Context Navigation

-              r781e273
+              r8f44fa03
 <sect2>
+<title>Configuring <application>Linux_PAM</application></title>
+<title>Configuring <application>Linux_<acronym>PAM</acronym></application>
+</title>
 <sect3><title>Config files</title>
 <para><filename>/etc/pam.d</filename> or <filename>/etc/pam.conf</filename></para>
 </sect3>
+<para><filename>/etc/pam.d</filename> or <filename>/etc/pam.conf</filename>
+</para></sect3>
 <sect3><title>Configuration Information</title>
+<para>Configuration information is placed in
+<filename>/etc/pam.d</filename> or <filename>/etc/pam.conf</filename>
+depending on the application that is using <acronym>PAM</acronym>. Below are example files of
+each type:
+</para>
+<para>Configuration information is placed in <filename>/etc/pam.d</filename> or
+<filename>/etc/pam.conf</filename> depending on the application that is using
+<application><acronym>PAM</acronym></application>. Below are example files of
+each type:</para>
 <screen># Begin /etc/pam.d/other
 …
 # End /etc/pam.conf</screen>
+<para>The pam man page provides a good starting point for descriptions of
+fields and allowable entries.  The <ulink
+url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html">Linux-PAM
+guide for system administrators</ulink> and two PAM hints located at <ulink url="http://hints.linuxfromscratch.org"/> are also available for further reading.</para>
+<para>The <application><acronym>pam</acronym></application> man page provides a
+good starting point for descriptions of fields and allowable entries.  The
+<ulink url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html">
+Linux-PAM guide for system administrators</ulink> and two
+<application><acronym>PAM</acronym></application> hints located at
+<ulink url="&hints-root;"/> are also available for further reading.</para>
 </sect3>

postlfs/security/pam/linux_pam-desc.xml

-              r781e273
+              r8f44fa03
 <title>Contents</title>
 <para>The <application>Linux_PAM</application> package contains
+<command>unix-chkpwd</command>
 and <filename>libpam</filename> libraries.</para>
+<para>The <application>Linux_<acronym>PAM</acronym></application> package
+contains <command>unix-chkpwd</command> and <filename>libpam</filename>
+libraries.</para>
 </sect2>
 …
 <sect3><title>libpam libraries</title>
 <para><filename>libpam</filename> libraries provide the interfaces between applications and
 the <acronym>PAM</acronym> modules.</para></sect3>
+<para><filename>libpam</filename> libraries provide the interfaces between
+applications and the <acronym>PAM</acronym> modules.</para></sect3>
 </sect2>

postlfs/security/pam/linux_pam-exp.xml

-              r781e273
+              r8f44fa03
 the mailspool directory <acronym>FHS</acronym> compliant.</para>
+<para><command>--enable-read-both-confs</command>  : This switch lets the local administrator choose which configuration file setup to
+use.</para>
+<para><command>--enable-read-both-confs</command>  : This switch lets the local administrator choose which configuration file setup to use.</para>
 <para><command>mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a

postlfs/security/pam/linux_pam-inst.xml

-              r781e273
+              r8f44fa03
 <sect2>
+<title>Installation of <application>Linux_PAM</application></title>
+<title>Installation of <application>Linux_<acronym>PAM</acronym></application>
+</title>
+<para>Install <application>Linux_PAM</application> by running the following commands:</para>
+<para>Install <application>Linux_<acronym>PAM</acronym></application> by
+running the following commands:</para>
 <para><screen><userinput><command>./configure --enable-static-libpam --with-mailspool=/var/mail \

postlfs/security/pam/linux_pam-intro.xml

-              r781e273
+              r8f44fa03
 <sect2>
+<title>Introduction to <application>Linux_PAM</application></title>
+<title>Introduction to <application>Linux_<acronym>PAM</acronym></application>
+</title>
 <para>The <application>Linux_PAM</application> package contains Pluggable Authentication Modules.
+This is useful to enable the local system administrator to choose how
 applications authenticate users.</para>
+<para>The <application>Linux_<acronym>PAM</acronym></application> package
+contains Pluggable Authentication Modules. This is useful to enable the local
+system administrator to choose how applications authenticate users.</para>
 <sect3><title>Package information</title>
 …
 </sect3>
+<sect3><title><application>Linux_PAM</application> dependencies</title>
+<sect3><title><application>Linux_<acronym>PAM</acronym></application>
+dependencies</title>
 <sect4><title>Optional</title>
+<para><ulink url="http://www.crypticide.org/users/alecm/security/cracklib,2.7.tar.gz">cracklib v2.7</ulink></para></sect4>
+<para><ulink
+url="http://www.crypticide.org/users/alecm/security/cracklib,2.7.tar.gz">
+cracklib v2.7</ulink></para></sect4>
 </sect3>

