Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Flammie Pirinen (flammie)" <flammie@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/doc/fi/security: security-handbook.xml shb-intrusion.xml shb-limits.xml shb-logging.xml shb-tcp.xml
Date: Sun, 30 Jan 2011 18:39:14
Message-Id: 20110130183810.A22CB20054@flycatcher.gentoo.org
1 flammie 11/01/30 18:38:10
2
3 Modified: security-handbook.xml shb-intrusion.xml
4 shb-limits.xml shb-logging.xml shb-tcp.xml
5 Log:
6 Updated Finnish security handbook: package and file moves
7
8 Revision Changes Path
9 1.4 xml/htdocs/doc/fi/security/security-handbook.xml
10
11 file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/security-handbook.xml?rev=1.4&view=markup
12 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/security-handbook.xml?rev=1.4&content-type=text/plain
13 diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/security-handbook.xml?r1=1.3&r2=1.4
14
15 Index: security-handbook.xml
16 ===================================================================
17 RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/security-handbook.xml,v
18 retrieving revision 1.3
19 retrieving revision 1.4
20 diff -u -r1.3 -r1.4
21 --- security-handbook.xml 22 Jul 2008 12:57:43 -0000 1.3
22 +++ security-handbook.xml 30 Jan 2011 18:38:10 -0000 1.4
23 @@ -1,5 +1,5 @@
24 <?xml version='1.0' encoding='UTF-8'?>
25 -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/security-handbook.xml,v 1.3 2008/07/22 12:57:43 flammie Exp $ -->
26 +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/security-handbook.xml,v 1.4 2011/01/30 18:38:10 flammie Exp $ -->
27 <!DOCTYPE book SYSTEM "/dtd/book.dtd">
28
29 <book link="/doc/fi/security/security-handbook.xml" lang="fi">
30 @@ -38,6 +38,12 @@
31 <author title="Toimittaja">
32 <mail link="krispykringle@g.o">Dan Margolis</mail>
33 </author>
34 +<author title="Editor">
35 + <mail link="nightmorph"/>
36 +</author>
37 +<author title="Vastuullinen kääntäjä">
38 + <mail link="flammie"/>
39 +</author>
40
41 <abstract>
42 Tämä on opas Gentoo Linuxin tietoturvan parantamiseen.
43 @@ -45,8 +51,8 @@
44
45 <license/>
46
47 -<version>1.0</version>
48 -<date>2005-05-31</date>
49 +<version>1.1</version>
50 +<date>2010-04-02</date>
51
52 <!--
53 <section>
54
55
56
57 1.4 xml/htdocs/doc/fi/security/shb-intrusion.xml
58
59 file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-intrusion.xml?rev=1.4&view=markup
60 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-intrusion.xml?rev=1.4&content-type=text/plain
61 diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-intrusion.xml?r1=1.3&r2=1.4
62
63 Index: shb-intrusion.xml
64 ===================================================================
65 RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-intrusion.xml,v
66 retrieving revision 1.3
67 retrieving revision 1.4
68 diff -u -r1.3 -r1.4
69 --- shb-intrusion.xml 22 Jul 2008 12:57:43 -0000 1.3
70 +++ shb-intrusion.xml 30 Jan 2011 18:38:10 -0000 1.4
71 @@ -1,5 +1,5 @@
72 <?xml version='1.0' encoding='UTF-8'?>
73 -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-intrusion.xml,v 1.3 2008/07/22 12:57:43 flammie Exp $ -->
74 +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-intrusion.xml,v 1.4 2011/01/30 18:38:10 flammie Exp $ -->
75 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">
76
77 <!-- The content of this document is licensed under the CC-BY-SA license -->
78 @@ -7,8 +7,8 @@
79
80 <sections>
81
82 -<version>1.3</version>
83 -<date>2006-11-01</date>
84 +<version>2</version>
85 +<date>2005-05-31</date>
86
87 <section>
88 <title>AIDE (Advanced Intrusion Detection Environment)</title>
89
90
91
92 1.4 xml/htdocs/doc/fi/security/shb-limits.xml
93
94 file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-limits.xml?rev=1.4&view=markup
95 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-limits.xml?rev=1.4&content-type=text/plain
96 diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-limits.xml?r1=1.3&r2=1.4
97
98 Index: shb-limits.xml
99 ===================================================================
100 RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-limits.xml,v
101 retrieving revision 1.3
102 retrieving revision 1.4
103 diff -u -r1.3 -r1.4
104 --- shb-limits.xml 22 Jul 2008 12:57:43 -0000 1.3
105 +++ shb-limits.xml 30 Jan 2011 18:38:10 -0000 1.4
106 @@ -1,5 +1,5 @@
107 <?xml version='1.0' encoding='UTF-8'?>
108 -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-limits.xml,v 1.3 2008/07/22 12:57:43 flammie Exp $ -->
109 +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-limits.xml,v 1.4 2011/01/30 18:38:10 flammie Exp $ -->
110 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">
111
112 <!-- The content of this document is licensed under the CC-BY-SA license -->
113 @@ -7,8 +7,8 @@
114
115 <sections>
116
117 -<version>1.4</version>
118 -<date>2007-07-08</date>
119 +<version>1.5</version>
120 +<date>2001-04-26</date>
121
122 <section id="limits_conf">
123 <title>/etc/security/limits.conf</title>
124 @@ -182,11 +182,11 @@
125 </body>
126 </section>
127 <section>
128 -<title>/etc/login.access</title>
129 + <title>/etc/security/access.conf</title>
130 <body>
131
132 <p>
133 -<path>login.access</path> kuuluu sys-apps/shadowiin, joka määrää
134 +<path>Access.conf</path> kuuluu sys-apps/pamiin, joka määrää
135 käyttöoikeudet. Tässä tiedostossa määritellään mitkä käyttäjät, ryhmät tai
136 koneosoitteet voivat kirjautua. Oletusarvoisesti kaikki voivat kirjautua,
137 joten tiedosto sisältää aluksi vain kommentteja ja esimerkkejä. Sekä
138 @@ -195,10 +195,10 @@
139 </p>
140
141 <note>
142 -Näillä asetuksilla ei ole vaikutusta rootiin.
