Changeset 7edfe43
- Timestamp:
- 07/20/2014 12:00:10 AM (10 years ago)
- Branches:
- systemd-11177
- Children:
- bdbc765b
- Parents:
- f81638e
- Location:
- postlfs/security
- Files:
-
- 1 edited
- 5 moved
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/cyrus-sasl-systemd.xml
rf81638e r7edfe43 283 283 284 284 <sect3 id="cyrus-sasl-init"> 285 <title> Init Script</title>285 <title>Systemd Unit</title> 286 286 287 287 <para> 288 288 If you need to run the <command>saslauthd</command> daemon at system 289 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename> 290 init script included in the <xref linkend="bootscripts"/> 291 package using the following command: 289 startup, install the systemd unit included in the 290 <xref linkend="bootscripts"/> package using the following command: 292 291 </para> 293 292 … … 300 299 <note> 301 300 <para> 302 You'll need to modify /etc/sysconfig/saslauthd and replace the303 < option><replaceable>AUTHMECH</replaceable></option> parameter304 with your desired authentication mechanism.301 The default authentication method is "shadow". The 302 <filename>/etc/default/saslauthd</filename> 303 file needs to be modified for anything else. 305 304 </para> 306 305 </note> -
postlfs/security/mitkrb-systemd.xml
rf81638e r7edfe43 464 464 465 465 <sect3 id="mitkrb-init"> 466 <title> Init Script</title>466 <title>Systemd Units</title> 467 467 468 468 <para> 469 469 If you want to start <application>Kerberos</application> services 470 at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init 471 script included in the <xref linkend="bootscripts"/> package using 472 the following command: 470 at boot, install the systemd units included in the 471 <xref linkend="bootscripts"/> package using the following command: 473 472 </para> 474 473 -
postlfs/security/openssh-systemd.xml
rf81638e r7edfe43 302 302 303 303 <sect3 id="openssh-init"> 304 <title>Boot Script</title> 305 306 <para> 307 To start the SSH server at system boot, install the 308 <filename>/etc/rc.d/init.d/sshd</filename> init script included 309 in the <xref linkend="bootscripts"/> package. 310 </para> 304 <title>Systemd Units</title> 305 306 <para> 307 To start the SSH server at system boot, install the systemd 308 units included in the <xref linkend="bootscripts"/> package. 309 </para> 311 310 312 311 <indexterm zone="openssh openssh-init"> … … 315 314 316 315 <screen role="root"><userinput>make install-sshd</userinput></screen> 316 317 <note> 318 <para> 319 Note that this package comes with two types of units: A service file and a socket file. 320 The service file will start sshd daemon once at boot and it will keep running until the 321 system shuts down. The socket file will make systemd listen to sshd port (Default 22, needs 322 to be edited for anything else) and will start sshd daemon when something tries to connect 323 to that port and stop the daemon when the connection is terminated. This is 324 called socket activation. 325 326 By default, the first method is used - sshd daemon is started at boot and stopped at shutdown. 327 If the socket method is desired, you need to run as the 328 <systemitem class="username">root</systemitem> user: 329 330 <screen role="root"><userinput>systemctl stop sshd && 331 systemctl disable sshd && 332 systemctl enable sshd.socket && 333 systemctl start sshd.socket</userinput></screen> 334 </para> 335 </note> 336 317 337 </sect3> 318 338 </sect2> -
postlfs/security/polkit-systemd.xml
rf81638e r7edfe43 81 81 </para> 82 82 83 <bridgehead renderas="sect4">Recommended</bridgehead 84 <para role="recommended"> 85 <xref linkend="linux-pam"/> 86 </para> 87 88 <note> 89 <para> 90 Since <command>systemd-logind</command> uses PAM to register user 91 sessions, it is a good idea to build <application>Polkit</application> 92 with PAM support so <command>systemd-logind</command> can track 93 <application>Polkit</application> sessions. 94 </para> 95 </note> 96 83 97 <bridgehead renderas="sect4">Optional (Required if building GNOME)</bridgehead> 84 98 <para role="optional"> … … 90 104 <xref linkend="DocBook"/>, 91 105 <xref linkend="docbook-xsl"/>, 92 <xref linkend="gtk-doc"/>, 93 <xref linkend="libxslt"/> and 94 <xref linkend="linux-pam"/> 106 <xref linkend="gtk-doc"/>, and 107 <xref linkend="libxslt"/> 108 </para> 109 110 <bridgehead renderas="sect4">Required Runtime Dependencies</bridgehead> 111 <para role="required"> 112 <xref linkend="systemd"/> (for Logind) 95 113 </para> 96 114 … … 132 150 --sysconfdir=/etc \ 133 151 --localstatedir=/var \ 134 --disable-static \ 135 --enable-libsystemd-login=no \ 136 --with-authfw=shadow && 152 --disable-static && 137 153 make</userinput></screen> 138 154 … … 156 172 <title>Command Explanations</title> 157 173 158 <para>159 <parameter>--enable-libsystemd-login=no</parameter>: This parameter fixes160 building without <application>systemd</application>, which is not part161 of LFS/BLFS. If you use <application>systemd</application>,162 replace "no" by "yes".163 </para>164 165 <para>166 <parameter>--with-authfw=shadow</parameter>: This parameter configures the167 package to use the <application>Shadow</application> rather than the168 <application>Linux PAM</application> Authentication framework. Remove it169 if you would like to use <application>Linux PAM</application>.170 </para>171 172 174 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" 173 175 href="../../xincludes/static-libraries.xml"/> 176 177 <para> 178 <option>--with-authfw=shadow</option>: This switch enables the 179 package to use the <application>Shadow</application> rather than the 180 <application>Linux PAM</application> Authentication framework. Use it 181 if you have not installed <application>Linux PAM</application>. 182 </para> 174 183 175 184 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -
postlfs/security/security.xml
rf81638e r7edfe43 44 44 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cacerts.xml"/> 45 45 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/> 46 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl .xml"/>46 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl-systemd.xml"/> 47 47 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnupg2.xml"/> 48 48 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/> … … 53 53 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap.xml"/> 54 54 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="linux-pam.xml"/> 55 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb .xml"/>55 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb-systemd.xml"/> 56 56 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nettle.xml"/> 57 57 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nss.xml"/> 58 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh .xml"/>58 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh-systemd.xml"/> 59 59 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/> 60 60 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/> 61 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit .xml"/>61 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit-systemd.xml"/> 62 62 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/> 63 63 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/> 64 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel .xml"/>64 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel-systemd.xml"/> 65 65 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/> 66 66 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/> -
postlfs/security/stunnel-systemd.xml
rf81638e r7edfe43 114 114 </note> 115 115 116 <para> 117 Fix the bundled systemd unit so it does not use a deprecated dependency: 118 </para> 119 120 <screen><userinput>sed -i /syslog.target/d tools/stunnel.service</userinput></screen> 121 116 122 <para>Install <application>stunnel</application> by running the following 117 123 commands:</para> … … 127 133 128 134 <screen role="root"><userinput>make docdir=/usr/share/doc/stunnel-&stunnel-version; install</userinput></screen> 135 136 <para> 137 Install the systemd unit by running the following command as the 138 <systemitem class="username">root</systemitem> user: 139 </para> 140 141 <screen role="root"><userinput>install -v -m644 tools/stunnel.service /lib/systemd/system/stunnel.service</userinput></screen> 129 142 130 143 <para>To create the <filename>stunnel.pem</filename> in the … … 229 242 230 243 <sect3 id="stunnel-init"> 231 <title> Boot Script</title>244 <title>Systemd Unit</title> 232 245 233 246 <para>To automatically start the <command>stunnel</command> daemon 234 when the system is rebooted, install the235 <filename>/etc/rc.d/init.d/stunnel</filename> bootscript fromthe236 < xref linkend="bootscripts"/> package.</para>247 when the system is rebooted, enable the previously installed 248 systemd unit by running the following command as the 249 <systemitem class="username">root</systemitem> user:</para> 237 250 238 251 <indexterm zone="stunnel stunnel-init"> … … 240 253 </indexterm> 241 254 242 <screen role="root"><userinput> make install-stunnel</userinput></screen>255 <screen role="root"><userinput>systemctl enable stunnel</userinput></screen> 243 256 244 257 </sect3>
Note:
See TracChangeset
for help on using the changeset viewer.