postlfs/security/tripwire/tripwire-config.xml

-              r781e273
+              r8f44fa03
 <sect2>
 <title>Configuring tripwire</title>
+<title>Configuring <application>tripwire</application></title>
 <sect3><title>Config files</title>
 <para><userinput>/etc/tripwire</userinput></para>
+<para><filename>/etc/tripwire</filename></para>
 </sect3>
 <sect3><title>Configuration Information</title>
 <para>Tripwire uses a policy file to determine which files integrity
+ are checked. The default policy file (<filename>twpol.txt</filename> found in
 <filename>/etc/tripwire/</filename>) is for a default installation of Redhat
 .0 and is woefully outdated.</para>
+<para><application>Tripwire</application> uses a policy file to determine which
+files integrity are checked. The default policy file (<filename>twpol.txt
+</filename> found in <filename>/etc/tripwire/</filename>) is for a default
+installation of Redhat 7.0 and is woefully outdated.</para>
 <para>Policy files are also a custom thing and should be tailored to
+ each individual distro and/or installation. Some custom policy files
  can be found below: </para>
+<para>Policy files are also a custom thing and should be tailored to each
+individual distribution and/or installation. Some custom policy files can be
+found below: </para>
 <screen><ulink  url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/>
 Checks integrity of all files
 …
 Custom policy file for SuSE 7.2 system</screen>
+<para>Download the custom policy file you'd like to try, copy it into
+<filename>/etc/tripwire/</filename>, and use it instead of <filename>twpol.txt</filename>. It
+ is, however, recommended that you make your own policy file. Get ideas
+ from the examples above and read
+ <filename>/usr/share/doc/tripwire/policyguide.txt</filename>.
+<filename>twpol.txt</filename> is a good policy file for beginners as it will note any changes to the  filesystem and can even be used as an annoying way of keeping track of changes for uninstallation of software.</para>
+<para>Download the custom policy file you'd like to try, copy it into <filename>
+/etc/tripwire/</filename>, and use it instead of <filename>twpol.txt
+</filename>. It is, however, recommended that you make your own policy file.
+Get ideas from the examples above and read <filename>
+/usr/share/doc/tripwire/policyguide.txt</filename>. <filename>twpol.txt
+</filename> is a good policy file for beginners as it will note any changes to
+the  filesystem and can even be used as an annoying way of keeping track of
+changes for uninstallation of software.</para>
+ <para>After your policy file has been transferred to <filename>/etc/tripwire/</filename> you may begin the configuration steps:</para>
+<para>After your policy file has been transferred to <filename>/etc/tripwire/
+</filename> you may begin the configuration steps:</para>
 <screen><userinput>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
 tripwire -m i</userinput></screen>
+<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
+tripwire -m i</command></userinput></screen>
 <para>During configuration tripwire will create 2 keys: a site key and
+ a local key which will be stored in <filename class="directory">/etc/tripwire/</filename>.</para>
+ a local key which will be stored in <filename class="directory">/etc/tripwire/
+</filename>.</para>
 </sect3>
 …
 <para>To use tripwire after this and run a report using the following command:
+<screen><userinput>tripwire -m c &gt; /etc/tripwire/report.txt</userinput></screen></para>
+<screen><userinput><command>tripwire -m c &gt; /etc/tripwire/report.txt
+</command></userinput></screen></para>
 <para>View the output to check the integrity of your files. An automatic
 …
 on your system so that tripwire will not continually notify you that
 files you intentionally changed are a security violation. To do this you
 must first <userinput>ls /var/lib/tripwire/report/</userinput> and note
 the name of the newest file which starts with
+<filename>linux-</filename> and ends in <filename>.twr</filename>. This
+encrypted file was created during the last report creation and is needed
+to update the tripwire database of your system. Then, type in the
 following command making the appropriate substitutions for '?':
 <screen><userinput>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr</userinput></screen></para>
+must first <command>ls /var/lib/tripwire/report/</command> and note
+the name of the newest file which starts with <filename>linux-</filename> and
+ends in <filename>.twr</filename>. This encrypted file was created during the
+last report creation and is needed to update the tripwire database of your
+system. Then, type in the following command making the appropriate
+substitutions for '?':
+<screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr </command></userinput></screen></para>
+<para>You will be placed into vim with a copy of the report in front of
+ you. If all the changes were good, then just type
+ <userinput>:x</userinput> and after entering your local key, the
+database will be updated. If there are files which you
+ still want to be warned about, please remove the x before the filename
+ in the report and type <userinput>:x</userinput>. </para>
+<para>You will be placed into vim with a copy of the report in front of you. If
+all the changes were good, then just type <command>:x</command> and after
+entering your local key, the database will be updated. If there are files which
+you still want to be warned about, please remove the x before the filename in
+the report and type <command>:x</command>. </para>
 </sect3>
 …
 <sect3><title>Changing the Policy File</title>
+<para>If you are unhappy with your policy file and would like to modify it or use a new one, modify the policy file and then execute the following commands:
+<screen><userinput>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
+tripwire -m i</userinput></screen></para>
+<para>If you are unhappy with your policy file and would like to modify it or
+use a new one, modify the policy file and then execute the following commands:
+<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
+tripwire -m i</command></userinput></screen></para>
 </sect3>

