os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix some redundancy and title capitalization in Security chapter.

Browse source 
Sponsored by:	iXsystems
This commit is contained in:
Dru Lavigne 2014-04-18 19:42:57 +00:00
parent 06fa643ac1
commit c2a65919a8
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=44606
1 changed files with 17 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
en_US.ISO8859-1/books/handbook/security/chapter.xml
View file

@ -242,8 +242,8 @@
and even lock users into running only single, privileged
commands such as &man.service.8;</para>
<para>After installation, edit the
<filename>/usr/local/etc/sudoers</filename> file by using
<para>After installation, edit
<filename>/usr/local/etc/sudoers</filename> using
the <command>visudo</command> interface. In this example,
a new webadmin group will be added, the user <systemitem
class="username">trhodes</systemitem> to that group, and
@ -322,9 +322,8 @@
also enforce mixed characters. In particular the
&man.pam.passwdqc.8; will be discussed.</para>
<para>To proceed, open the
<filename>/etc/pam.d/passwd</filename> file and add the
following line to the file.</para>
<para>To proceed, add the following line to
<filename>/etc/pam.d/passwd</filename>:</para>
<programlisting>password requisite pam_passwdqc.so min=disabled,disabled,disabled,12,10 similar=deny retry=3 enforce=users</programlisting>
@ -408,18 +407,18 @@ Enter new password:</programlisting>
<para>A backdoor or rootkit software does do one thing useful
for administrators - once detected, it is a sign that a
compromise happened at some point. But normally these types
types of applications are hidden very well. Tools do exist
of applications are hidden very well. Tools do exist
to detect backdoors and rootkits, one of them is
<package>security/rkhunter</package>.</para>
<para>After installation the system may be checked using the
following command which will produce a lot of
information:</para>
<para>After installation, the system may be checked using the
following command. It will produce a lot of
information and will require some manual
pressing of the <keycap>ENTER</keycap> key:</para>
<screen>&prompt.root; <userinput>rkhunter -c</userinput></screen>
<para>After the process complete, which will require some manual
pressing of the <keycap>ENTER</keycap> key, a status message
<para>After the process completes, a status message
will be printed to the screen. This message will include the
amount of files checked, suspect files, possible rootkits, and
more. During the check, some generic security warnings may
@ -477,8 +476,8 @@ Enter new password:</programlisting>
<screen>&prompt.root; mtree: /bin checksum: 3427012225</screen>
<para>Viewing the <filename>bin_cksum_mtree</filename> file
should yield output similar to the following as well:</para>
<para>Viewing <filename>bin_cksum_mtree</filename>
should yield output similar to the following:</para>
<programlisting># user: root
# machine: dreadnaught
@ -518,8 +517,8 @@ Enter new password:</programlisting>
was originally ran. Since no changes occurred in the time
these commands were ran, the
<filename>bin_chksum_output</filename> output will be empty.
To simulate a change, change the date on the
<filename>/bin/cat</filename> file using &man.touch.1; and run
To simulate a change, change the date on
<filename>/bin/cat</filename> using &man.touch.1; and run
the verification command again:</para>
<screen>&prompt.root; <userinput>touch /bin/cat</userinput></screen>
@ -1264,7 +1263,7 @@ Aug 27 15:37:58 Aug 28 01:37:58 krbtgt/EXAMPLE.ORG@EXAMPLE.ORG</screen>
</sect2>
<sect2>
<title>Configuring a Server to use
<title>Configuring a Server to Use
<application>Kerberos</application></title>
<indexterm>
@ -1356,7 +1355,7 @@ kadmin&gt;<userinput> exit</userinput></screen>
</sect2>
<sect2>
<title>Configuring a Client to use
<title>Configuring a Client to Use
<application>Kerberos</application></title>
<indexterm>
@ -2899,7 +2898,7 @@ user@unfirewalled-system.example.org's password: <userinput>*******</userinput><
</note>
<tip>
<para>Don't confuse <filename>/etc/ssh/sshd_config</filename>
<para>Do not confuse <filename>/etc/ssh/sshd_config</filename>
with <filename>/etc/ssh/ssh_config</filename> (note the
extra <literal>d</literal> in the first filename). The
first file configures the server and the second file