1 |
nightmorph 10/04/02 07:34:39 |
2 |
|
3 |
Modified: security-handbook.xml shb-logging.xml |
4 |
Log: |
5 |
get the security handbook more up-to-date with working syslog-ng configs |
6 |
|
7 |
Revision Changes Path |
8 |
1.4 xml/htdocs/doc/en/security/security-handbook.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/security-handbook.xml?rev=1.4&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/security-handbook.xml?rev=1.4&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/security-handbook.xml?r1=1.3&r2=1.4 |
13 |
|
14 |
Index: security-handbook.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/security-handbook.xml,v |
17 |
retrieving revision 1.3 |
18 |
retrieving revision 1.4 |
19 |
diff -u -r1.3 -r1.4 |
20 |
--- security-handbook.xml 29 Nov 2006 15:21:33 -0000 1.3 |
21 |
+++ security-handbook.xml 2 Apr 2010 07:34:39 -0000 1.4 |
22 |
@@ -1,8 +1,8 @@ |
23 |
<?xml version='1.0' encoding='UTF-8'?> |
24 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/security-handbook.xml,v 1.3 2006/11/29 15:21:33 nightmorph Exp $ --> |
25 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/security-handbook.xml,v 1.4 2010/04/02 07:34:39 nightmorph Exp $ --> |
26 |
<!DOCTYPE book SYSTEM "/dtd/book.dtd"> |
27 |
|
28 |
-<book link="/doc/en/security/security-handbook.xml"> |
29 |
+<book> |
30 |
<title>Gentoo Security Handbook</title> |
31 |
|
32 |
<author title="Author"> |
33 |
@@ -38,6 +38,9 @@ |
34 |
<author title="Editor"> |
35 |
<mail link="krispykringle@g.o">Dan Margolis</mail> |
36 |
</author> |
37 |
+<author title="Editor"> |
38 |
+ <mail link="nightmorph"/> |
39 |
+</author> |
40 |
|
41 |
<abstract> |
42 |
This is a step-by-step guide for hardening Gentoo Linux. |
43 |
@@ -45,8 +48,8 @@ |
44 |
|
45 |
<license/> |
46 |
|
47 |
-<version>1.0</version> |
48 |
-<date>2005-05-31</date> |
49 |
+<version>1.1</version> |
50 |
+<date>2010-04-02</date> |
51 |
|
52 |
<!-- |
53 |
<section> |
54 |
@@ -54,18 +57,17 @@ |
55 |
<body> |
56 |
|
57 |
<p> |
58 |
-In version 0.6 (Backup) |
59 |
+(Backup) |
60 |
</p> |
61 |
<ul> |
62 |
<li>Arpwatch</li> |
63 |
-<li>Full system backup using Systemimager</li> |
64 |
<li>Partial backup using tar</li> |
65 |
<li>Backing up postgres</li> |
66 |
</ul> |
67 |
|
68 |
|
69 |
<p> |
70 |
-In version 0.8 (Penetration testing) |
71 |
+(Penetration testing) |
72 |
</p> |
73 |
<ul> |
74 |
<li>Remote audits</li> |
75 |
@@ -75,7 +77,7 @@ |
76 |
</ul> |
77 |
|
78 |
<p> |
79 |
-In version 1.0 (After a compromise) |
80 |
+(After a compromise) |
81 |
</p> |
82 |
<ul> |
83 |
<li>How to report an incident</li> |
84 |
@@ -86,17 +88,11 @@ |
85 |
<li>Restoring system</li> |
86 |
</ul> |
87 |
|
88 |
-<note> |
89 |
-Please note that each version concentrates on one subject at a time. This is for |
90 |
-quality assurance purposes. |
91 |
-</note> |
92 |
- |
93 |
</body> |
94 |
</section> |
95 |
--> |
96 |
|
97 |
<part> |
98 |
- |
99 |
<title>System Security</title> |
100 |
<abstract> |
101 |
Harden different parts of your system to make it more secure. |
102 |
@@ -213,6 +209,6 @@ |
103 |
</abstract> |
104 |
<include href="shb-uptodate.xml"/> |
105 |
</chapter> |
106 |
- |
107 |
</part> |
108 |
+ |
109 |
</book> |
110 |
|
111 |
|
112 |
|
113 |
1.6 xml/htdocs/doc/en/security/shb-logging.xml |
114 |
|
115 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-logging.xml?rev=1.6&view=markup |
116 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-logging.xml?rev=1.6&content-type=text/plain |
117 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-logging.xml?r1=1.5&r2=1.6 |
118 |
|
119 |
Index: shb-logging.xml |
120 |
=================================================================== |
121 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-logging.xml,v |
122 |
retrieving revision 1.5 |
123 |
retrieving revision 1.6 |
124 |
