 48 <para>This is a box placed between the internet and an intranet.48 <para>This is a box placed between the Internet and an intranet. 49 49 To minimize the risk of compromising the firewall itself it 50 50 should generally have only one role, that of protecting the intranet. … … 52 52 and eventually IP masquerading (rewriting IP-headers 53 53 of the packets it routes from clients with private IP-addresses onto 54 the internet so that they seem to come from the firewall54 the Internet so that they seem to come from the firewall 55 55 itself) are commonly considered harmless.</para></sect3> 56 56 -
postlfs/security/firewalling/masqrouter.xml
r5fd03d2 r5e18c49c 4 4 <para>A true Firewall has two interfaces, one connected to an intranet, 5 5 in this example, <emphasis role="strong">eth0</emphasis>, and one 6 connected to the internet, here, <emphasis role="strong">ppp0</emphasis>.6 connected to the Internet, here, <emphasis role="strong">ppp0</emphasis>. 7 7 To provide the maximum security against the box itself being broken into, 8 8 make sure that there are no servers running on it, especially not … … 92 92 <replaceable>ppp+</replaceable> to the name of the interface which you are 93 93 using. If you are using the same interface type to connect to both your 94 intranet and the internet, you need to use the actual name of the94 intranet and the Internet, you need to use the actual name of the 95 95 interface such as <emphasis role="strong">eth0</emphasis>, 96 96 on both interfaces.</para> -
postlfs/security/firewalling/persfw.xml
r5fd03d2 r5e18c49c 3 3 4 4 <para>A Personal Firewall is supposed to let you access the all services 5 offered on the internet, but keep your box secure and your data private.</para>5 offered on the Internet, but keep your box secure and your data private.</para> 6 6 7 7 <para>Below is a slightly modified version of Rusty Russell's … … 51 51 <para>His script is quite simple, it drops all traffic coming in into your 52 52 computer that wasn't initiated from your box, but as long as you are simply 53 surfing the internet you are unlikely to exceed its limits.</para>53 surfing the Internet you are unlikely to exceed its limits.</para> 54 54 55 55 <para>If you frequently encounter certain delays at accessing ftp-servers, -
postlfs/security/security.xml
r5fd03d2 r5e18c49c 16 16 <para>Prevention of breaches, like a trojan, are assisted by applications like 17 17 <application>GnuPG</application>, specifically the ability to confirm signed 18 packages, which prevents modification of the tarball after the packager creates19 it.</para>18 packages, which prevents modification of the <acronym>TAR</acronym> ball after 19 the packager creates it.</para> 20 20 21 21 <para> Finally, we touch on detection with a package that stores "signatures"
Note:
See TracChangeset
for help on using the changeset viewer.