Changeset 8f44fa03


Ignore:
Timestamp:
09/13/2003 03:01:40 PM (19 years ago)
Author:
Larry Lawrence <larry@…>
Branches:
10.0, 10.1, 11.0, 11.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, krejzi/svn, lazarus, nosym, perl-modules, qt5new, systemd-11177, systemd-13485, trunk, upgradedb, v5_0, v5_0-pre1, v5_1, v5_1-pre1, xry111/intltool, xry111/test-20220226
Children:
30f1425
Parents:
781e273
Message:

tripwire and pam edits

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1056 af4574ff-66df-0310-9fd7-8a98e5e911e0

Location:
postlfs/security
Files:
10 edited

Legend:

Unmodified
Added
Removed
  • postlfs/security/pam/linux_pam-config.xml

    r781e273 r8f44fa03  
    11<sect2>
    2 <title>Configuring <application>Linux_PAM</application></title>
     2<title>Configuring <application>Linux_<acronym>PAM</acronym></application>
     3</title>
    34
    45<sect3><title>Config files</title>
    5 <para><filename>/etc/pam.d</filename> or <filename>/etc/pam.conf</filename></para>
    6 </sect3>
     6<para><filename>/etc/pam.d</filename> or <filename>/etc/pam.conf</filename>
     7</para></sect3>
    78
    89<sect3><title>Configuration Information</title>
    910
    10 <para>Configuration information is placed in
    11 <filename>/etc/pam.d</filename> or <filename>/etc/pam.conf</filename>
    12 depending on the application that is using <acronym>PAM</acronym>. Below are example files of
    13 each type:
    14 </para>
     11<para>Configuration information is placed in <filename>/etc/pam.d</filename> or
     12<filename>/etc/pam.conf</filename> depending on the application that is using
     13<application><acronym>PAM</acronym></application>. Below are example files of
     14each type:</para>
    1515
    1616<screen># Begin /etc/pam.d/other
     
    3232# End /etc/pam.conf</screen>
    3333
    34 <para>The pam man page provides a good starting point for descriptions of
    35 fields and allowable entries.  The <ulink
    36 url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html">Linux-PAM
    37 guide for system administrators</ulink> and two PAM hints located at <ulink url="http://hints.linuxfromscratch.org"/> are also available for further reading.</para>
    38 
     34<para>The <application><acronym>pam</acronym></application> man page provides a
     35good starting point for descriptions of fields and allowable entries.  The
     36<ulink url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html">
     37Linux-PAM guide for system administrators</ulink> and two
     38<application><acronym>PAM</acronym></application> hints located at
     39<ulink url="&hints-root;"/> are also available for further reading.</para>
    3940</sect3>
    4041
  • postlfs/security/pam/linux_pam-desc.xml

    r781e273 r8f44fa03  
    22<title>Contents</title>
    33
    4 <para>The <application>Linux_PAM</application> package contains
    5 <command>unix-chkpwd</command>
    6 and <filename>libpam</filename> libraries.</para>
     4<para>The <application>Linux_<acronym>PAM</acronym></application> package
     5contains <command>unix-chkpwd</command> and <filename>libpam</filename>
     6libraries.</para>
    77
    88</sect2>
     
    1414
    1515<sect3><title>libpam libraries</title>
    16 <para><filename>libpam</filename> libraries provide the interfaces between applications and
    17 the <acronym>PAM</acronym> modules.</para></sect3>
     16<para><filename>libpam</filename> libraries provide the interfaces between
     17applications and the <acronym>PAM</acronym> modules.</para></sect3>
    1818
    1919</sect2>
  • postlfs/security/pam/linux_pam-exp.xml

    r781e273 r8f44fa03  
    88the mailspool directory <acronym>FHS</acronym> compliant.</para>
    99
    10 <para><command>--enable-read-both-confs</command>  : This switch lets the local administrator choose which configuration file setup to
    11 use.</para>
     10<para><command>--enable-read-both-confs</command>  : This switch lets the local administrator choose which configuration file setup to use.</para>
    1211
    1312<para><command>mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a
  • postlfs/security/pam/linux_pam-inst.xml

