Changes in / [6167e6b:1309e0e]
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
appendices/dependencies.xml
r6167e6b r1309e0e 1893 1893 <seglistitem> 1894 1894 <seg>Bash, Binutils, Coreutils, Diffutils, Gawk, GCC, Glibc, Grep, 1895 Make, and Sed</seg>1895 Make, Perl, and Sed</seg> 1896 1896 </seglistitem> 1897 1897 </segmentedlist> -
chapter08/libxcrypt.xml
r6167e6b r1309e0e 100 100 them at runtime. However, the only known binary-only applications 101 101 that link against these functions require ABI version 1. If you must 102 have such libraries because of some binary-only application or to be102 have such functions because of some binary-only application or to be 103 103 to be compliant with LSB, build the package again with the following 104 104 commands:</para> -
chapter08/shadow.xml
r6167e6b r1309e0e 61 61 62 62 <para id="shadow-login_defs">Instead of using the default 63 <emphasis>crypt</emphasis> method, use the more secure 64 <emphasis>SHA-512</emphasis> method of password encryption, which also 65 allows passwords longer than 8 characters. In addition, set the number of 66 rounds to 500,000 instead of the default 5000, which is much too low to 67 prevent brute force password attacks. It is also necessary to change 63 <emphasis>crypt</emphasis> method, use the much more secure 64 <emphasis>YESCRYPT</emphasis> method of password encryption, which also 65 allows passwords longer than 8 characters. 66 It is also necessary to change 68 67 the obsolete <filename class="directory">/var/spool/mail</filename> location 69 68 for user mailboxes that Shadow uses by default to the <filename … … 82 81 </note> 83 82 84 <screen><userinput remap="pre">sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD SHA512:' \ 85 -e 's@#\(SHA_CRYPT_..._ROUNDS 5000\)@\100@' \ 86 -e 's:/var/spool/mail:/var/mail:' \ 87 -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \ 83 <screen><userinput remap="pre">sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD YESCRYPT:' \ 84 -e 's:/var/spool/mail:/var/mail:' \ 85 -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \ 88 86 -i etc/login.defs</userinput></screen> 89 87 … … 107 105 108 106 <screen><userinput remap="configure">touch /usr/bin/passwd 109 ./configure --sysconfdir=/etc \ 110 --disable-static \ 107 ./configure --sysconfdir=/etc \ 108 --disable-static \ 109 --with-{b,yes}crypt \ 111 110 --with-group-name-max-length=32</userinput></screen> 112 111 … … 123 122 </listitem> 124 123 </varlistentry> 124 125 <varlistentry> 126 <term><parameter>--with-{b,yes}crypt</parameter></term> 127 <listitem> 128 <para>The shell expands this to two switches, 129 <parameter>--with-bcrypt</parameter> and 130 <parameter>--with-yescrypt</parameter>. They allow shadow to use 131 the Bcrypt and Yescrypt algorithms implemented by 132 <application>Libxcrypt</application> for hashing passwords. 133 These algorithms are more secure (in particular, much more 134 resistant to GPU-based attacks) than the traditional SHA 135 algorithms.</para> 136 </listitem> 137 </varlistentry> 138 125 139 <varlistentry> 126 140 <term><parameter>--with-group-name-max-length=32</parameter></term> -
chapter10/kernel.xml
r6167e6b r1309e0e 167 167 [*] Control Group support [CONFIG_CGROUPS] ---> 168 168 [*] Memory controller [CONFIG_MEMCG] 169 [ ] Enable deprecated sysfs features to support old userspace tools [CONFIG_SYSFS_DEPRECATED]170 169 [ ] Configure standard kernel features (expert users) [CONFIG_EXPERT] 171 170 General architecture-dependent options ---> -
packages.ent
r6167e6b r1309e0e 433 433 <!ENTITY libxcrypt-version "4.4.35"> 434 434 <!ENTITY libxcrypt-size "612 KB"> 435 <!ENTITY libxcrypt-url "&github;/besser82/libxcrypt/releases/download/ &libxcrypt-version;/libxcrypt-&libxcrypt-version;.tar.xz">435 <!ENTITY libxcrypt-url "&github;/besser82/libxcrypt/releases/download/v&libxcrypt-version;/libxcrypt-&libxcrypt-version;.tar.xz"> 436 436 <!ENTITY libxcrypt-md5 "1d8487dfc43ee8e31a858456b868f836"> 437 437 <!ENTITY libxcrypt-home "&github;/besser82/libxcrypt/">
Note:
See TracChangeset
for help on using the changeset viewer.