Author: sparks
Update of /cvs/fedora/web/html/docs/security-guide/f10/en_US
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9366
Modified Files:
Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html
Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html
Security_Guide-Encryption-Data_in_Motion.html
Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html
We_Need_Feedback.html chap-Security_Guide-Encryption.html
chap-Security_Guide-General_Principles_of_Information_Security.html
chap-Security_Guide-References.html
chap-Security_Guide-Secure_Installation.html
chap-Security_Guide-Securing_Your_Network.html
chap-Security_Guide-Security_Overview.html
chap-Security_Guide-Software_Maintenance.html index.html
pref-Security_Guide-Preface.html
sect-Security_Guide-Additional_Resources-Related_Books.html
sect-Security_Guide-Additional_Resources-Related_Documentation.html
sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html
sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html
sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html
sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html
sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html
sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html
sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html
sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html
sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html
sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html
sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html
sect-Security_Guide-Attackers_and_Vulnerabilities.html
sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html
sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html
sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html
sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html
sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html
sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html
sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html
sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html
sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html
sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html
sect-Security_Guide-Common_Exploits_and_Attacks.html
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html
sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html
sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html
sect-Security_Guide-Evaluating_the_Tools-Nessus.html
sect-Security_Guide-Evaluating_the_Tools-Nikto.html
sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html
sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html
sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html
sect-Security_Guide-Firewalls-Additional_Resources.html
sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html
sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html
sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html
sect-Security_Guide-Firewalls-IPv6.html
sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html
sect-Security_Guide-Firewalls-Using_IPTables.html
sect-Security_Guide-Firewalls.html
sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html
sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html
sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html
sect-Security_Guide-IPTables-Additional_Resources.html
sect-Security_Guide-IPTables-Command_Options_for_IPTables.html
sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html
sect-Security_Guide-IPTables-IPTables_Control_Scripts.html
sect-Security_Guide-IPTables-IPTables_and_IPv6.html
sect-Security_Guide-IPTables-Saving_IPTables_Rules.html
sect-Security_Guide-IPTables.html
sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html
sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html
sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html
sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html
sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html
sect-Security_Guide-Kerberos-Additional_Resources.html
sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html
sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html
sect-Security_Guide-Kerberos-How_Kerberos_Works.html
sect-Security_Guide-Kerberos-Kerberos_Terminology.html
sect-Security_Guide-Kerberos-Kerberos_and_PAM.html
sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html
sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html
sect-Security_Guide-Kerberos.html
sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html
sect-Security_Guide-LUKS_Disk_Encryption.html
sect-Security_Guide-Option_Fields-Access_Control.html
sect-Security_Guide-Option_Fields-Expansions.html
sect-Security_Guide-Option_Fields-Shell_Commands.html
sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html
sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html
sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html
sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html
sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html
sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html
sect-Security_Guide-Securing_FTP-Anonymous_Access.html
sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html
sect-Security_Guide-Securing_FTP-User_Accounts.html
sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html
sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html
sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html
sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html
sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html
sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html
sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html
sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html
sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html
sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html
sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html
sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html
sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html
sect-Security_Guide-Security_Updates.html
sect-Security_Guide-Server_Security-Securing_FTP.html
sect-Security_Guide-Server_Security-Securing_NFS.html
sect-Security_Guide-Server_Security-Securing_NIS.html
sect-Security_Guide-Server_Security-Securing_Portmap.html
sect-Security_Guide-Server_Security-Securing_Sendmail.html
sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html
sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html
sect-Security_Guide-Server_Security.html
sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html
sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html
sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html
sect-Security_Guide-Single_Sign_on_SSO.html
sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html
sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html
sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html
sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html
sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html
sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html
sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html
sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html
sect-Security_Guide-TCP_Wrappers_and_xinetd.html
sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html
sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html
sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html
sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html
sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html
sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html
sect-Security_Guide-Virtual_Private_Networks_VPNs.html
sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html
sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html
sect-Security_Guide-Vulnerability_Assessment.html
sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html
sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html
Log Message:
Fixed some issues in the doc.
Index: Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html 22 Dec 2008 19:28:43
-0000 1.1
+++ Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Shell</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"
title="3.5. Virtual Private Networks"/><link rel="next"
href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk
Encryption"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li c
lass="previous"><a accesskey="p"
href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell">3.6. Secure
Shell</h2></div></div></div><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Shell</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"
title="3.5. Virtual Private Networks"/><link rel="next"
href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk
Encryption"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li c
lass="previous"><a accesskey="p"
href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell">3.6. Secure
Shell</h2></div></div></div><div class="para">
Secure Shell (SSH) also provides encrypted tunnels between computers but only using a
single port. <a
href="http://www.redhatmagazine.com/2007/11/27/advanced-ssh-configur...
forwarding can be done over an SSH tunnel</a> and traffic will be encrypted as it
passes over that tunnel but using port forwarding isn't as fluid as a VPN.
</div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Prev</strong>3.5. Virtual
Private Networks</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Next</strong>3.7. LUKS
Disk Encryption</a></li></ul></body></html>
\ No newline at end of file
Index: Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html 22 Dec 2008
19:28:43 -0000 1.1
+++ Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Private Networks</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="Security_Guide-Encryption-Data_in_Motion.html" title="3.4. Data in
Motion"/><link rel="next"
href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"
title="3.6. Secure Shell"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a
accesskey="p"
href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks">3.5. Virtual
Private Networks</h2></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Private Networks</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="Security_Guide-Encryption-Data_in_Motion.html" title="3.4. Data in
Motion"/><link rel="next"
href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"
title="3.6. Secure Shell"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a
accesskey="p"
href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks">3.5. Virtual
Private Networks</h2></div></div></div><div
class="para">
Virtual Private Networks (VPN) provide encrypted tunnels between computers or networks
of computers across all ports. With a VPN in place, all network traffic from the client is
forwarded to the server through the encrypted tunnel. This means that the client is
logically on the same network as the server it is connected to via the VPN. VPNs are very
common and are simple to use and setup.