143 +Näillä asetuksilla säädetään myös rootin rajoja.
144 </note>
145
146 -<pre caption="/etc/login.access">
147 +<pre caption="/etc/security/access.conf">
148 -:ALL EXCEPT wheel sync:console
149 -:wheel:ALL EXCEPT LOCAL .gentoo.org
150 </pre>
151
152
153
154 1.4 xml/htdocs/doc/fi/security/shb-logging.xml
155
156 file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-logging.xml?rev=1.4&view=markup
157 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-logging.xml?rev=1.4&content-type=text/plain
158 diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-logging.xml?r1=1.3&r2=1.4
159
160 Index: shb-logging.xml
161 ===================================================================
162 RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-logging.xml,v
163 retrieving revision 1.3
164 retrieving revision 1.4
165 diff -u -r1.3 -r1.4
166 --- shb-logging.xml 22 Jul 2008 12:57:43 -0000 1.3
167 +++ shb-logging.xml 30 Jan 2011 18:38:10 -0000 1.4
168 @@ -1,5 +1,5 @@
169 <?xml version='1.0' encoding='UTF-8'?>
170 -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-logging.xml,v 1.3 2008/07/22 12:57:43 flammie Exp $ -->
171 +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-logging.xml,v 1.4 2011/01/30 18:38:10 flammie Exp $ -->
172 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">
173
174 <!-- The content of this document is licensed under the CC-BY-SA license -->
175 @@ -7,8 +7,8 @@
176
177 <sections>
178
179 -<version>1.2</version>
180 -<date>2005-11-25</date>
181 +<version>1.3</version>
182 +<date>2001-04-02</date>
183
184 <section>
185 <title>Johdanto</title>
186 @@ -209,6 +209,98 @@
187 </p>
188
189 <pre caption="/etc/syslog-ng/syslog-ng.conf">
190 +options {
191 + chain_hostnames(no);
192 +
193 + <comment># The default action of syslog-ng is to log a STATS line
194 + # to the file every 10 minutes. That's pretty ugly after a while.
195 + # Change it to every 12 hours so you get a nice daily update of
196 + # how many messages syslog-ng missed (0).</comment>
197 + stats_freq(43200);
198 +};
199 +
200 +source src {
201 + unix-stream("/dev/log" max-connections(256));
202 + internal();
203 +};
204 +
205 +source kernsrc { file("/proc/kmsg"); };
206 +
207 +<comment># define destinations</comment>
208 +destination authlog { file("/var/log/auth.log"); };
209 +destination syslog { file("/var/log/syslog"); };
210 +destination cron { file("/var/log/cron.log"); };
211 +destination daemon { file("/var/log/daemon.log"); };
212 +destination kern { file("/var/log/kern.log"); };
213 +destination lpr { file("/var/log/lpr.log"); };
214 +destination user { file("/var/log/user.log"); };
215 +destination mail { file("/var/log/mail.log"); };
216 +
217 +destination mailinfo { file("/var/log/mail.info"); };
218 +destination mailwarn { file("/var/log/mail.warn"); };
219 +destination mailerr { file("/var/log/mail.err"); };
220 +
221 +destination newscrit { file("/var/log/news/news.crit"); };
222 +destination newserr { file("/var/log/news/news.err"); };
223 +destination newsnotice { file("/var/log/news/news.notice"); };
224 +
225 +destination debug { file("/var/log/debug"); };
226 +destination messages { file("/var/log/messages"); };
227 +destination console { usertty("root"); };
228 +
229 +<comment># By default messages are logged to tty12...</comment>
230 +destination console_all { file("/dev/tty12"); };
231 +
232 +<comment># ...if you intend to use /dev/console for programs like xconsole
233 +# you can comment out the destination line above that references /dev/tty12
234 +# and uncomment the line below.</comment>
235 +#destination console_all { file("/dev/console"); };
236 +
237 +<comment># create filters</comment>
238 +filter f_authpriv { facility(auth, authpriv); };
239 +filter f_syslog { not facility(authpriv, mail); };
240 +filter f_cron { facility(cron); };
241 +filter f_daemon { facility(daemon); };
242 +filter f_kern { facility(kern); };
243 +filter f_lpr { facility(lpr); };
244 +filter f_mail { facility(mail); };
245 +filter f_user { facility(user); };
246 +filter f_debug { not facility(auth, authpriv, news, mail); };
247 +filter f_messages { level(info..warn)
248 + and not facility(auth, authpriv, mail, news); };
249 +filter f_emergency { level(emerg); };
250 +
251 +filter f_info { level(info); };
252 +filter f_notice { level(notice); };
253 +filter f_warn { level(warn); };
254 +filter f_crit { level(crit); };
255 +filter f_err { level(err); };
256 +filter f_failed { message("failed"); };
257 +filter f_denied { message("denied"); };
258 +
259 +<comment># connect filter and destination</comment>
260 +log { source(src); filter(f_authpriv); destination(authlog); };
261 +log { source(src); filter(f_syslog); destination(syslog); };
262 +log { source(src); filter(f_cron); destination(cron); };
263 +log { source(src); filter(f_daemon); destination(daemon); };
264 +log { source(kernsrc); filter(f_kern); destination(kern); };
265 +log { source(src); filter(f_lpr); destination(lpr); };
266 +log { source(src); filter(f_mail); destination(mail); };
267 +log { source(src); filter(f_user); destination(user); };
268 +log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
269 +log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
270 +log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
271 +
272 +log { source(src); filter(f_debug); destination(debug); };
273 +log { source(src); filter(f_messages); destination(messages); };
274 +log { source(src); filter(f_emergency); destination(console); };
275 +
276 +<comment># default log</comment>
277 +log { source(src); destination(console_all); };
278 +</pre>
279 +
280 +
281 +<pre caption="/etc/syslog-ng/syslog-ng.conf">
282 options { chain_hostnames(off); sync(0); };
283
284 #source where to read log
285
286
287
288 1.3 xml/htdocs/doc/fi/security/shb-tcp.xml
289
290 file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-tcp.xml?rev=1.3&view=markup
291 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-tcp.xml?rev=1.3&content-type=text/plain
292 diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-tcp.xml?r1=1.2&r2=1.3
293
294 Index: shb-tcp.xml
295 ===================================================================
296 RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-tcp.xml,v
297 retrieving revision 1.2
298 retrieving revision 1.3
299 diff -u -r1.2 -r1.3
300 --- shb-tcp.xml 22 Jul 2008 12:57:43 -0000 1.2
301 +++ shb-tcp.xml 30 Jan 2011 18:38:10 -0000 1.3
302 @@ -1,5 +1,5 @@
303 <?xml version='1.0' encoding='UTF-8'?>
304 -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-tcp.xml,v 1.2 2008/07/22 12:57:43 flammie Exp $ -->
305 +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-tcp.xml,v 1.3 2011/01/30 18:38:10 flammie Exp $ -->
306 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">
307
308 <!-- The content of this document is licensed under the CC-BY-SA license -->
309 @@ -7,8 +7,8 @@
310
311 <sections>
312
313 -<version>1.0</version>
314 -<date>2005-05-31</date>
315 +<version>1.1</version>
316 +<date>2010-04-26</date>
317
318 <section>
319 <title>TCP-Wrapperit</title>
320 @@ -34,9 +34,10 @@
321 </pre>
322
323 <p>
324 -Tämä on hyvin samankaltainen kuin <path>/etc/login.access</path>. Tcpd koskee
325 -tiettyjä palveluita, joten se ei mene ristiin <path>/etc/login.access</path>in
326 -kanssa. Nämä asetukset vaikuttavat vain tcp-wrappereita käyttäviin palveluihin.
327 + Tämä on hyvin samankaltainen kuin <path>/etc/security/access.conf</path>.
328 + Tcpd koskee tiettyjä palveluita, joten se ei mene ristiin
329 + <path>/etc/security/access.conf</path>in kanssa. Nämä asetukset vaikuttavat
330 + vain tcp-wrappereita käyttäviin palveluihin.
331 </p>
332
333 <p>
Report Message
Find on MARC Find on Google Groups