Run through aspell.
This commit is contained in:
Tom Rhodes
parent
9e8bc7243d
commit
e95945c072
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=22194
1 changed files with 12 additions and 12 deletions
|
|
@ -85,7 +85,7 @@
|
|||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>How to utililize the &os; security advisories
|
||||
<para>How to utilize the &os; security advisories
|
||||
publications.</para>
|
||||
</listitem>
|
||||
|
||||
|
|
@ -116,7 +116,7 @@
|
|||
servers — meaning that external entities can connect and talk
|
||||
to them. As yesterday's mini-computers and mainframes become
|
||||
today's desktops, and as computers become networked and
|
||||
internetworked, security becomes an even bigger issue.</para>
|
||||
internetwork, security becomes an even bigger issue.</para>
|
||||
|
||||
<para>Security is best implemented through a layered
|
||||
<quote>onion</quote> approach. In a nutshell, what you want to do is
|
||||
|
|
@ -269,7 +269,7 @@
|
|||
|
||||
<listitem>
|
||||
<para>Securing the kernel core, raw devices, and
|
||||
filesystems.</para>
|
||||
file systems.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
|
@ -325,7 +325,7 @@
|
|||
machine. What it does mean is that you should not make it
|
||||
possible to use the password outside of the console or possibly
|
||||
even with the &man.su.1; command. For example, make sure that
|
||||
your pty's are specified as being insecure in the
|
||||
your ptys are specified as being insecure in the
|
||||
<filename>/etc/ttys</filename> file so that direct
|
||||
<username>root</username> logins
|
||||
via <command>telnet</command> or <command>rlogin</command> are
|
||||
|
|
@ -545,7 +545,7 @@
|
|||
and thus read the encrypted password file, potentially compromising
|
||||
any passworded account. Alternatively an intruder who breaks
|
||||
group <literal>kmem</literal> can monitor keystrokes sent through
|
||||
pty's, including pty's used by users who login through secure
|
||||
ptys, including Pt's used by users who login through secure
|
||||
methods. An intruder that breaks the <groupname>tty</groupname>
|
||||
group can write to
|
||||
almost any user's tty. If a user is running a terminal program or
|
||||
|
|
@ -589,7 +589,7 @@
|
|||
|
||||
<sect2>
|
||||
<title>Securing the Kernel Core, Raw Devices, and
|
||||
Filesystems</title>
|
||||
File systems</title>
|
||||
|
||||
<para>If an attacker breaks <username>root</username> he can do
|
||||
just about anything, but
|
||||
|
|
@ -667,7 +667,7 @@
|
|||
allow the limited-access box to ssh to
|
||||
the other machines. Except for its network traffic, NFS is the
|
||||
least visible method — allowing you to monitor the
|
||||
filesystems on each client box virtually undetected. If your
|
||||
file systems on each client box virtually undetected. If your
|
||||
limited-access server is connected to the client boxes through a
|
||||
switch, the NFS method is often the better choice. If your
|
||||
limited-access server is connected to the client boxes through a
|
||||
|
|
@ -952,7 +952,7 @@
|
|||
<para>We recommend that you use ssh in
|
||||
combination with Kerberos whenever possible for staff logins.
|
||||
<application>ssh</application> can be compiled with Kerberos
|
||||
support. This reduces your reliance on potentially exposable
|
||||
support. This reduces your reliance on potentially exposed
|
||||
ssh keys while at the same time
|
||||
protecting passwords via Kerberos. ssh
|
||||
keys should only be used for automated tasks from secure machines
|
||||
|
|
@ -1419,7 +1419,7 @@ permit port ttyd0</programlisting>
|
|||
&unix; passwords at any time. Generally speaking, this should only
|
||||
be used for people who are either unable to use the
|
||||
<command>key</command> program, like those with dumb terminals, or
|
||||
those who are uneducable.</para>
|
||||
those who are ineducable.</para>
|
||||
|
||||
<para>The third line (<literal>permit port</literal>) allows all
|
||||
users logging in on the specified terminal line to use &unix;
|
||||
|
|
@ -1997,7 +1997,7 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
|
|||
description.</para>
|
||||
|
||||
<para>For purposes of demonstrating a <application>Kerberos</application>
|
||||
installation, the various namespaces will be handled as follows:</para>
|
||||
installation, the various name spaces will be handled as follows:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
|
|
@ -2591,7 +2591,7 @@ jdoe@example.org</screen>
|
|||
<application>Kerberos</application> enabling all remote shells
|
||||
(via <command>rsh</command> and <command>telnet</command>, for
|
||||
example) but not converting the <acronym>POP3</acronym> mail
|
||||
server which sends passwords in plaintext.</para>
|
||||
server which sends passwords in plain text.</para>
|
||||
|
||||
</sect3>
|
||||
|
||||
|
|
@ -2679,7 +2679,7 @@ jdoe@example.org</screen>
|
|||
|
||||
<listitem>
|
||||
<para><ulink url="http://web.mit.edu/Kerberos/www/dialogue.html">Designing
|
||||
an Authentication System: a Dialogue in Four Scenes</ulink></para>
|
||||
an Authentication System: a Dialog in Four Scenes</ulink></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
|
|
|||
Loading…
Reference in a new issue