    r781e273 r8f44fa03  
    11<sect2>
    2 <title>Installation of <application>Linux_PAM</application></title>
     2<title>Installation of <application>Linux_<acronym>PAM</acronym></application>
     3</title>
    34
    4 <para>Install <application>Linux_PAM</application> by running the following commands:</para>
     5<para>Install <application>Linux_<acronym>PAM</acronym></application> by
     6running the following commands:</para>
    57
    68<para><screen><userinput><command>./configure --enable-static-libpam --with-mailspool=/var/mail \
  • postlfs/security/pam/linux_pam-intro.xml

    r781e273 r8f44fa03  
    11<sect2>
    2 <title>Introduction to <application>Linux_PAM</application></title>
     2<title>Introduction to <application>Linux_<acronym>PAM</acronym></application>
     3</title>
    34
    4 <para>The <application>Linux_PAM</application> package contains Pluggable Authentication Modules.
    5 This is useful to enable the local system administrator to choose how
    6 applications authenticate users.</para>
     5<para>The <application>Linux_<acronym>PAM</acronym></application> package
     6contains Pluggable Authentication Modules. This is useful to enable the local
     7system administrator to choose how applications authenticate users.</para>
    78
    89<sect3><title>Package information</title>
     
    1920</sect3>
    2021
    21 <sect3><title><application>Linux_PAM</application> dependencies</title>
     22<sect3><title><application>Linux_<acronym>PAM</acronym></application>
     23dependencies</title>
    2224<sect4><title>Optional</title>
    23 <para><ulink url="http://www.crypticide.org/users/alecm/security/cracklib,2.7.tar.gz">cracklib v2.7</ulink></para></sect4>
     25<para><ulink
     26url="http://www.crypticide.org/users/alecm/security/cracklib,2.7.tar.gz">
     27cracklib v2.7</ulink></para></sect4>
    2428</sect3>
    2529
  • postlfs/security/tripwire/tripwire-config.xml

    r781e273 r8f44fa03  
    11<sect2>
    2 <title>Configuring tripwire</title>
     2<title>Configuring <application>tripwire</application></title>
    33
    44<sect3><title>Config files</title>
    5 <para><userinput>/etc/tripwire</userinput></para>
     5<para><filename>/etc/tripwire</filename></para>
    66</sect3>
    77
    88<sect3><title>Configuration Information</title>
    99
    10 <para>Tripwire uses a policy file to determine which files integrity
    11  are checked. The default policy file (<filename>twpol.txt</filename> found in
    12 <filename>/etc/tripwire/</filename>) is for a default installation of Redhat
    13 7.0 and is woefully outdated.</para>
     10<para><application>Tripwire</application> uses a policy file to determine which
     11files integrity are checked. The default policy file (<filename>twpol.txt
     12</filename> found in <filename>/etc/tripwire/</filename>) is for a default
     13installation of Redhat 7.0 and is woefully outdated.</para>
    1414
    15 <para>Policy files are also a custom thing and should be tailored to
    16  each individual distro and/or installation. Some custom policy files
    17  can be found below: </para>
     15<para>Policy files are also a custom thing and should be tailored to each
     16individual distribution and/or installation. Some custom policy files can be
     17found below: </para>
    1818<screen><ulink  url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/>
    1919Checks integrity of all files
     
    2323Custom policy file for SuSE 7.2 system</screen>
    2424
    25 <para>Download the custom policy file you'd like to try, copy it into
    26 <filename>/etc/tripwire/</filename>, and use it instead of <filename>twpol.txt</filename>. It
    27  is, however, recommended that you make your own policy file. Get ideas
    28  from the examples above and read
    29  <filename>/usr/share/doc/tripwire/policyguide.txt</filename>.
    30 <filename>twpol.txt</filename> is a good policy file for beginners as it will note any changes to the  filesystem and can even be used as an annoying way of keeping track of changes for uninstallation of software.</para>
     25<para>Download the custom policy file you'd like to try, copy it into <filename>
     26/etc/tripwire/</filename>, and use it instead of <filename>twpol.txt
     27</filename>. It is, however, recommended that you make your own policy file.
     28Get ideas from the examples above and read <filename>
     29/usr/share/doc/tripwire/policyguide.txt</filename>. <filename>twpol.txt
     30</filename> is a good policy file for beginners as it will note any changes to
     31the  filesystem and can even be used as an annoying way of keeping track of
     32changes for uninstallation of software.</para>
    3133
    32  <para>After your policy file has been transferred to <filename>/etc/tripwire/</filename> you may begin the configuration steps:</para>
     34<para>After your policy file has been transferred to <filename>/etc/tripwire/
     35</filename> you may begin the configuration steps:</para>
    3336
    34 <screen><userinput>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
    35 tripwire -m i</userinput></screen>
     37<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
     38tripwire -m i</command></userinput></screen>
    3639
    3740<para>During configuration tripwire will create 2 keys: a site key and
    38  a local key which will be stored in <filename class="directory">/etc/tripwire/</filename>.</para>
     41 a local key which will be stored in <filename class="directory">/etc/tripwire/
     42</filename>.</para>
    3943
    4044</sect3>
     
