os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix some redundancy and title capitalization in Security chapter.

Browse source 
Sponsored by:	iXsystems
This commit is contained in:
Dru Lavigne 2014-04-18 19:42:57 +00:00
parent 06fa643ac1
commit c2a65919a8
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=44606
1 changed files with 17 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
en_US.ISO8859-1/books/handbook/security/chapter.xml
View file

@ -242,8 +242,8 @@
and even lock users into running only single, privileged and even lock users into running only single, privileged
commands such as &man.service.8;</para> commands such as &man.service.8;</para>
<para>After installation, edit the <para>After installation, edit
<filename>/usr/local/etc/sudoers</filename> file by using <filename>/usr/local/etc/sudoers</filename> using
the <command>visudo</command> interface. In this example, the <command>visudo</command> interface. In this example,
a new webadmin group will be added, the user <systemitem a new webadmin group will be added, the user <systemitem
class="username">trhodes</systemitem> to that group, and class="username">trhodes</systemitem> to that group, and
@ -322,9 +322,8 @@
also enforce mixed characters. In particular the also enforce mixed characters. In particular the
&man.pam.passwdqc.8; will be discussed.</para> &man.pam.passwdqc.8; will be discussed.</para>
<para>To proceed, open the <para>To proceed, add the following line to
<filename>/etc/pam.d/passwd</filename> file and add the <filename>/etc/pam.d/passwd</filename>:</para>
following line to the file.</para>
<programlisting>password requisite pam_passwdqc.so min=disabled,disabled,disabled,12,10 similar=deny retry=3 enforce=users</programlisting> <programlisting>password requisite pam_passwdqc.so min=disabled,disabled,disabled,12,10 similar=deny retry=3 enforce=users</programlisting>
@ -408,18 +407,18 @@ Enter new password:</programlisting>
<para>A backdoor or rootkit software does do one thing useful <para>A backdoor or rootkit software does do one thing useful
for administrators - once detected, it is a sign that a for administrators - once detected, it is a sign that a
compromise happened at some point. But normally these types compromise happened at some point. But normally these types
types of applications are hidden very well. Tools do exist of applications are hidden very well. Tools do exist
to detect backdoors and rootkits, one of them is to detect backdoors and rootkits, one of them is
<package>security/rkhunter</package>.</para> <package>security/rkhunter</package>.</para>
<para>After installation the system may be checked using the <para>After installation, the system may be checked using the
following command which will produce a lot of following command. It will produce a lot of
information:</para> information and will require some manual
pressing of the <keycap>ENTER</keycap> key:</para>
<screen>&prompt.root; <userinput>rkhunter -c</userinput></screen> <screen>&prompt.root; <userinput>rkhunter -c</userinput></screen>
<para>After the process complete, which will require some manual <para>After the process completes, a status message
pressing of the <keycap>ENTER</keycap> key, a status message
will be printed to the screen. This message will include the will be printed to the screen. This message will include the
amount of files checked, suspect files, possible rootkits, and amount of files checked, suspect files, possible rootkits, and
more. During the check, some generic security warnings may more. During the check, some generic security warnings may
@ -477,8 +476,8 @@ Enter new password:</programlisting>
<screen>&prompt.root; mtree: /bin checksum: 3427012225</screen> <screen>&prompt.root; mtree: /bin checksum: 3427012225</screen>
<para>Viewing the <filename>bin_cksum_mtree</filename> file <para>Viewing <filename>bin_cksum_mtree</filename>
should yield output similar to the following as well:</para> should yield output similar to the following:</para>
<programlisting># user: root <programlisting># user: root
# machine: dreadnaught # machine: dreadnaught
@ -518,8 +517,8 @@ Enter new password:</programlisting>
was originally ran. Since no changes occurred in the time was originally ran. Since no changes occurred in the time
these commands were ran, the these commands were ran, the
<filename>bin_chksum_output</filename> output will be empty. <filename>bin_chksum_output</filename> output will be empty.
To simulate a change, change the date on the To simulate a change, change the date on
<filename>/bin/cat</filename> file using &man.touch.1; and run <filename>/bin/cat</filename> using &man.touch.1; and run
the verification command again:</para> the verification command again:</para>
<screen>&prompt.root; <userinput>touch /bin/cat</userinput></screen> <screen>&prompt.root; <userinput>touch /bin/cat</userinput></screen>
@ -1264,7 +1263,7 @@ Aug 27 15:37:58 Aug 28 01:37:58 krbtgt/EXAMPLE.ORG@EXAMPLE.ORG</screen>
</sect2> </sect2>
<sect2> <sect2>
<title>Configuring a Server to use <title>Configuring a Server to Use
<application>Kerberos</application></title> <application>Kerberos</application></title>
<indexterm> <indexterm>
@ -1356,7 +1355,7 @@ kadmin&gt;<userinput> exit</userinput></screen>
</sect2> </sect2>
<sect2> <sect2>
<title>Configuring a Client to use <title>Configuring a Client to Use
<application>Kerberos</application></title> <application>Kerberos</application></title>
<indexterm> <indexterm>
@ -2899,7 +2898,7 @@ user@unfirewalled-system.example.org's password: <userinput>*******</userinput><
</note> </note>
<tip> <tip>
<para>Don't confuse <filename>/etc/ssh/sshd_config</filename> <para>Do not confuse <filename>/etc/ssh/sshd_config</filename>
with <filename>/etc/ssh/ssh_config</filename> (note the with <filename>/etc/ssh/ssh_config</filename> (note the
extra <literal>d</literal> in the first filename). The extra <literal>d</literal> in the first filename). The
first file configures the server and the second file first file configures the server and the second file