diff -u -r1.5 -r1.6 |
125 |
--- shb-logging.xml 7 Mar 2007 01:51:52 -0000 1.5 |
126 |
+++ shb-logging.xml 2 Apr 2010 07:34:39 -0000 1.6 |
127 |
@@ -1,5 +1,5 @@ |
128 |
<?xml version='1.0' encoding='UTF-8'?> |
129 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-logging.xml,v 1.5 2007/03/07 01:51:52 nightmorph Exp $ --> |
130 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-logging.xml,v 1.6 2010/04/02 07:34:39 nightmorph Exp $ --> |
131 |
<!DOCTYPE sections SYSTEM "/dtd/book.dtd"> |
132 |
|
133 |
<!-- The content of this document is licensed under the CC-BY-SA license --> |
134 |
@@ -7,8 +7,8 @@ |
135 |
|
136 |
<sections> |
137 |
|
138 |
-<version>1.2</version> |
139 |
-<date>2005-11-25</date> |
140 |
+<version>1.3</version> |
141 |
+<date>2010-04-02</date> |
142 |
|
143 |
<section> |
144 |
<title>Introduction</title> |
145 |
@@ -208,13 +208,24 @@ |
146 |
</p> |
147 |
|
148 |
<pre caption="/etc/syslog-ng/syslog-ng.conf"> |
149 |
-options { chain_hostnames(off); sync(0); }; |
150 |
+options { |
151 |
+ chain_hostnames(no); |
152 |
+ |
153 |
+ <comment># The default action of syslog-ng is to log a STATS line |
154 |
+ # to the file every 10 minutes. That's pretty ugly after a while. |
155 |
+ # Change it to every 12 hours so you get a nice daily update of |
156 |
+ # how many messages syslog-ng missed (0).</comment> |
157 |
+ stats_freq(43200); |
158 |
+}; |
159 |
+ |
160 |
+source src { |
161 |
+ unix-stream("/dev/log" max-connections(256)); |
162 |
+ internal(); |
163 |
+}; |
164 |
|
165 |
-#source where to read log |
166 |
-source src { unix-stream("/dev/log"); internal(); }; |
167 |
source kernsrc { file("/proc/kmsg"); }; |
168 |
|
169 |
-#define destinations |
170 |
+<comment># define destinations</comment> |
171 |
destination authlog { file("/var/log/auth.log"); }; |
172 |
destination syslog { file("/var/log/syslog"); }; |
173 |
destination cron { file("/var/log/cron.log"); }; |
174 |
@@ -235,10 +246,16 @@ |
175 |
destination debug { file("/var/log/debug"); }; |
176 |
destination messages { file("/var/log/messages"); }; |
177 |
destination console { usertty("root"); }; |
178 |
+ |
179 |
+<comment># By default messages are logged to tty12...</comment> |
180 |
destination console_all { file("/dev/tty12"); }; |
181 |
-destination xconsole { pipe("/dev/xconsole"); }; |
182 |
|
183 |
-#create filters |
184 |
+<comment># ...if you intend to use /dev/console for programs like xconsole |
185 |
+# you can comment out the destination line above that references /dev/tty12 |
186 |
+# and uncomment the line below.</comment> |
187 |
+#destination console_all { file("/dev/console"); }; |
188 |
+ |
189 |
+<comment># create filters</comment> |
190 |
filter f_authpriv { facility(auth, authpriv); }; |
191 |
filter f_syslog { not facility(authpriv, mail); }; |
192 |
filter f_cron { facility(cron); }; |
193 |
@@ -257,10 +274,10 @@ |
194 |
filter f_warn { level(warn); }; |
195 |
filter f_crit { level(crit); }; |
196 |
filter f_err { level(err); }; |
197 |
-filter f_failed { match("failed"); }; |
198 |
-filter f_denied { match("denied"); }; |
199 |
+filter f_failed { message("failed"); }; |
200 |
+filter f_denied { message("denied"); }; |
201 |
|
202 |
-#connect filter and destination |
203 |
+<comment># connect filter and destination</comment> |
204 |
log { source(src); filter(f_authpriv); destination(authlog); }; |
205 |
log { source(src); filter(f_syslog); destination(syslog); }; |
206 |
log { source(src); filter(f_cron); destination(cron); }; |
207 |
@@ -277,7 +294,7 @@ |
208 |
log { source(src); filter(f_messages); destination(messages); }; |
209 |
log { source(src); filter(f_emergency); destination(console); }; |
210 |
|
211 |
-#default log |
212 |
+<comment># default log</comment> |
213 |
log { source(src); destination(console_all); }; |
214 |
</pre> |