</div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Prev</strong>3.4. Data
in Motion</a></li><li class="up"><a accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Next</strong>3.6. Secure
Shell</a></li></ul></body></html>
\ No newline at end of file
Index: Security_Guide-Encryption-Data_in_Motion.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/Security_Guide-Encryption-Data_in_Motion.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- Security_Guide-Encryption-Data_in_Motion.html 22 Dec 2008 19:28:43 -0000 1.1
+++ Security_Guide-Encryption-Data_in_Motion.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... in
Motion</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"
title="3.3. File Based Encryption"/><link rel="next"
href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"
title="3.5. Virtual Private Networks"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="Security_Guide-Encryption-Data_in_Motion">3.4. Data in
Motion</h2></div></div></div><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... in
Motion</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"
title="3.3. File Based Encryption"/><link rel="next"
href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"
title="3.5. Virtual Private Networks"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="Security_Guide-Encryption-Data_in_Motion">3.4. Data in
Motion</h2></div></div></div><div class="para">
Data in motion is data that is being transmitted over a network. The biggest threats
to data in motion are interception and alteration. Your user name and password should
never be transmitted over a network without protection as it could be intercepted and used
by someone else to impersonate you or gain access to sensitive information. Other private
information such as bank account information should also be protected when transmitted
across a network. If the network session was encrypted then you would not have to worry as
much about the data being compromised while it is being transmitted.
</div><div class="para">
Data in motion is particularly vulnerable to attackers because the attacker does not
have to be near the computer in which the data is being stored rather they only have to be
somewhere along the path. Encryption tunnels can protect data along the path of
communications.
Index: Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html 22 Dec
2008 19:28:43 -0000 1.1
+++ Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html 24 Dec
2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... Based
Encryption</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"
title="3.2. Full Disk Encryption"/><link rel="next"
href="Security_Guide-Encryption-Data_in_Motion.html" title="3.4. Data in
Motion"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docn
av"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">3.3. File
Based Encryption</h2></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... Based
Encryption</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"
title="3.2. Full Disk Encryption"/><link rel="next"
href="Security_Guide-Encryption-Data_in_Motion.html" title="3.4. Data in
Motion"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docn
av"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">3.3. File
Based Encryption</h2></div></div></div><div
class="para">
GnuPG (GPG) is an open source version of PGP that allows you to sign and/or encrypt a
file or an email message. This is useful to maintain integrity of the message or file and
also protects the confidentiality of the information contained within the file or email.
In the case of email, GPG provides dual protection. Not only can it provide Data at Rest
protection but also Data In Motion protection once the message has been sent across the
network.
</div><div class="para">
File based encryption is intended to protect a file after it has left your computer,
such as when you send a CD through the mail. Some file based encryption solutions will
leave remnants of the encrypted files that an attacker who has physical access to your
computer can recover under some circumstances. To protect the contents of those files from
attackers who may have access to your computer, use file based encryption combined with
another solution such as full disk encryption.
Index: We_Need_Feedback.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/We_Need_Feedback.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- We_Need_Feedback.html 22 Dec 2008 19:28:43 -0000 1.1
+++ We_Need_Feedback.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Need Feedback!</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="pref-Security_Guide-Preface.html" title="Preface"/><link
rel="prev" href="pref-Security_Guide-Preface.html"
title="Preface"/><link rel="next"
href="chap-Security_Guide-Security_Overview.html"
title="Chapter 1. Security Overview"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="pref-Security_Guide-Preface.html"><st
rong>Prev</strong></a></li><li class="next"><a
accesskey="n"
href="chap-Security_Guide-Security_Overview.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="We_Need_Feedback">2. We Need
Feedback!</h2></div></div></div><a id="d0e359"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Need Feedback!</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="pref-Security_Guide-Preface.html" title="Preface"/><link
rel="prev" href="pref-Security_Guide-Preface.html"
title="Preface"/><link rel="next"
href="chap-Security_Guide-Security_Overview.html"
title="Chapter 1. Security Overview"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="pref-Security_Guide-Preface.html"><st
rong>Prev</strong></a></li><li class="next"><a
accesskey="n"
href="chap-Security_Guide-Security_Overview.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="We_Need_Feedback">2. We Need
Feedback!</h2></div></div></div><a id="d0e359"
class="indexterm"/><div class="para">
More information about the Linux Security Guide project can be found at <a
href="https://fedorahosted.org/securityguide">https://fedora...
</div><div class="para">
To provide feedback for the Security Guide, please file a bug in <a
href="https://bugzilla.redhat.com/">https://bugzilla.redhat....;.
Index: chap-Security_Guide-Encryption.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Encryption.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security_Guide-Encryption.html 22 Dec 2008 19:28:43 -0000 1.1
+++ chap-Security_Guide-Encryption.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"
title="2.9.7.2. Useful IP Tables Websites"/><link rel="next"
href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"
title="3.2. Full Disk Encryption"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul cl
ass="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div
class="chapter" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-Encryption">Chapter 3. Encryption</h2></div></div></div><div
class="toc"><dl><dt><span class="section"><a
href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Data_at_Rest">3.1.
Data at Rest</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html">3.2.
Full Disk Encryption</a></span></dt><dt><span
class="section"><a
href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html">3.3.
File Based Encryption</a></span></dt><dt><span
class="secti
on"><a href="Security_Guide-Encryption-Data_in_Motion.html">3.4.
Data in Motion</a></span></dt><dt><span
class="section"><a
href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html">3.5.
Virtual Private Networks</a></span></dt><dt><span
class="section"><a
href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">3.6. Secure
Shell</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-LUKS_Disk_Encryption.html">3.7. LUKS Disk
Encryption</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-LUKS_Disk_Encryption.html#sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1.
LUKS Implementation in Fedora</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html">3.7.2.
