Changeset a4acd46


Ignore:
Timestamp:
10/14/2003 04:25:20 PM (18 years ago)
Author:
Larry Lawrence <larry@…>
Branches:
10.0, 10.1, 11.0, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, ken/refactor-virt, krejzi/svn, lazarus, nosym, perl-modules, qt5new, systemd-11177, systemd-13485, trunk, v5_0, v5_1, v5_1-pre1, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
9dc71fc
Parents:
27d830e
Message:

whitespace patches, bootdisk patch

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1384 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
12 edited

Legend:

Unmodified
Added
Removed
  • basicnet/netprogs/ncpfs/ncpfs-inst.xml

    r27d830e ra4acd46  
    44<para>Install <application><acronym>NCPFS</acronym></application> by running the following commands:</para>
    55
    6 <para><screen><userinput>./configure --prefix=/usr --includedir=/usr/include \
     6<screen><userinput>./configure --prefix=/usr --includedir=/usr/include \
    77    --mandir=/usr/share/man --datadir=/usr/share &amp;&amp;
    88make &amp;&amp;
    99make install &amp;&amp;
    10 make install-dev</userinput></screen></para>
     10make install-dev</userinput></screen>
    1111
    1212</sect2>
  • basicnet/netprogs/tcpwrappers/tcpwrappers-config.xml

    r27d830e ra4acd46  
    1212
    1313<para>Then perform the following edits on the
    14 <filename>/etc/inetd.conf</filename> configuration file:
     14<filename>/etc/inetd.conf</filename> configuration file:</para>
    1515<screen><userinput>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</userinput></screen>
    16 becomes:
    17 <screen><userinput>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</userinput></screen></para>
     16<para>becomes:</para>
     17<screen><userinput>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</userinput></screen>
    1818
    1919<note><para>The finger server is used as an example here.</para></note>
  • basicnet/netutils/traceroute/traceroute-exp.xml

    r27d830e ra4acd46  
    1111possible for all users to execute <command>traceroute</command>. For absolute
    1212security, turn off the <acronym>SUID</acronym> bit in <command>traceroute</command>'s file
    13 permissions with the command: 
    14 <screen><command>chmod 0755 /usr/sbin/traceroute</command></screen></para>
     13permissions with the command:</para>
     14<screen><command>chmod 0755 /usr/sbin/traceroute</command></screen>
    1515
    1616<para>The risk is that if a security problem such as a buffer overflow were
     
    2626<acronym>SUID</acronym> root, then you
    2727should move <filename>traceroute</filename> to <filename>/usr/bin</filename>
    28 with the following command: 
    29 <screen><command>mv /usr/sbin/traceroute /usr/bin</command></screen></para>
     28with the following command:</para>
     29<screen><command>mv /usr/sbin/traceroute /usr/bin</command></screen>
    3030
    3131<para>This ensures that the binary is in the path for non-root users.</para>
  • basicnet/textweb/w3m/w3m-inst.xml

    r27d830e ra4acd46  
    55menu, mouse, cookie, and <acronym>SSL</acronym> support. Other models include:</para>
    66
    7 <para><literallayout>baby   - bare minimum
     7<literallayout>baby   - bare minimum
    88little - color and menu support
    99mouse  - color, menu, and mouse support
    10 cookie - color, menu, mouse, and cookie support</literallayout></para>
     10cookie - color, menu, mouse, and cookie support</literallayout>
    1111
    1212<para>Install <application>w3m</application> by running the following commands:</para>
  • gnome/config/config-core.xml

    r27d830e ra4acd46  
    55
    66<para>Create an <filename>.xinitrc</filename> file to start
    7 <application><acronym>GNOME</acronym></application>:
     7<application><acronym>GNOME</acronym></application>:</para>
    88<screen><userinput><command>echo "exec gnome-session" &gt;&gt;
    99~/.xinitrc</command></userinput></screen>
    10 and ensure all libraries can be found with:
     10<para>and ensure all libraries can be found with:</para>
    1111<screen><userinput><command>ldconfig</command></userinput></screen>
    12 </para>
    1312
    1413<para>At this point you can bring up
  • multimedia/cdwriteutils/kernel.xml

    r27d830e ra4acd46  
    2929your hardware.</para>
    3030
    31 <para>If necessary, recompile the kernel with
     31<para>If necessary, recompile the kernel with</para>
    3232<screen>make CC=/opt/gcc-2.95.3/bin/gcc dep &amp;&amp;
    3333make CC=/opt/gcc-2.95.3/bin/gcc bzImage &amp;&amp;
    3434make CC=/opt/gcc-2.95.3/bin/gcc modules &amp;&amp;
    3535make CC=/opt/gcc-2.95.3/bin/gcc modules_install</screen>
    36 </para>
    3736<para>
    3837Copy <filename>/usr/src/linux/arch/i386/boot/bzImage</filename> and
  • multimedia/cdwriteutils/udftools/udftools-kernel-inst.xml

    r27d830e ra4acd46  
    1616     UDF write support (DANGEROUS)       Y</screen>
    1717
    18 <para>If necessary, recompile the kernel with
     18<para>If necessary, recompile the kernel with</para>
    1919<screen><userinput><command>make CC=/opt/gcc-2.95.3/bin/gcc dep &amp;&amp;
    2020make CC=/opt/gcc-2.95.3/bin/gcc bzImage &amp;&amp;
    2121make CC=/opt/gcc-2.95.3/bin/gcc modules &amp;&amp;
    2222make CC=/opt/gcc-2.95.3/bin/gcc modules_install</command></userinput></screen>
    23 </para>
    2423<para>
    2524Copy <filename>/usr/src/linux/arch/i386/boot/bzImage</filename> and
     
    3130
    3231<para>If you build packet writer as a module, add the following to
    33 <filename>/etc/modules.conf</filename>:
    34 <screen><userinput>alias block-major-97 pktcdvd</userinput></screen></para>
     32<filename>/etc/modules.conf</filename>:</para>
     33<screen><userinput>alias block-major-97 pktcdvd</userinput></screen>
    3534
    3635<para>Finally, create the packet driver device nodes in <filename
  • postlfs/config/bootdisk.xml

    r27d830e ra4acd46  
    9595instead in any commands that include "rescueimage".</para>
    9696
    97 <para>If you can not get your kernel down to the size needed to allow
     97<para>If you can not get your rescueimage down to the size needed to allow
    9898all you need on the ramdisk image, don't fret.  You can always build a
    9999two diskette set, one boot and one root diskette.  The kernel will prompt
    100100you to insert the root file system diskette.  This will allow room for a
    101 compressed ramdisk image of 1440 blocks and a kernel of the same
     101compressed ramdisk image of 1440 blocks and a rescueimage of the same
    102102size.</para>
    103103
    104 <para>The kernel size limits given above are likely to vary as
     104<para>The rescueimage size limits given above are likely to vary as
    105105local system-specific configurations change.  Use them only as a
    106 guideline and not as gospel.  The size of the kernel image as shown by
     106guideline and not as gospel.  The size of rescueimage as shown by
    107107<command>ls -sk</command> is only an approximation because of some
    108108"overhead".  On the system used to develop this version of these
     
    124124<listitem><para>add components to the file system</para></listitem>
    125125<listitem><para>make the compressed initrd</para></listitem>
    126 <listitem><para>join a kernel image and initrd onto a diskette</para></listitem>
     126<listitem><para>join rescueimage and initrd onto a diskette</para></listitem>
    127127</itemizedlist>
    128128
     
    238238to minimize wasting space with unneeded inodes.</para>
    239239
    240 <para><emphasis>You must modify this to suit your kernel configuration and
     240<para><emphasis>You must modify this to suit your rescueimage configuration and
    241241other needs.</emphasis>  For example, you may need
    242242<acronym>SCSI</acronym> devices and may not need
     
    376376basic utilities.  A file system package, like <application><ulink
    377377url="http://freshmeat.net/projects/e2fsprogs/">e2fsprogs</ulink></application>, or
    378 a package for the file system you are using will provide a minimal
     378a package for the file system you are using, will provide a minimal
    379379set of utilities for file system checking and reconstruction.  The whole
    380380package will not be installed, but only certain needed components.</para>
     
    438438
    439439<para>There are two very useful utilities that any rescue disk should
    440 have to help in faster and more accurate recovery.  The first is a
     440have, to help in faster and more accurate recovery.  The first is a
    441441partitioning utility.  The <command>sfdisk</command> program is
    442442used here because of its small size and great power.  Be warned though -
     
    523523ls -l /tmp/rootfs.gz</command></userinput></screen> 
    524524
    525 <para><emphasis>Join a kernel image and initrd onto a diskette</emphasis></para>
    526 
    527 <para>Now the kernel image and initial ramdisk image will be written to
     525<para><emphasis>Join rescueimage and initrd onto a diskette</emphasis></para>
     526
     527<para>Now the rescueimage and initial ramdisk image will be written to
    528528the boot diskette.  Before doing this, calculate the number of blocks
    529 needed for the kernel and for the initrd, individually, by dividing each
     529needed for rescueimage and for <filename>/tmp/rootfs.gz</filename>
     530(the initial ramdisk), individually, by dividing each
    530531size by 1024 and adding one if there is any remainder.  Add these two
    531532results together.  They must total 1,440 or fewer blocks.  If they total
    532533more than this, don't worry too much.  Changes to make a two-diskette
    533534set are presented later.  Of course, you could reexamine your choices and
    534 try to shrink either the kernel or the initial ramdisk image.</para>
     535try to shrink either the rescueimage or the initial ramdisk image.</para>
    535536
    536537<para>To make a single-floppy rescue, using devfs, use the following
     
    572573Make sure that this number, which may be different for you, matches your
    573574calculations from above.  You need to calculate a "magic number" now
    574 that will be inserted into the kernel image.  The value consists of three
     575that will be inserted into rescueimage.  The value consists of three
    575576significant parts.  Two are discussed here.  The third is touched upon
    576577later.</para>
    577578
    578 <para>Bits 0 - 10 will contain the size of the kernel image, in blocks,
     579<para>Bits 0 - 10 will contain the size of rescueimage, in blocks,
    579580that you calculated above, and which should match the results from the
    580581dd above. Bit 14 (the 15th bit, which is 2 to the 14th power, or 16,384)
    581582is a flag that, when set to 1, tells the kernel an initial ramdisk is to
    582583be loaded. So for the single-floppy rescue diskette, the two numbers
    583 16,384 and 481 (or whatever number is right for your kernel size) are
     58416,384 and 481 (or whatever number is right for your rescueimage size) are
    584585added together to produce a decimal value, like 16865. This value is
    585 inserted into the proper place in the kernel image by the
     586inserted into the proper place in rescueimage by the
    586587<command>rdev</command> command done next.</para>
    587588
    588 <para>Insert the "magic number" into the kernel image and then write the
    589 root file system right after the kernel on the floppy by executing the
     589<para>Insert the "magic number" into rescueimage and then write the
     590root file system right after rescueimage on the floppy by executing the
    590591following commands, with the proper numbers inserted. Notice that the
    591592<command>seek</command> parameter's number must be the size, in blocks,
    592 of your kernel image. If you use the static <filename class="directory">/dev</filename>
     593of your rescueimage. If you use the static <filename class="directory">/dev</filename>
    593594setup, use <filename>/dev/fd0</filename> in the commands below, instead
    594595of <filename>/dev/floppy/0</filename>.</para>
     
    598599
    599600<para>In this command, <command>seek</command> was used to position to
    600 the block following the end of the kernel (480+1) and begin writing the
     601the block following the end of the rescueimage (480+1) and begin writing the
    601602root file system to the floppy.</para>
    602603</sect3>
     
    615616<para>Modify the above instructions as follows. First a different magic
    616617number is needed. The 15th bit (bit 14) still needs to be set, but the
    617 size of the kernel image, in blocks, is replaced with a zero.  The third
     618size of the rescueimage, in blocks, is replaced with a zero.  The third
    618619component, which was not discussed above, is now used. This is the 16th
    619620bit (bit 15) of the "magic number". When set, it tells the kernel to ask
    620621the user to insert the "root" floppy. It then loads the initrd image
    621 from that diskette.  Because the size of the kernel image was replaced
     622from that diskette.  Because the size of the rescueimage was replaced
    622623by zero, the kernel starts loading from the "zero'th" block (the first
    623624one) on the second diskette.</para>
     
    627628value tells the kernel to prompt for, and then load, an initial ramdisk
    628629image from the first block on the inserted floppy.  So your first
    629 modification is to the command to write the "magic number" to the kernel
     630modification is to the command to write the "magic number" to the rescueimage
    630631image on the diskette.</para>
    631632
  • postlfs/config/compressdoc.xml

    r27d830e ra4acd46  
    457457file <filename>/etc/man.conf</filename>, as a
    458458<envar>MANPATH</envar>=<replaceable>/path</replaceable> section.</para>
    459 <para> Example:<screen><userinput>
     459<para> Example:</para><screen><userinput>
    460460    ...
    461461    MANPATH=/usr/share/man
     
    463463    MANPATH=/usr/X11R6/man
    464464    MANPATH=/opt/qt/doc/man
    465     ...</userinput></screen></para>
     465    ...</userinput></screen>
    466466
    467467<para>Generally, package installation systems do not compress man/info pages,
  • postlfs/security/firewalling/busybox.xml

    r27d830e ra4acd46  
    2020simple and should still be acceptable from a security standpoint.
    2121Just add the following lines <emphasis>before</emphasis> the logging-rules
    22 into the script.
     22into the script.</para>
    2323
    2424<screen>iptables -A INPUT  -i ! ppp+  -j ACCEPT
    25 iptables -A OUTPUT -o ! ppp+  -j ACCEPT</screen></para>
     25iptables -A OUTPUT -o ! ppp+  -j ACCEPT</screen>
    2626
    2727<para>If your daemons have to access the web themselves, like squid would need
    28 to, you could open OUTPUT generally and restrict INPUT.
     28to, you could open OUTPUT generally and restrict INPUT.</para>
    2929
    3030<screen>iptables -A INPUT -m state --state ESTABLISHED,RELATED  -j ACCEPT
    31 iptables -A OUTPUT                                      -j ACCEPT</screen></para>
     31iptables -A OUTPUT                                      -j ACCEPT</screen>
    3232
    3333<para>However, it is generally not advisable to leave OUTPUT unrestricted: you lose
     
    4444<title>Have a look at the following examples:</title>
    4545
    46 <listitem><para>Squid is caching the web:
     46<listitem><para>Squid is caching the web:</para>
    4747<screen>iptables -A OUTPUT -p tcp --dport 80                              -j ACCEPT
    48 iptables -A INPUT  -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT</screen></para></listitem>
     48iptables -A INPUT  -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT</screen></listitem>
    4949
    5050<listitem><para>Your caching name server (e.g., dnscache) does its
    51 lookups via udp:
     51lookups via udp:</para>
    5252<screen>iptables -A OUTPUT -p udp --dport 53                              -j ACCEPT
    53 iptables -A INPUT  -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT</screen></para></listitem>
     53iptables -A INPUT  -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT</screen></listitem>
    5454
    5555<listitem><para>Alternatively, if you want to be able to ping your box to ensure
    56 it's still alive:
     56it's still alive:</para>
    5757<screen>iptables -A INPUT  -p icmp -m icmp --icmp-type echo-request -j ACCEPT
    58 iptables -A OUTPUT -p icmp -m icmp --icmp-type echo-reply   -j ACCEPT</screen></para></listitem>
     58iptables -A OUTPUT -p icmp -m icmp --icmp-type echo-reply   -j ACCEPT</screen></listitem>
    5959
    6060<listitem><para><anchor id='postlfs-security-fw-BB-4' xreflabel="example no. 4"/>If you are
     
    6666
    6767<para>To avoid these delays you could reject the requests
    68 with a 'tcp-reset':
     68with a 'tcp-reset':</para>
    6969
    7070<screen>iptables -A INPUT  -p tcp --dport 113 -j REJECT --reject-with tcp-reset
    71 iptables -A OUTPUT -p tcp --sport 113 -m state --state RELATED -j ACCEPT</screen></para></listitem>
     71iptables -A OUTPUT -p tcp --sport 113 -m state --state RELATED -j ACCEPT</screen></listitem>
    7272
    7373<listitem><para>To log and drop invalid packets, mostly harmless packets
    74 that came in after netfilter's timeout, sometimes scans:
     74that came in after netfilter's timeout, sometimes scans:</para>
    7575
    7676<screen>iptables -I INPUT 1 -p tcp -m state --state INVALID -j LOG --log-prefix \
    7777"FIREWALL:INVALID"
    78 iptables -I INPUT 2 -p tcp -m state --state INVALID -j DROP</screen></para></listitem>
     78iptables -I INPUT 2 -p tcp -m state --state INVALID -j DROP</screen></listitem>
    7979
    8080<listitem><para>Anything coming from the outside should not have a
    81 private address, this is a common attack called IP-spoofing:
     81private address, this is a common attack called IP-spoofing:</para>
    8282
    8383<screen>iptables -t nat -A PREROUTING -i ppp+ -s 10.0.0.0/8     -j DROP
    8484iptables -t nat -A PREROUTING -i ppp+ -s 172.16.0.0/12  -j DROP
    85 iptables -t nat -A PREROUTING -i ppp+ -s 192.168.0.0/16 -j DROP</screen></para></listitem>
     85iptables -t nat -A PREROUTING -i ppp+ -s 192.168.0.0/16 -j DROP</screen></listitem>
    8686
    8787<listitem><para>To simplify debugging and be fair to anyone who'd like to
     
    9090
    9191<para>Obviously this must be done directly after logging as the very
    92 last lines before the packets are dropped by policy:
     92last lines before the packets are dropped by policy:</para>
    9393
    9494<screen>iptables -A INPUT                        -j REJECT
    95 iptables -A OUTPUT -p icmp --icmp-type 3 -j ACCEPT</screen></para></listitem>
     95iptables -A OUTPUT -p icmp --icmp-type 3 -j ACCEPT</screen></listitem>
    9696</itemizedlist>
    9797<!--</orderedlist>-->
  • pst/sgml/docbook-dsssl/docbook-dsssl-config.xml

    r27d830e ra4acd46  
    66<para>The following configuration is necessary in order to utilize
    77<application>OpenJade</application> to convert the <acronym>BLFS</acronym>
    8 Book from <acronym>XML</acronym> to <acronym>HTML</acronym>:
     8Book from <acronym>XML</acronym> to <acronym>HTML</acronym>:</para>
    99<screen><userinput><command>ln -sf <replaceable>[your home directory]</replaceable>/BLFS/BOOK/blfs.dsl \
    1010/usr/share/sgml/docbook/dsssl-stylesheets-&docbook-dsssl-version;/html/</command></userinput></screen>
    11 </para>
    1211
    1312<para>If you would like to test <application>Docbook <acronym>XML</acronym>
  • server/other/cvsserver/cvsserver-inst.xml

    r27d830e ra4acd46  
    3939<para>Test access to the <acronym>CVS</acronym> repository from a remote
    4040machine using a user account that has <command>ssh</command> access to the
    41 <acronym>CVS</acronym> server with the following commands:
     41<acronym>CVS</acronym> server with the following commands:</para>
    4242<note><para>Replace <replaceable>[servername]</replaceable> with the
    4343<acronym>IP</acronym> address or host name of the <acronym>CVS</acronym>
    4444repository machine.  You will be prompted for the user's shell account password
    45 before <acronym>CVS</acronym> checkout can continue.</para></note></para>
     45before <acronym>CVS</acronym> checkout can continue.</para></note>
    4646
    4747
Note: See TracChangeset for help on using the changeset viewer.