Changeset d140e26 for postlfs/security

Timestamp:

06/19/2004 05:44:00 AM (20 years ago)

Author:

Randy McMurchy <randy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

7257066

Parents:

7cb65ce

Message:

misc. corrections and fixes

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2347 af4574ff-66df-0310-9fd7-8a98e5e911e0

Location:

postlfs/security

Files:

• gnupg.xml (modified) (2 diffs)
• linux_pam.xml (modified) (3 diffs)
• tripwire.xml (modified) (8 diffs)

postlfs/security/gnupg.xml

@@ -64 +64 @@
 <filename class="directory">/usr/libexec</filename>.</para>
 
-<para><command>chmod 4755 /usr/bin/gpg</command>: We install
-<command>gpg</command> setuid root to avoid swapping out of
-sensitive data.</para>
+<para><command>chmod 4755 /usr/bin/gpg</command>: <command>gpg</command> 
+is installed setuid root to avoid swapping out sensitive data.</para>
 
 </sect2>
@@ -82 +81 @@
 <sect3><title>gpg</title>
 <para><command>gpg</command> is the backend (command-line interface) for
-this Open<acronym>PGP</acronym>
-implementation.</para></sect3>
+this Open<acronym>PGP</acronym> implementation.</para></sect3>
 
 <sect3><title>gpgsplit</title>

postlfs/security/linux_pam.xml

@@ -75 +75 @@
 <title>Command explanations</title>
 
-<para><command>autoconf</command>:  This is necessary as in the patch, we
-change where <acronym>PAM</acronym> looks for the cracklib libs.  This 
-requires that the configure script be recreated.</para>
+<para><command>autoconf</command>:  This is necessary because the patch 
+changes where <acronym>PAM</acronym> looks for the cracklib libraries, 
+requiring regeneration of the configure script.</para>
 
 <para><option>--enable-static-libpam</option>: This switch builds
@@ -90 +90 @@
 <para><command>mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a
 /usr/lib</command>: This command moves the static libraries to
-<filename>/usr/lib</filename> to comply with <acronym>FHS</acronym>.</para>
+<filename>/usr/lib</filename> to comply with <acronym>FHS</acronym> 
+guidelines.</para>
 
 </sect2>
@@ -154 +155 @@
 
 <sect3><title>unix-chkpwd</title>
-<para>No description available.</para></sect3>
+<para><command>unix-chkpwd</command> checks user passwords that are stored 
+in read protected databases.</para></sect3>
 
 <sect3><title>libpam libraries</title>

postlfs/security/tripwire.xml

@@ -43 +43 @@
 </sect3>
 
-<sect3><title><application>Shadow</application> dependencies</title>
+<sect3><title><application>Tripwire</application> dependencies</title>
 <sect4><title>Optional</title>
 <para>MTA (See <xref linkend="server-mail"/>)</para></sect4>
@@ -62 +62 @@
 
 <para>The default configuration is to use a local MTA. If you don't have
-a MTA installed and have no wish to install one, modify the
+an MTA installed and have no wish to install one, modify 
 <filename>install.cfg</filename> to use an SMTP server instead.
 Install <application>Tripwire</application> by running the following 
@@ -79 +79 @@
 <application>Tripwire</application> binaries.</para>
 
-<para><command>cp install.{sh,cfg} .</command>: These are copied to the main
-<application>Tripwire</application> directory so that the script can be used to 
-install the package.</para>
+<para><command>cp install.{sh,cfg} .</command>: These files are copied to 
+the main <application>Tripwire</application> directory so that the script 
+can be used to install the package.</para>
 
 <para><command>cp policy/*.txt /usr/share/doc/tripwire</command>: This command 
@@ -98 +98 @@
 
 <para><application>Tripwire</application> uses a policy file to determine which 
-files integrity are checked. The default policy file (<filename>twpol.txt
+files are integrity checked. The default policy file (<filename>twpol.txt
 </filename> found in <filename class="directory">/etc/tripwire/</filename>) is for a default 
 installation of Redhat 7.0 and is woefully outdated.</para>
@@ -114 +114 @@
 <para>Download the custom policy file you'd like to try, copy it into
 <filename class="directory">/etc/tripwire/</filename>, and use it instead of 
-<filename>twpol.txt</filename>. It is, however, recommended that you make your own policy file. 
-Get ideas from the examples above and read <filename>
-/usr/share/doc/tripwire/policyguide.txt</filename>. <filename>twpol.txt
-</filename> is a good policy file for beginners as it will note any changes to 
-the file system and can even be used as an annoying way of keeping track of 
-changes for uninstallation of software.</para>
+<filename>twpol.txt</filename>. It is, however, recommended that you make 
+your own policy file. Get ideas from the examples above and read 
+<filename> /usr/share/doc/tripwire/policyguide.txt</filename>. 
+<filename>twpol.txt</filename> is a good policy file for beginners as it 
+will note any changes to the file system and can even be used as an annoying 
+way of keeping track of changes for uninstallation of software.</para>
 
 <para>After your policy file has been transferred to <filename
-class="directory">/etc/tripwire/</filename> you may begin the configuration steps:</para>
+class="directory">/etc/tripwire/</filename> you may begin the configuration 
+steps:</para>
 
 <screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
@@ -143 +144 @@
 the runs. </para>
 
-<para>Please note that after you run an integrity check, you must check
-the report or email and then modify the
-<application>Tripwire</application> database of the files
-on your system so that <application>Tripwire</application> will not continually notify you that
+<para>Please note that after you run an integrity check, you must examine
+the report (or email) and then modify the <application>Tripwire</application> 
+database to reflect the changed files on your system. This is so that 
+<application>Tripwire</application> will not continually notify you that
 files you intentionally changed are a security violation. To do this you
 must first <command>ls -l /var/lib/tripwire/report/</command> and note
@@ -160 +161 @@
 all the changes were good, then just type <command>:x</command> and after 
 entering your local key, the database will be updated. If there are files which 
-you still want to be warned about, please remove the x before the filename in 
-the report and type <command>:x</command>. </para>
+you still want to be warned about, remove the x before the filename in 
+the report and type <command>:x</command>.</para>
 
 </sect3>
@@ -180 +181 @@
 <title>Contents</title>
 
-<para>The <application>Tripwire</application> package contains <command>siggen
-</command>,
-<command>tripwire</command>, <command>twadmin</command>
-and <command>twprint</command>.</para>
+<para>The <application>Tripwire</application> package contains 
+<command>siggen</command>, <command>tripwire</command>, 
+<command>twadmin</command> and <command>twprint</command>.</para>
 
 </sect2>