Manually Encrypting Directories</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-St
ep_by_Step_Instructions.html">3.7.3. Step-by-Step
Instructions</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html">3.7.4.
What you have just accomplished.</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html">3.7.5.
Links of
Interest</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html">3.8.
7-Zip Encrypted
Archives</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1.
7-Zip Installation in Fedora</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html">3.8.2.
Step-by-Step Installation
Instructions</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html">3.8.3.
Step-by-Step Usage Instructions</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html">3.8.4.
Things of
note</a></span></dt></dl></dd></dl></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"
title="2.9.7.2. Useful IP Tables Websites"/><link rel="next"
href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"
title="3.2. Full Disk Encryption"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul cl
ass="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div
class="chapter" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-Encryption">Chapter 3. Encryption</h2></div></div></div><div
class="toc"><dl><dt><span class="section"><a
href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Data_at_Rest">3.1.
Data at Rest</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html">3.2.
Full Disk Encryption</a></span></dt><dt><span
class="section"><a
href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html">3.3.
File Based Encryption</a></span></dt><dt><span
class="secti
on"><a href="Security_Guide-Encryption-Data_in_Motion.html">3.4.
Data in Motion</a></span></dt><dt><span
class="section"><a
href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html">3.5.
Virtual Private Networks</a></span></dt><dt><span
class="section"><a
href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">3.6. Secure
Shell</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-LUKS_Disk_Encryption.html">3.7. LUKS Disk
Encryption</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-LUKS_Disk_Encryption.html#sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1.
LUKS Implementation in Fedora</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html">3.7.2.
Manually Encrypting Directories</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-St
ep_by_Step_Instructions.html">3.7.3. Step-by-Step
Instructions</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html">3.7.4.
What you have just accomplished.</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html">3.7.5.
Links of
Interest</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html">3.8.
7-Zip Encrypted
Archives</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1.
7-Zip Installation in Fedora</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html">3.8.2.
Step-by-Step Installation
Instructions</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html">3.8.3.
Step-by-Step Usage Instructions</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html">3.8.4.
Things of
note</a></span></dt></dl></dd></dl></div><div
class="para">
There are two main types of data that must be protected: data at rest and data in
motion. These different types of data are protected in similar ways using similar
technology but the implementations can be completely different. No single protective
implementation can prevent all possible methods of compromise as the same information may
be at rest and in motion at different points in time.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Encryption-Data_at_Rest">3.1. Data at
Rest</h2></div></div></div><div class="para">
Data at rest is data that is stored on a hard drive, tape, CD, DVD, disk, or other
media. This information's biggest threat comes from being physically stolen. Laptops
in airports, CDs going through the mail, and backup tapes that get left in the wrong
places are all examples of events where data can be compromised through theft. If the data
was encrypted on the media then you wouldn't have to worry as much about the data
being compromised.
Index: chap-Security_Guide-General_Principles_of_Information_Security.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-General_Principles_of_Information_Security.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security_Guide-General_Principles_of_Information_Security.html 22 Dec 2008
19:28:43 -0000 1.1
+++ chap-Security_Guide-General_Principles_of_Information_Security.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Principles of Information Security</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"
title="3.8.4. Things of note"/><link rel="next"
href="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html"
title="4.2. Tips, Guides, and Tools"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="
Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html"><strong>Next</strong></a></li></ul><div
class="chapter" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-General_Principles_of_Information_Security">Chapter 4. General
Principles of Information Security</h2></div></div></div><div
class="toc"><dl><dt><span class="section"><a
href="chap-Security_Guide-General_Principles_of_Information_Security.html#sect-Security_Guide-General_Principles_of_Information_Security-General_Principles">4.1.
General Principles</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html">4.2.
Tips, Guides, an
d Tools</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html">4.3.
NSA Documents</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html">4.4.
DISA IASE Documents</a></span></dt></dl></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Principles of Information Security</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"
title="3.8.4. Things of note"/><link rel="next"
href="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html"
title="4.2. Tips, Guides, and Tools"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="
Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html"><strong>Next</strong></a></li></ul><div
class="chapter" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-General_Principles_of_Information_Security">Chapter 4. General
Principles of Information Security</h2></div></div></div><div
class="toc"><dl><dt><span class="section"><a
href="chap-Security_Guide-General_Principles_of_Information_Security.html#sect-Security_Guide-General_Principles_of_Information_Security-General_Principles">4.1.
General Principles</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html">4.2.
Tips, Guides, an
d Tools</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html">4.3.
NSA Documents</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html">4.4.
DISA IASE Documents</a></span></dt></dl></div><div
class="para">
The United States' <a href="www.nsa.gov">National Security
Agency</a> (NSA) provides hardening guides and hardening tips for many different
operating systems to help government agencies, businesses, and individuals help secure
their system against attacks. In addition to specific settings to change, a set of general
principles have been developed to give you a high level view of information security.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-General_Principles_of_Information_Security-General_Principles">4.1. General
Principles</h2></div></div></div><div
class="itemizedlist"><ul><li><div class="para">
Encrypt all data transmitted over the network. Encrypting authentication information
(such as passwords) is particularly important.