postlfs/security/tripwire/tripwire-desc.xml

-              r781e273
+              r8f44fa03
 <title>Contents</title>
 <para>The tripwire package contains <userinput>siggen</userinput>,
 <userinput>tripwire</userinput>, <userinput>twadmin</userinput>
 and <userinput>twprint</userinput>.</para>
+<para>The tripwire package contains <command>siggen</command>,
+<command>tripwire</command>, <command>twadmin</command>
+and <command>twprint</command>.</para>
 </sect2>

postlfs/security/tripwire/tripwire-exp.xml

-              r781e273
+              r8f44fa03
 <title>Command explanations</title>
+<para><userinput>ln -s make /usr/bin/gmake</userinput> : The reason we create the gmake symlink is that tripwire will only install if the symlink is present. It may be safely removed after installation.</para>
+<para><command>ln -s make /usr/bin/gmake</command> : The reason we create the
+gmake symlink is that tripwire will only install if the symlink is present. It
+may be safely removed after installation.</para>
 <para><userinput>gmake release</userinput> : This command creates the
  tripwire binaries.</para>
+<para><command>gmake release</command> : This command creates the tripwire
+binaries.</para>
 <para><userinput>cp install.{sh,cfg} .</userinput> : These are copied to the main
+<para><command>cp install.{sh,cfg} .</command> : These are copied to the main
 tripwire directory so that the script can be used to install the package.</para>
+<para><userinput>cp policy/*.txt /usr/share/doc/tripwire</userinput> : This command installs the documentation.</para>
+<para><command>cp policy/*.txt /usr/share/doc/tripwire</command> : This command
+installs the documentation.</para>
 </sect2>

postlfs/security/tripwire/tripwire-inst.xml

-              r781e273
+              r8f44fa03
 <sect2>
 <title>Installation of tripwire</title>
+<title>Installation of <application>tripwire</application></title>
+<para>Download the patch for tripwire config from <ulink url="&hfile-root;"/>.</para>
+<para>Download the patch for <application>tripwire</application> config from
+<ulink url="&hfile-root;"/>.</para>
+<para>Install tripwire by running the following commands:</para>
+<para>Install <application>tripwire</application> by running the following
+commands:</para>
 <para><screen><userinput>export PATH_HOLD=$PATH &amp;&amp;
 export PATH=/opt/gcc2/bin:$PATH &amp;&amp;
+<screen><userinput><command>export PATH_HOLD=$PATH &amp;&amp;
+export PATH=/opt/gcc-2.95.3/bin:$PATH &amp;&amp;
 ln -s make /usr/bin/gmake &amp;&amp;
 cd src &amp;&amp;
 …
 ./install.sh &amp;&amp;
 cp /etc/tripwire/tw.cfg /usr/sbin &amp;&amp;
 cp policy/*.txt /usr/share/doc/tripwire</userinput></screen></para>
+cp policy/*.txt /usr/share/doc/tripwire</command></userinput></screen>
 <para>Reverse the modifications made above:
 <screen><userinput>rm /usr/bin/gmake &amp;&amp;
 export PATH=$PATH_HOLD</userinput></screen></para>
+<screen><userinput><command>rm /usr/bin/gmake &amp;&amp;
+export PATH=$PATH_HOLD</command></userinput></screen></para>
 </sect2>

postlfs/security/tripwire/tripwire-intro.xml

-              r781e273
+              r8f44fa03
 <sect2>
 <title>Introduction to tripwire</title>
+<title>Introduction to <application>tripwire</application></title>
+<screen>Download location (HTTP):       <ulink url="&tripwire-download-http;"/>
+Download location (FTP):        <ulink url="&tripwire-download-ftp;"/>
+Version used:                   &tripwire-version;
+Package size:                   &tripwire-size;
+Estimated Disk space required:  &tripwire-buildsize;</screen>
+<para>The <application>tripwire</application> package contains the programs
+used by <application>tripwire</application> to verify the integrity of the
+files on a given system.</para>
+<para>The tripwire package contains the tripwire programs used by tripwire to verify the integrity of the files on a given system.</para>
+<screen>tripwire depends on:
+<xref linkend="gcc2"/></screen>
+<sect3><title>Package information</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Download (HTTP): <ulink
+url="&tripwire-download-http;"/></para></listitem>
+<listitem><para>Download (FTP): <ulink
+url="&tripwire-download-ftp;"/></para></listitem>
+<listitem><para>Download size: &tripwire-size;</para></listitem>
+<listitem><para>Estimated Disk space required:
+&tripwire-buildsize;</para></listitem>
+<listitem><para>Estimated build time:
+&tripwire-time;</para></listitem></itemizedlist>
+</sect3>
 </sect2>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 8f44fa03 for postlfs/security

Legend:

Download in other formats: