1 |
flammie 11/01/30 18:38:10 |
2 |
|
3 |
Modified: security-handbook.xml shb-intrusion.xml |
4 |
shb-limits.xml shb-logging.xml shb-tcp.xml |
5 |
Log: |
6 |
Updated Finnish security handbook: package and file moves |
7 |
|
8 |
Revision Changes Path |
9 |
1.4 xml/htdocs/doc/fi/security/security-handbook.xml |
10 |
|
11 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/security-handbook.xml?rev=1.4&view=markup |
12 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/security-handbook.xml?rev=1.4&content-type=text/plain |
13 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/security-handbook.xml?r1=1.3&r2=1.4 |
14 |
|
15 |
Index: security-handbook.xml |
16 |
=================================================================== |
17 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/security-handbook.xml,v |
18 |
retrieving revision 1.3 |
19 |
retrieving revision 1.4 |
20 |
diff -u -r1.3 -r1.4 |
21 |
--- security-handbook.xml 22 Jul 2008 12:57:43 -0000 1.3 |
22 |
+++ security-handbook.xml 30 Jan 2011 18:38:10 -0000 1.4 |
23 |
@@ -1,5 +1,5 @@ |
24 |
<?xml version='1.0' encoding='UTF-8'?> |
25 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/security-handbook.xml,v 1.3 2008/07/22 12:57:43 flammie Exp $ --> |
26 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/security-handbook.xml,v 1.4 2011/01/30 18:38:10 flammie Exp $ --> |
27 |
<!DOCTYPE book SYSTEM "/dtd/book.dtd"> |
28 |
|
29 |
<book link="/doc/fi/security/security-handbook.xml" lang="fi"> |
30 |
@@ -38,6 +38,12 @@ |
31 |
<author title="Toimittaja"> |
32 |
<mail link="krispykringle@g.o">Dan Margolis</mail> |
33 |
</author> |
34 |
+<author title="Editor"> |
35 |
+ <mail link="nightmorph"/> |
36 |
+</author> |
37 |
+<author title="Vastuullinen kääntäjä"> |
38 |
+ <mail link="flammie"/> |
39 |
+</author> |
40 |
|
41 |
<abstract> |
42 |
Tämä on opas Gentoo Linuxin tietoturvan parantamiseen. |
43 |
@@ -45,8 +51,8 @@ |
44 |
|
45 |
<license/> |
46 |
|
47 |
-<version>1.0</version> |
48 |
-<date>2005-05-31</date> |
49 |
+<version>1.1</version> |
50 |
+<date>2010-04-02</date> |
51 |
|
52 |
<!-- |
53 |
<section> |
54 |
|
55 |
|
56 |
|
57 |
1.4 xml/htdocs/doc/fi/security/shb-intrusion.xml |
58 |
|
59 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-intrusion.xml?rev=1.4&view=markup |
60 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-intrusion.xml?rev=1.4&content-type=text/plain |
61 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-intrusion.xml?r1=1.3&r2=1.4 |
62 |
|
63 |
Index: shb-intrusion.xml |
64 |
=================================================================== |
65 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-intrusion.xml,v |
66 |
retrieving revision 1.3 |
67 |
retrieving revision 1.4 |
68 |
diff -u -r1.3 -r1.4 |
69 |
--- shb-intrusion.xml 22 Jul 2008 12:57:43 -0000 1.3 |
70 |
+++ shb-intrusion.xml 30 Jan 2011 18:38:10 -0000 1.4 |
71 |
@@ -1,5 +1,5 @@ |
72 |
<?xml version='1.0' encoding='UTF-8'?> |
73 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-intrusion.xml,v 1.3 2008/07/22 12:57:43 flammie Exp $ --> |
74 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-intrusion.xml,v 1.4 2011/01/30 18:38:10 flammie Exp $ --> |
75 |
<!DOCTYPE sections SYSTEM "/dtd/book.dtd"> |
76 |
|
77 |
<!-- The content of this document is licensed under the CC-BY-SA license --> |
78 |
@@ -7,8 +7,8 @@ |
79 |
|
80 |
<sections> |
81 |
|
82 |
-<version>1.3</version> |
83 |
-<date>2006-11-01</date> |
84 |
+<version>2</version> |
85 |
+<date>2005-05-31</date> |
86 |
|
87 |
<section> |
88 |
<title>AIDE (Advanced Intrusion Detection Environment)</title> |
89 |
|
90 |
|
91 |
|
92 |
1.4 xml/htdocs/doc/fi/security/shb-limits.xml |
93 |
|
94 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-limits.xml?rev=1.4&view=markup |
95 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-limits.xml?rev=1.4&content-type=text/plain |
96 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-limits.xml?r1=1.3&r2=1.4 |
97 |
|
98 |
Index: shb-limits.xml |
99 |
=================================================================== |
100 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-limits.xml,v |
101 |
retrieving revision 1.3 |
102 |
retrieving revision 1.4 |
103 |
diff -u -r1.3 -r1.4 |
104 |
--- shb-limits.xml 22 Jul 2008 12:57:43 -0000 1.3 |
105 |
+++ shb-limits.xml 30 Jan 2011 18:38:10 -0000 1.4 |
106 |
@@ -1,5 +1,5 @@ |
107 |
<?xml version='1.0' encoding='UTF-8'?> |
108 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-limits.xml,v 1.3 2008/07/22 12:57:43 flammie Exp $ --> |
109 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-limits.xml,v 1.4 2011/01/30 18:38:10 flammie Exp $ --> |
110 |
<!DOCTYPE sections SYSTEM "/dtd/book.dtd"> |
111 |
|
112 |
<!-- The content of this document is licensed under the CC-BY-SA license --> |
113 |
@@ -7,8 +7,8 @@ |
114 |
|
115 |
<sections> |
116 |
|
117 |
-<version>1.4</version> |
118 |
-<date>2007-07-08</date> |
119 |
+<version>1.5</version> |
120 |
+<date>2001-04-26</date> |
121 |
|
122 |
<section id="limits_conf"> |
123 |
<title>/etc/security/limits.conf</title> |
124 |
@@ -182,11 +182,11 @@ |
125 |
</body> |
126 |
</section> |
127 |
<section> |
128 |
-<title>/etc/login.access</title> |
129 |
+ <title>/etc/security/access.conf</title> |
130 |
<body> |
131 |
|
132 |
<p> |
133 |
-<path>login.access</path> kuuluu sys-apps/shadowiin, joka määrää |
134 |
+<path>Access.conf</path> kuuluu sys-apps/pamiin, joka määrää |
135 |
käyttöoikeudet. Tässä tiedostossa määritellään mitkä käyttäjät, ryhmät tai |
136 |
koneosoitteet voivat kirjautua. Oletusarvoisesti kaikki voivat kirjautua, |
137 |
joten tiedosto sisältää aluksi vain kommentteja ja esimerkkejä. Sekä |
138 |
@@ -195,10 +195,10 @@ |
139 |
</p> |
140 |
|
141 |
<note> |
142 |
-Näillä asetuksilla ei ole vaikutusta rootiin. |
143 |
+Näillä asetuksilla säädetään myös rootin rajoja. |
144 |
</note> |
145 |
|
146 |
-<pre caption="/etc/login.access"> |
147 |
+<pre caption="/etc/security/access.conf"> |
148 |
-:ALL EXCEPT wheel sync:console |
149 |
-:wheel:ALL EXCEPT LOCAL .gentoo.org |
150 |
</pre> |
151 |
|
152 |
|
153 |
|
154 |
1.4 xml/htdocs/doc/fi/security/shb-logging.xml |
155 |
|
156 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-logging.xml?rev=1.4&view=markup |
157 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-logging.xml?rev=1.4&content-type=text/plain |
158 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-logging.xml?r1=1.3&r2=1.4 |
159 |
|
160 |
Index: shb-logging.xml |
161 |
=================================================================== |
162 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-logging.xml,v |
163 |
retrieving revision 1.3 |
164 |
retrieving revision 1.4 |
165 |
diff -u -r1.3 -r1.4 |
166 |
--- shb-logging.xml 22 Jul 2008 12:57:43 -0000 1.3 |
167 |
+++ shb-logging.xml 30 Jan 2011 18:38:10 -0000 1.4 |
168 |
@@ -1,5 +1,5 @@ |
169 |
<?xml version='1.0' encoding='UTF-8'?> |
170 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-logging.xml,v 1.3 2008/07/22 12:57:43 flammie Exp $ --> |
171 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-logging.xml,v 1.4 2011/01/30 18:38:10 flammie Exp $ --> |
172 |
<!DOCTYPE sections SYSTEM "/dtd/book.dtd"> |
173 |
|
174 |
<!-- The content of this document is licensed under the CC-BY-SA license --> |
175 |
@@ -7,8 +7,8 @@ |
176 |
|
177 |
<sections> |
178 |
|
179 |
-<version>1.2</version> |
180 |
-<date>2005-11-25</date> |
181 |
+<version>1.3</version> |
182 |
+<date>2001-04-02</date> |
183 |
|
184 |
<section> |
185 |
<title>Johdanto</title> |
186 |
@@ -209,6 +209,98 @@ |
187 |
</p> |
188 |
|
189 |
<pre caption="/etc/syslog-ng/syslog-ng.conf"> |
190 |
+options { |
191 |
+ chain_hostnames(no); |
192 |
+ |
193 |
+ <comment># The default action of syslog-ng is to log a STATS line |
194 |
+ # to the file every 10 minutes. That's pretty ugly after a while. |
195 |
+ # Change it to every 12 hours so you get a nice daily update of |
196 |
+ # how many messages syslog-ng missed (0).</comment> |
197 |
+ stats_freq(43200); |
198 |
+}; |
199 |
+ |
200 |
+source src { |
201 |
+ unix-stream("/dev/log" max-connections(256)); |
202 |
+ internal(); |
203 |
+}; |
204 |
+ |
205 |
+source kernsrc { file("/proc/kmsg"); }; |
206 |
+ |
207 |
+<comment># define destinations</comment> |
208 |
+destination authlog { file("/var/log/auth.log"); }; |
209 |
+destination syslog { file("/var/log/syslog"); }; |
210 |
+destination cron { file("/var/log/cron.log"); }; |
211 |
+destination daemon { file("/var/log/daemon.log"); }; |
212 |
+destination kern { file("/var/log/kern.log"); }; |
213 |
+destination lpr { file("/var/log/lpr.log"); }; |
214 |
+destination user { file("/var/log/user.log"); }; |
215 |
+destination mail { file("/var/log/mail.log"); }; |
216 |
+ |
217 |
+destination mailinfo { file("/var/log/mail.info"); }; |
218 |
+destination mailwarn { file("/var/log/mail.warn"); }; |
219 |
+destination mailerr { file("/var/log/mail.err"); }; |
220 |
+ |
221 |
+destination newscrit { file("/var/log/news/news.crit"); }; |
222 |
+destination newserr { file("/var/log/news/news.err"); }; |
223 |
+destination newsnotice { file("/var/log/news/news.notice"); }; |
224 |
+ |
225 |
+destination debug { file("/var/log/debug"); }; |
226 |
+destination messages { file("/var/log/messages"); }; |
227 |
+destination console { usertty("root"); }; |
228 |
+ |
229 |
+<comment># By default messages are logged to tty12...</comment> |
230 |
+destination console_all { file("/dev/tty12"); }; |
231 |
+ |
232 |
+<comment># ...if you intend to use /dev/console for programs like xconsole |
233 |
+# you can comment out the destination line above that references /dev/tty12 |
234 |
+# and uncomment the line below.</comment> |
235 |
+#destination console_all { file("/dev/console"); }; |
236 |
+ |
237 |
+<comment># create filters</comment> |
238 |
+filter f_authpriv { facility(auth, authpriv); }; |
239 |
+filter f_syslog { not facility(authpriv, mail); }; |
240 |
+filter f_cron { facility(cron); }; |
241 |
+filter f_daemon { facility(daemon); }; |
242 |
+filter f_kern { facility(kern); }; |
243 |
+filter f_lpr { facility(lpr); }; |
244 |
+filter f_mail { facility(mail); }; |
245 |
+filter f_user { facility(user); }; |
246 |
+filter f_debug { not facility(auth, authpriv, news, mail); }; |
247 |
+filter f_messages { level(info..warn) |
248 |
+ and not facility(auth, authpriv, mail, news); }; |
249 |
+filter f_emergency { level(emerg); }; |
250 |
+ |
251 |
+filter f_info { level(info); }; |
252 |
+filter f_notice { level(notice); }; |
253 |
+filter f_warn { level(warn); }; |
254 |
+filter f_crit { level(crit); }; |
255 |
+filter f_err { level(err); }; |
256 |
+filter f_failed { message("failed"); }; |
257 |
+filter f_denied { message("denied"); }; |
258 |
+ |
259 |
+<comment># connect filter and destination</comment> |
260 |
+log { source(src); filter(f_authpriv); destination(authlog); }; |
261 |
+log { source(src); filter(f_syslog); destination(syslog); }; |
262 |
+log { source(src); filter(f_cron); destination(cron); }; |
263 |
+log { source(src); filter(f_daemon); destination(daemon); }; |
264 |
+log { source(kernsrc); filter(f_kern); destination(kern); }; |
265 |
+log { source(src); filter(f_lpr); destination(lpr); }; |
266 |
+log { source(src); filter(f_mail); destination(mail); }; |
267 |
+log { source(src); filter(f_user); destination(user); }; |
268 |
+log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; |
269 |
+log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; |
270 |
+log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; |
271 |
+ |
272 |
+log { source(src); filter(f_debug); destination(debug); }; |
273 |
+log { source(src); filter(f_messages); destination(messages); }; |
274 |
+log { source(src); filter(f_emergency); destination(console); }; |
275 |
+ |
276 |
+<comment># default log</comment> |
277 |
+log { source(src); destination(console_all); }; |
278 |
+</pre> |
279 |
+ |
280 |
+ |
281 |
+<pre caption="/etc/syslog-ng/syslog-ng.conf"> |
282 |
options { chain_hostnames(off); sync(0); }; |
283 |
|
284 |
#source where to read log |
285 |
|
286 |
|
287 |
|
288 |
1.3 xml/htdocs/doc/fi/security/shb-tcp.xml |
289 |
|
290 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-tcp.xml?rev=1.3&view=markup |
291 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-tcp.xml?rev=1.3&content-type=text/plain |
292 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/fi/security/shb-tcp.xml?r1=1.2&r2=1.3 |
293 |
|
294 |
Index: shb-tcp.xml |
295 |
=================================================================== |
296 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-tcp.xml,v |
297 |
retrieving revision 1.2 |
298 |
retrieving revision 1.3 |
299 |
diff -u -r1.2 -r1.3 |
300 |
--- shb-tcp.xml 22 Jul 2008 12:57:43 -0000 1.2 |
301 |
+++ shb-tcp.xml 30 Jan 2011 18:38:10 -0000 1.3 |
302 |
@@ -1,5 +1,5 @@ |
303 |
<?xml version='1.0' encoding='UTF-8'?> |
304 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-tcp.xml,v 1.2 2008/07/22 12:57:43 flammie Exp $ --> |
305 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/fi/security/shb-tcp.xml,v 1.3 2011/01/30 18:38:10 flammie Exp $ --> |
306 |
<!DOCTYPE sections SYSTEM "/dtd/book.dtd"> |
307 |
|
308 |
<!-- The content of this document is licensed under the CC-BY-SA license --> |
309 |
@@ -7,8 +7,8 @@ |
310 |
|
311 |
<sections> |
312 |
|
313 |
-<version>1.0</version> |
314 |
-<date>2005-05-31</date> |
315 |
+<version>1.1</version> |
316 |
+<date>2010-04-26</date> |
317 |
|
318 |
<section> |
319 |
<title>TCP-Wrapperit</title> |
320 |
@@ -34,9 +34,10 @@ |
321 |
</pre> |
322 |
|
323 |
<p> |
324 |
-Tämä on hyvin samankaltainen kuin <path>/etc/login.access</path>. Tcpd koskee |
325 |
-tiettyjä palveluita, joten se ei mene ristiin <path>/etc/login.access</path>in |
326 |
-kanssa. Nämä asetukset vaikuttavat vain tcp-wrappereita käyttäviin palveluihin. |
327 |
+ Tämä on hyvin samankaltainen kuin <path>/etc/security/access.conf</path>. |
328 |
+ Tcpd koskee tiettyjä palveluita, joten se ei mene ristiin |
329 |
+ <path>/etc/security/access.conf</path>in kanssa. Nämä asetukset vaikuttavat |
330 |
+ vain tcp-wrappereita käyttäviin palveluihin. |
331 |
</p> |
332 |
|
333 |
<p> |