    4347<para>To use tripwire after this and run a report using the following command:
    4448
    45 <screen><userinput>tripwire -m c &gt; /etc/tripwire/report.txt</userinput></screen></para>
     49<screen><userinput><command>tripwire -m c &gt; /etc/tripwire/report.txt
     50</command></userinput></screen></para>
    4651
    4752<para>View the output to check the integrity of your files. An automatic
     
    5257on your system so that tripwire will not continually notify you that
    5358files you intentionally changed are a security violation. To do this you
    54 must first <userinput>ls /var/lib/tripwire/report/</userinput> and note
    55 the name of the newest file which starts with
    56 <filename>linux-</filename> and ends in <filename>.twr</filename>. This
    57 encrypted file was created during the last report creation and is needed
    58 to update the tripwire database of your system. Then, type in the
    59 following command making the appropriate substitutions for '?':
    60 <screen><userinput>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr</userinput></screen></para>
     59must first <command>ls /var/lib/tripwire/report/</command> and note
     60the name of the newest file which starts with <filename>linux-</filename> and
     61ends in <filename>.twr</filename>. This encrypted file was created during the
     62last report creation and is needed to update the tripwire database of your
     63system. Then, type in the following command making the appropriate
     64substitutions for '?':
     65<screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr </command></userinput></screen></para>
    6166
    62 <para>You will be placed into vim with a copy of the report in front of
    63  you. If all the changes were good, then just type
    64  <userinput>:x</userinput> and after entering your local key, the
    65 database will be updated. If there are files which you
    66  still want to be warned about, please remove the x before the filename
    67  in the report and type <userinput>:x</userinput>. </para>
     67<para>You will be placed into vim with a copy of the report in front of you. If
     68all the changes were good, then just type <command>:x</command> and after
     69entering your local key, the database will be updated. If there are files which
     70you still want to be warned about, please remove the x before the filename in
     71the report and type <command>:x</command>. </para>
    6872
    6973</sect3>
     
    7175<sect3><title>Changing the Policy File</title>
    7276
    73 <para>If you are unhappy with your policy file and would like to modify it or use a new one, modify the policy file and then execute the following commands:
    74 <screen><userinput>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
    75 tripwire -m i</userinput></screen></para>
     77<para>If you are unhappy with your policy file and would like to modify it or
     78use a new one, modify the policy file and then execute the following commands:
     79<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
     80tripwire -m i</command></userinput></screen></para>
    7681
    7782</sect3>
  • postlfs/security/tripwire/tripwire-desc.xml

    r781e273 r8f44fa03  
    22<title>Contents</title>
    33
    4 <para>The tripwire package contains <userinput>siggen</userinput>,
    5 <userinput>tripwire</userinput>, <userinput>twadmin</userinput>
    6 and <userinput>twprint</userinput>.</para>
     4<para>The tripwire package contains <command>siggen</command>,
     5<command>tripwire</command>, <command>twadmin</command>
     6and <command>twprint</command>.</para>
    77
    88</sect2>
  • postlfs/security/tripwire/tripwire-exp.xml