Index: chap-Security_Guide-References.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-References.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security_Guide-References.html 22 Dec 2008 19:28:43 -0000 1.1
+++ chap-Security_Guide-References.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"
title="6.4. Install Signed Packages from Well Known
Repositories"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Software_Maint
enance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Prev</strong></a></li><li
class="next"/></ul><div class="chapter"
lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-References">Chapter 7. References</h2></div></div></div><a
id="d0e16800" class="indexterm"/><a id="d0e16803"
class="indexterm"/><a id="d0e16808"
class="indexterm"/><a id="d0e16813"
class="indexterm"/><a id="d0e16818"
class="indexterm"/><a id="d0e16823"
class="indexterm"/><a id="d0e16828"
class="indexterm"/><a id="d0e16833"
class="indexterm"/><a id="d0e16840"
class="indexterm"/><a id="d0e16847"
class="indexterm"/><a id="d0e16854"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"
title="6.4. Install Signed Packages from Well Known
Repositories"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Software_Maint
enance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Prev</strong></a></li><li
class="next"/></ul><div class="chapter"
lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-References">Chapter 7. References</h2></div></div></div><a
id="d0e16800" class="indexterm"/><a id="d0e16803"
class="indexterm"/><a id="d0e16808"
class="indexterm"/><a id="d0e16813"
class="indexterm"/><a id="d0e16818"
class="indexterm"/><a id="d0e16823"
class="indexterm"/><a id="d0e16828"
class="indexterm"/><a id="d0e16833"
class="indexterm"/><a id="d0e16840"
class="indexterm"/><a id="d0e16847"
class="indexterm"/><a id="d0e16854"
class="indexterm"/><div class="para">
The following references are pointers to additional information that is relevant to
SELinux and Fedora but beyond the scope of this guide. Note that due to the rapid
development of SELinux, some of this material may only apply to specific releases of
Fedora.
</div><div class="variablelist"
id="vari-Security_Guide-References-Books"><h6>Books</h6><dl><dt><span
class="term">SELinux by Example</span></dt><dd><div
class="para">
Mayer, MacMillan, and Caplan
Index: chap-Security_Guide-Secure_Installation.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Secure_Installation.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security_Guide-Secure_Installation.html 22 Dec 2008 19:28:43 -0000 1.1
+++ chap-Security_Guide-Secure_Installation.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Installation</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html"
title="4.4. DISA IASE Documents"/><link rel="next"
href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"
title="5.2. Utilize LUKS Partition
Encryption"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documenta
tion Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Next</strong></a></li></ul><div
class="chapter" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-Secure_Installation">Chapter 5. Secure
Installation</h2></div></div></div><div
class="toc"><dl><dt><span class="section"><a
href="chap-Security_Guide-Secure_Installation.html#sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1.
Disk Partitions</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html">5.2.
Utilize LUKS Partition
Encryption</a></span></dt></dl></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Installation</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html"
title="4.4. DISA IASE Documents"/><link rel="next"
href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"
title="5.2. Utilize LUKS Partition
Encryption"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documenta
tion Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Next</strong></a></li></ul><div
class="chapter" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-Secure_Installation">Chapter 5. Secure
Installation</h2></div></div></div><div
class="toc"><dl><dt><span class="section"><a
href="chap-Security_Guide-Secure_Installation.html#sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1.
Disk Partitions</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html">5.2.
Utilize LUKS Partition
Encryption</a></span></dt></dl></div><div
class="para">
Security begins with the first time you put that CD or DVD into your disk drive to
install Fedora. Configuring your system securely from the beginning makes it easier to
implement additional security settings later.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1. Disk
Partitions</h2></div></div></div><div
class="para">
The NSA recommends creating separate partitions for /boot, /, /home, /tmp, and
/var/tmp. The reasons for each are different and we will address each partition.
Index: chap-Security_Guide-Securing_Your_Network.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Securing_Your_Network.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security_Guide-Securing_Your_Network.html 22 Dec 2008 19:28:43 -0000 1.1
+++ chap-Security_Guide-Securing_Your_Network.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Your Network</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="sect-Security_Guide-Security_Updates.html" title="1.5. Security
Updates"/><link rel="next"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-
Security_Updates.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security.html"><strong>Next</strong></a></li></ul><div
class="chapter" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-Securing_Your_Network">Chapter 2. Securing Your
Network</h2></div></div></div><div
class="toc"><dl><dt><span class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">2.1.
Workstation
Security</a></span></dt><dd><dl><dt><span
class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.1.1.
Evaluating Workstation Security</a></span></dt><dt><span
class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">2.1.2.
BIOS and Boot Loader Security</a></span></dt><dt><span
class="sec
tion"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">2.1.3.
Password Security</a></span></dt><dt><span
class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls">2.1.4.
Administrative Controls</a></span></dt><dt><span
class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Available_Network_Services">2.1.5.
Available Network Services</a></span></dt><dt><span
class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Personal_Firewalls">2.1.6.
Personal Firewalls</a></span></dt><dt><span
class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">2.1.7.
Security Enhanced Communication
Tools</a></span></dt></dl></dd><dt><span
class="
section"><a href="sect-Security_Guide-Server_Security.html">2.2.
Server Security</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">2.2.1.
Securing Services With TCP Wrappers and
xinetd</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Server_Security-Securing_Portmap.html">2.2.2.
Securing Portmap</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Server_Security-Securing_NIS.html">2.2.3. Securing
NIS</a></span></dt><dt><span class="section"><a
href="sect-Security_Guide-Server_Security-Securing_NFS.html">2.2.4. Securing
NFS</a></span></dt><dt><span class="section"><a
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html">2.2.5.
Securing the Apache HTTP Server</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Server_Security-Securing_FTP.html">2.2.6. Securing
FTP<
/a></span></dt><dt><span class="section"><a
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html">2.2.7.
Securing Sendmail</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">2.2.8.
Verifying Which Ports Are
Listening</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Single_Sign_on_SSO.html">2.3. Single Sign-on
(SSO)</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Single_Sign_on_SSO.html#sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1.
Introduction</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html">2.3.2.
Getting Started with your new Smart
Card</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html">2.3.3.
How Smart Card Enrollment Works</a></span></dt><dt><span cl
ass="section"><a
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html">2.3.4.
How Smart Card Login Works</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html">2.3.5.
Configuring Firefox to use Kerberos for
SSO</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">2.4.
Pluggable Authentication Modules
(PAM)</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">2.4.1.
Advantages of PAM</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html">2.4.2.
PAM Configuration Files</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Con
figuration_File_Format.html">2.4.3. PAM Configuration File
Format</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html">2.4.4.
Sample PAM Configuration Files</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html">2.4.5.
Creating PAM Modules</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html">2.4.6.
PAM and Administrative Credential
Caching</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html">2.4.7.
PAM and Device Ownership</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html">2.4.8.
Additional
Resources</a></span></dt></dl></dd><dt><span
class="s
ection"><a
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html">2.5. TCP Wrappers and
xinetd</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">2.5.1.
TCP Wrappers</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">2.5.2.
TCP Wrappers Configuration Files</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html">2.5.3.
xinetd</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html">2.5.4.
xinetd Configuration Files</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">2.5.5.
Additional
Resources</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos.html">2.6. Kerb
eros</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos.html#sect-Security_Guide-Kerberos-What_is_Kerberos">2.6.1.
What is Kerberos?</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html">2.6.2. Kerberos
Terminology</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html">2.6.3. How
Kerberos Works</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">2.6.4. Kerberos and
PAM</a></span></dt><dt><span class="section"><a
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">2.6.5.
Configuring a Kerberos 5 Server</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html">2.6.6.
Configuring a Kerberos 5 Client</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html">2.6.7. Do
main-to-Realm Mapping</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html">2.6.8.
Setting Up Secondary KDCs</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html">2.6.9.
Setting Up Cross Realm Authentication</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Additional_Resources.html">2.6.10.
Additional
Resources</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html">2.7. Virtual
Private Networks
(VPNs)</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">2.7.1.
How Does a VPN Work?</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html">2.7.2.
VPNs and Fedora</a></span></
dt><dt><span class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html">2.7.3.
IPsec</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html">2.7.4.
Creating an IPsec Connection</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html">2.7.5.
IPsec Installation</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html">2.7.6.
IPsec Host-to-Host Configuration</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html">2.7.7.
IPsec Network-to-Network Configuration</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html">2.7.8.
Starting and Stopping an IPse
c Connection</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls.html">2.8.
Firewalls</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls.html#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">2.8.1.
Netfilter and IPTables</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">2.8.2.
Basic Firewall Configuration</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-Using_IPTables.html">2.8.3. Using
IPTables</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html">2.8.4.
Common IPTables Filtering</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html">2.8.5.
FORWARD and NAT Rules</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html">2.
8.6. Malicious Software and Spoofed IP
Addresses</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html">2.8.7.
IPTables and Connection Tracking</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-IPv6.html">2.8.8.
IPv6</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-Additional_Resources.html">2.8.9.
Additional
Resources</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-IPTables.html">2.9.
IPTables</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-IPTables.html#sect-Security_Guide-IPTables-Packet_Filtering">2.9.1.
Packet Filtering</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html">2.9.2.
Differences Between IPTables and
IPChains</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-IPTables-Command_Options_
for_IPTables.html">2.9.3. Command Options for
IPTables</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">2.9.4. Saving
IPTables Rules</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html">2.9.5.
IPTables Control Scripts</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">2.9.6. IPTables
and IPv6</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-IPTables-Additional_Resources.html">2.9.7.
Additional
Resources</a></span></dt></dl></dd></dl></div><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Workstation_Security">2.1. Workstation
Security</h2></div></div></div><a id="d0e1757"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Your Network</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="sect-Security_Guide-Security_Updates.html" title="1.5. Security
Updates"/><link rel="next"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-
Security_Updates.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security.html"><strong>Next</strong></a></li></ul><div
class="chapter" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-Securing_Your_Network">Chapter 2. Securing Your
Network</h2></div></div></div><div
class="toc"><dl><dt><span class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">2.1.
Workstation
Security</a></span></dt><dd><dl><dt><span
class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.1.1.
Evaluating Workstation Security</a></span></dt><dt><span
class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">2.1.2.
BIOS and Boot Loader Security</a></span></dt><dt><span
class="sec
tion"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">2.1.3.
Password Security</a></span></dt><dt><span
class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls">2.1.4.
Administrative Controls</a></span></dt><dt><span
class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Available_Network_Services">2.1.5.
Available Network Services</a></span></dt><dt><span
class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Personal_Firewalls">2.1.6.
Personal Firewalls</a></span></dt><dt><span
class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">2.1.7.
Security Enhanced Communication
Tools</a></span></dt></dl></dd><dt><span
class="
section"><a href="sect-Security_Guide-Server_Security.html">2.2.
Server Security</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">2.2.1.
Securing Services With TCP Wrappers and
xinetd</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Server_Security-Securing_Portmap.html">2.2.2.
Securing Portmap</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Server_Security-Securing_NIS.html">2.2.3. Securing
NIS</a></span></dt><dt><span class="section"><a
href="sect-Security_Guide-Server_Security-Securing_NFS.html">2.2.4. Securing
NFS</a></span></dt><dt><span class="section"><a
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html">2.2.5.
Securing the Apache HTTP Server</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Server_Security-Securing_FTP.html">2.2.6. Securing
FTP<
/a></span></dt><dt><span class="section"><a
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html">2.2.7.
Securing Sendmail</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">2.2.8.
Verifying Which Ports Are
Listening</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Single_Sign_on_SSO.html">2.3. Single Sign-on
(SSO)</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Single_Sign_on_SSO.html#sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1.
Introduction</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html">2.3.2.
Getting Started with your new Smart
Card</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html">2.3.3.
How Smart Card Enrollment Works</a></span></dt><dt><span cl
ass="section"><a
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html">2.3.4.
How Smart Card Login Works</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html">2.3.5.
Configuring Firefox to use Kerberos for
SSO</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">2.4.
Pluggable Authentication Modules
(PAM)</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">2.4.1.
Advantages of PAM</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html">2.4.2.
PAM Configuration Files</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Con
figuration_File_Format.html">2.4.3. PAM Configuration File
Format</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html">2.4.4.
Sample PAM Configuration Files</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html">2.4.5.
Creating PAM Modules</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html">2.4.6.
PAM and Administrative Credential
Caching</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html">2.4.7.
PAM and Device Ownership</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html">2.4.8.
Additional
Resources</a></span></dt></dl></dd><dt><span
class="s
ection"><a
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html">2.5. TCP Wrappers and
xinetd</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">2.5.1.
TCP Wrappers</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">2.5.2.
TCP Wrappers Configuration Files</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html">2.5.3.
xinetd</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html">2.5.4.
xinetd Configuration Files</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">2.5.5.
Additional
Resources</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos.html">2.6. Kerb
eros</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos.html#sect-Security_Guide-Kerberos-What_is_Kerberos">2.6.1.
What is Kerberos?</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html">2.6.2. Kerberos
Terminology</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html">2.6.3. How
Kerberos Works</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">2.6.4. Kerberos and
PAM</a></span></dt><dt><span class="section"><a
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">2.6.5.
Configuring a Kerberos 5 Server</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html">2.6.6.
Configuring a Kerberos 5 Client</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html">2.6.7. Do
main-to-Realm Mapping</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html">2.6.8.
Setting Up Secondary KDCs</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html">2.6.9.
Setting Up Cross Realm Authentication</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Kerberos-Additional_Resources.html">2.6.10.
Additional
Resources</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html">2.7. Virtual
Private Networks
(VPNs)</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">2.7.1.
How Does a VPN Work?</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html">2.7.2.
VPNs and Fedora</a></span></
dt><dt><span class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html">2.7.3.
IPsec</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html">2.7.4.
Creating an IPsec Connection</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html">2.7.5.
IPsec Installation</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html">2.7.6.
IPsec Host-to-Host Configuration</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html">2.7.7.
IPsec Network-to-Network Configuration</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html">2.7.8.
Starting and Stopping an IPse
c Connection</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls.html">2.8.
Firewalls</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls.html#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">2.8.1.
Netfilter and IPTables</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">2.8.2.
Basic Firewall Configuration</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-Using_IPTables.html">2.8.3. Using
IPTables</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html">2.8.4.
Common IPTables Filtering</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html">2.8.5.
FORWARD and NAT Rules</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html">2.
8.6. Malicious Software and Spoofed IP
Addresses</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html">2.8.7.
IPTables and Connection Tracking</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-IPv6.html">2.8.8.
IPv6</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Firewalls-Additional_Resources.html">2.8.9.
Additional
Resources</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-IPTables.html">2.9.
IPTables</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-IPTables.html#sect-Security_Guide-IPTables-Packet_Filtering">2.9.1.
Packet Filtering</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html">2.9.2.
Differences Between IPTables and
IPChains</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-IPTables-Command_Options_
for_IPTables.html">2.9.3. Command Options for
IPTables</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">2.9.4. Saving
IPTables Rules</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html">2.9.5.
IPTables Control Scripts</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">2.9.6. IPTables
and IPv6</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-IPTables-Additional_Resources.html">2.9.7.
Additional
Resources</a></span></dt></dl></dd></dl></div><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Workstation_Security">2.1. Workstation
Security</h2></div></div></div><a id="d0e1757"
class="indexterm"/><div class="para">
Securing a Linux environment begins with the workstation. Whether locking down a
personal machine or securing an enterprise system, sound security policy begins with the
individual computer. A computer network is only as secure as its weakest node.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.1.1. Evaluating
Workstation Security</h3></div></div></div><a
id="d0e1765" class="indexterm"/><a id="d0e1772"
class="indexterm"/><a id="d0e1779"
class="indexterm"/><a id="d0e1786"
class="indexterm"/><a id="d0e1793"
class="indexterm"/><a id="d0e1800"
class="indexterm"/><div class="para">
When evaluating the security of a Fedora workstation, consider the following:
@@ -408,9 +408,9 @@
The threat of buffer overflow vulnerabilities is mitigated in Fedora by <em
class="firstterm">ExecShield</em>, an executable memory segmentation
and protection technology supported by x86-compatible uni- and multi-processor kernels.
ExecShield reduces the risk of buffer overflow by separating virtual memory into
executable and non-executable segments. Any program code that tries to execute outside of
the executable segment (such as malicious code injected from a buffer overflow exploit)
triggers a segmentation fault and terminates.
</div><div class="para">
Execshield also includes support for <em class="firstterm">No
eXecute</em> (<acronym class="acronym">NX</acronym>)
technology on AMD64 platforms and <em class="firstterm">eXecute
Disable</em> (<acronym class="acronym">XD</acronym>)
technology on Itanium and <span class="trademark">Intel</span>® 64
systems. These technologies work in conjunction with ExecShield to prevent malicious code
from running in the executable portion of virtual memory with a granularity of 4KB of
executable code, lowering the risk of attack from stealthy buffer overflow exploits.
- </div></div><div
class="tip"><h2>Tip</h2><div class="para">
- To limit exposure to attacks over the network, all services that are unused should be
turned off.
- </div></div></div><div class="section"
lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services">2.1.5.2. Identifying
and Configuring Services</h4></div></div></div><a
id="d0e3549" class="indexterm"/><a id="d0e3554"
class="indexterm"/><a id="d0e3558"
class="indexterm"/><a id="d0e3562"
class="indexterm"/><a id="d0e3566"
class="indexterm"/><a id="d0e3570"
class="indexterm"/><a id="d0e3574"
class="indexterm"/><div class="para">
+ </div></div><div
class="important"><h2>Important</h2><div
class="para">
+ To limit exposure to attacks over the network, all services that are unused should
be turned off.
+ </div></div></div><div class="section"
lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services">2.1.5.2. Identifying
and Configuring Services</h4></div></div></div><a
id="d0e3549" class="indexterm"/><a id="d0e3554"
class="indexterm"/><a id="d0e3558"
class="indexterm"/><a id="d0e3562"
class="indexterm"/><a id="d0e3566"
class="indexterm"/><a id="d0e3570"
class="indexterm"/><a id="d0e3574"
class="indexterm"/><div class="para">
To enhance security, most network services installed with Fedora are turned off by
default. There are, however, some notable exceptions:
</div><div class="itemizedlist"><ul><li><div
class="para">
<code class="command">cupsd</code> — The default print server
for Fedora.