    r781e273 r8f44fa03  
    22<title>Command explanations</title>
    33
    4 <para><userinput>ln -s make /usr/bin/gmake</userinput> : The reason we create the gmake symlink is that tripwire will only install if the symlink is present. It may be safely removed after installation.</para>
     4<para><command>ln -s make /usr/bin/gmake</command> : The reason we create the
     5gmake symlink is that tripwire will only install if the symlink is present. It
     6may be safely removed after installation.</para>
    57
    6 <para><userinput>gmake release</userinput> : This command creates the
    7  tripwire binaries.</para>
     8<para><command>gmake release</command> : This command creates the tripwire
     9binaries.</para>
    810
    9 <para><userinput>cp install.{sh,cfg} .</userinput> : These are copied to the main
     11<para><command>cp install.{sh,cfg} .</command> : These are copied to the main
    1012tripwire directory so that the script can be used to install the package.</para>
    1113
    12 <para><userinput>cp policy/*.txt /usr/share/doc/tripwire</userinput> : This command installs the documentation.</para>
     14<para><command>cp policy/*.txt /usr/share/doc/tripwire</command> : This command
     15installs the documentation.</para>
    1316
    1417</sect2>
  • postlfs/security/tripwire/tripwire-inst.xml

    r781e273 r8f44fa03  
    11<sect2>
    2 <title>Installation of tripwire</title>
     2<title>Installation of <application>tripwire</application></title>
    33
    4 <para>Download the patch for tripwire config from <ulink url="&hfile-root;"/>.</para>
     4<para>Download the patch for <application>tripwire</application> config from
     5<ulink url="&hfile-root;"/>.</para>
    56
    6 <para>Install tripwire by running the following commands:</para>
     7<para>Install <application>tripwire</application> by running the following
     8commands:</para>
    79
    8 <para><screen><userinput>export PATH_HOLD=$PATH &amp;&amp;
    9 export PATH=/opt/gcc2/bin:$PATH &amp;&amp;
     10<screen><userinput><command>export PATH_HOLD=$PATH &amp;&amp;
     11export PATH=/opt/gcc-2.95.3/bin:$PATH &amp;&amp;
    1012ln -s make /usr/bin/gmake &amp;&amp;
    1113cd src &amp;&amp;
     
    1618./install.sh &amp;&amp;
    1719cp /etc/tripwire/tw.cfg /usr/sbin &amp;&amp;
    18 cp policy/*.txt /usr/share/doc/tripwire</userinput></screen></para>
     20cp policy/*.txt /usr/share/doc/tripwire</command></userinput></screen>
    1921
    2022<para>Reverse the modifications made above:
    21 <screen><userinput>rm /usr/bin/gmake &amp;&amp;
    22 export PATH=$PATH_HOLD</userinput></screen></para>
     23<screen><userinput><command>rm /usr/bin/gmake &amp;&amp;
     24export PATH=$PATH_HOLD</command></userinput></screen></para>
    2325
    2426</sect2>
  • postlfs/security/tripwire/tripwire-intro.xml

    r781e273 r8f44fa03  
    11<sect2>
    2 <title>Introduction to tripwire</title>
     2<title>Introduction to <application>tripwire</application></title>
    33
    4 <screen>Download location (HTTP):       <ulink url="&tripwire-download-http;"/>
    5 Download location (FTP):        <ulink url="&tripwire-download-ftp;"/>
    6 Version used:                   &tripwire-version;
    7 Package size:                   &tripwire-size;
    8 Estimated Disk space required:  &tripwire-buildsize;</screen>
     4<para>The <application>tripwire</application> package contains the programs
     5used by <application>tripwire</application> to verify the integrity of the
     6files on a given system.</para>
    97
    10 <para>The tripwire package contains the tripwire programs used by tripwire to verify the integrity of the files on a given system.</para>
    11 
    12 <screen>tripwire depends on:
    13 <xref linkend="gcc2"/></screen>
     8<sect3><title>Package information</title>
     9<itemizedlist spacing='compact'>
     10<listitem><para>Download (HTTP): <ulink
     11url="&tripwire-download-http;"/></para></listitem>
     12<listitem><para>Download (FTP): <ulink
     13url="&tripwire-download-ftp;"/></para></listitem>
     14<listitem><para>Download size: &tripwire-size;</para></listitem>
     15<listitem><para>Estimated Disk space required:
     16&tripwire-buildsize;</para></listitem>
     17<listitem><para>Estimated build time:
     18&tripwire-time;</para></listitem></itemizedlist>
     19</sect3>
    1420
    1521</sect2>
Note: See TracChangeset for help on using the changeset viewer.