Index: chap-Security_Guide-Security_Overview.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Security_Overview.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security_Guide-Security_Overview.html 22 Dec 2008 19:28:43 -0000 1.1
+++ chap-Security_Guide-Security_Overview.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Overview</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="We_Need_Feedback.html" title="2. We Need Feedback!"/><link
rel="next" href="sect-Security_Guide-Vulnerability_Assessment.html"
title="1.2. Vulnerability Assessment"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="We_Need_Feedback.html"><str
ong>Prev</strong></a></li><li class="next"><a
accesskey="n"
href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Next</strong></a></li></ul><div
class="chapter" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-Security_Overview">Chapter 1. Security
Overview</h2></div></div></div><div
class="toc"><dl><dt><span class="section"><a
href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security">1.1.
Introduction to
Security</a></span></dt><dd><dl><dt><span
class="section"><a
href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1.
What is Computer Security?</a></span></dt><dt><span
class="section"><a
href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.2.
Security Controls</a></span></dt><dt><span
class="section"><a href="chap-Security_Guide-Security_Overview.html
#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.3.
Conclusion</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Vulnerability_Assessment.html">1.2. Vulnerability
Assessment</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Vulnerability_Assessment.html#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.2.1.
Thinking Like the Enemy</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html">1.2.2.
Defining Assessment and Testing</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html">1.2.3.
Evaluating the
Tools</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html">1.3. Attackers
and
Vulnerabilities</a></span></dt><dd><dl><dt><span
class="section"><a href="sect-Security_Guide-Attackers_an
d_Vulnerabilities.html#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1.
A Quick History of Hackers</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html">1.3.2.
Threats to Network Security</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html">1.3.3.
Threats to Server Security</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html">1.3.4.
Threats to Workstation and Home PC
Security</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Common_Exploits_and_Attacks.html">1.4. Common
Exploits and Attacks</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Security_Updates.html">1.5. Security
Updates</a></span></dt><dd><dl><dt><span
class="section"><a hre
f="sect-Security_Guide-Security_Updates.html#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1.
Updating
Packages</a></span></dt></dl></dd></dl></div><a
id="d0e390" class="indexterm"/><a id="d0e393"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Overview</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="We_Need_Feedback.html" title="2. We Need Feedback!"/><link
rel="next" href="sect-Security_Guide-Vulnerability_Assessment.html"
title="1.2. Vulnerability Assessment"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="We_Need_Feedback.html"><str
ong>Prev</strong></a></li><li class="next"><a
accesskey="n"
href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Next</strong></a></li></ul><div
class="chapter" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-Security_Overview">Chapter 1. Security
Overview</h2></div></div></div><div
class="toc"><dl><dt><span class="section"><a
href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security">1.1.
Introduction to
Security</a></span></dt><dd><dl><dt><span
class="section"><a
href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1.
What is Computer Security?</a></span></dt><dt><span
class="section"><a
href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.2.
Security Controls</a></span></dt><dt><span
class="section"><a href="chap-Security_Guide-Security_Overview.html
#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.3.
Conclusion</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Vulnerability_Assessment.html">1.2. Vulnerability
Assessment</a></span></dt><dd><dl><dt><span
class="section"><a
href="sect-Security_Guide-Vulnerability_Assessment.html#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.2.1.
Thinking Like the Enemy</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html">1.2.2.
Defining Assessment and Testing</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html">1.2.3.
Evaluating the
Tools</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html">1.3. Attackers
and
Vulnerabilities</a></span></dt><dd><dl><dt><span
class="section"><a href="sect-Security_Guide-Attackers_an
d_Vulnerabilities.html#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1.
A Quick History of Hackers</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html">1.3.2.
Threats to Network Security</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html">1.3.3.
Threats to Server Security</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html">1.3.4.
Threats to Workstation and Home PC
Security</a></span></dt></dl></dd><dt><span
class="section"><a
href="sect-Security_Guide-Common_Exploits_and_Attacks.html">1.4. Common
Exploits and Attacks</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Security_Updates.html">1.5. Security
Updates</a></span></dt><dd><dl><dt><span
class="section"><a hre
f="sect-Security_Guide-Security_Updates.html#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1.
Updating
Packages</a></span></dt></dl></dd></dl></div><a
id="d0e390" class="indexterm"/><a id="d0e393"
class="indexterm"/><div class="para">
Because of the increased reliance on powerful, networked computers to help run
businesses and keep track of our personal information, industries have been formed around
the practice of network and computer security. Enterprises have solicited the knowledge
and skills of security experts to properly audit systems and tailor solutions to fit the
operating requirements of the organization. Because most organizations are dynamic in
nature, with workers accessing company IT resources locally and remotely, the need for
secure computing environments has become more pronounced.
</div><div class="para">
Unfortunately, most organizations (as well as individual users) regard security as an
afterthought, a process that is overlooked in favor of increased power, productivity, and
budgetary concerns. Proper security implementation is often enacted <em
class="firstterm">postmortem</em> — after an unauthorized intrusion has
already occurred. Security experts agree that the right measures taken prior to connecting
a site to an untrusted network, such as the Internet, is an effective means of thwarting
most attempts at intrusion.
Index: chap-Security_Guide-Software_Maintenance.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Software_Maintenance.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security_Guide-Software_Maintenance.html 22 Dec 2008 19:28:43 -0000 1.1
+++ chap-Security_Guide-Software_Maintenance.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Maintenance</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"
title="5.2. Utilize LUKS Partition Encryption"/><link rel="next"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"
title="6.2. Plan and Configure Security
Updates"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt
="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Next</strong></a></li></ul><div
class="chapter" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-Software_Maintenance">Chapter 6. Software
Maintenance</h2></div></div></div><div
class="toc"><dl><dt><span class="section"><a
href="chap-Security_Guide-Software_Maintenance.html#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1.
Install Minimal Software</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html">6.2.
Plan and Configure Security Updates</a></span></dt><dt><span
class="section"><a href="sect-Security_Gui
de-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html">6.3.
Adjusting Automatic Updates</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html">6.4.
Install Signed Packages from Well Known
Repositories</a></span></dt></dl></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Maintenance</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev"
href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"
title="5.2. Utilize LUKS Partition Encryption"/><link rel="next"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"
title="6.2. Plan and Configure Security
Updates"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt
="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Next</strong></a></li></ul><div
class="chapter" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="chap-Security_Guide-Software_Maintenance">Chapter 6. Software
Maintenance</h2></div></div></div><div
class="toc"><dl><dt><span class="section"><a
href="chap-Security_Guide-Software_Maintenance.html#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1.
Install Minimal Software</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html">6.2.
Plan and Configure Security Updates</a></span></dt><dt><span
class="section"><a href="sect-Security_Gui
de-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html">6.3.
Adjusting Automatic Updates</a></span></dt><dt><span
class="section"><a
href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html">6.4.
Install Signed Packages from Well Known
Repositories</a></span></dt></dl></div><div
class="para">
Software maintenance is extremely important to maintaining a secure system. It is vital
to patch software as soon as it becomes available in order to prevent attackers from using
known holes to infiltrate your system.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1. Install
Minimal Software</h2></div></div></div><div
class="para">
It is best practice to install only the packages you will use because each piece of
software on your computer could possibly contain a vulnerability. If you are installing
from the DVD media take the opportunity to select exactly what packages you want to
install during the installation. When you find you need another package, you can always
add it to the system later.
Index: index.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/index.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- index.html 22 Dec 2008 19:28:43 -0000 1.1
+++ index.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Security Guide</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><meta
name="description" content="The Linux Security Guide is designed to assist
users of Linux in learning the processes and practices of securing workstations and
servers against local and remote intrusion, exploitation, and malicious activity. The
Linux Security Guide details the planning and the tools involved in creating a secured
computing environment for the data center, workplace, and home. With proper administrative
knowledge, vigilance, and tools, systems running Linux can be both fully functional and
secured from most common intrusion and exploit methods."/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="next"
href="pref-Security_Guide-Preface.html" title="Pre
face"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"/><li class="next"><a
accesskey="n"
href="pref-Security_Guide-Preface.html"><strong>Next</strong></a></li></ul><div
class="book" lang="en-US"><div
class="titlepage"><div><div
class="producttitle"><span
class="productname">fedora</span> <span
class="productnumber">10</span></div><div><h1
id="d0e1" class="title">Linux Security
Guide</h1></div><div><h2 class="subtitle">A Guide to
Securing Linux</h2></div><p class="edition">Edition
1.0</p><div><h3 class="corpauthor">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Security Guide</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><meta
name="description" content="The Linux Security Guide is designed to assist
users of Linux in learning the processes and practices of securing workstations and
servers against local and remote intrusion, exploitation, and malicious activity. The
Linux Security Guide details the planning and the tools involved in creating a secured
computing environment for the data center, workplace, and home. With proper administrative
knowledge, vigilance, and tools, systems running Linux can be both fully functional and
secured from most common intrusion and exploit methods."/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="next"
href="pref-Security_Guide-Preface.html" title="Pre
face"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"/><li class="next"><a
accesskey="n"
href="pref-Security_Guide-Preface.html"><strong>Next</strong></a></li></ul><div
class="book" lang="en-US"><div
class="titlepage"><div><div
class="producttitle"><span
class="productname">fedora</span> <span
class="productnumber">10</span></div><div><h1
id="d0e1" class="title">Linux Security
Guide</h1></div><div><h2 class="subtitle">A Guide to
Securing Linux</h2></div><p class="edition">Edition
1.0</p><div><h3 class="corpauthor">
<span class="inlinemediaobject"><object
type="image/svg+xml"
data="Common_Content/images/title_logo.svg"/></span>
</h3></div><div><div class="authorgroup"><div
class="author"><h3 class="author"><span
class="firstname">Johnray</span> <span
class="surname">Fuller</span></h3><div
class="affiliation"><span class="orgname">Red
Hat</span></div><code class="email"><a
class="email"
href="mailto:jrfuller@redhat.com">jrfuller@redhat.com</a></code></div><div
class="author"><h3 class="author"><span
class="firstname">John</span> <span
class="surname">Ha</span></h3><div
class="affiliation"><span class="orgname">Red
Hat</span></div><code class="email"><a
class="email"
href="mailto:jha@redhat.com">jha@redhat.com</a></code></div><div
class="author"><h3 class="author"><span
class="firstname">David</span> <span
class="surname">O'Brien</span></h3><div
class="affiliation"><span class="orgname">Red
Hat</span></div><code class="email"><a
class="email"
href="mailto:daobrien@redhat.com">daobrien@redhat.com</a></code></div><div
class="author"><h3 class="author"><span
class="firstname">Eric</span> <span class=
"surname">Christensen</span></h3><div
class="affiliation"><span class="orgname">Fedora
Project</span> <span class="orgdiv">Documentation
Team</span></div><code class="email"><a
class="email"
href="mailto:sparks@fedoraproject.org">sparks@fedoraproject.org</a></code></div></div></div><hr/><div><div
id="d0e27" class="legalnotice"><h1
class="legalnotice">Legal Notice</h1><div
class="para">
Copyright <span class="trademark"/>© 2008 Red Hat, Inc. This material
may only be distributed subject to the terms and conditions set forth in the Open
Publication License, V1.0, (the latest version is presently available at <a
href="http://www.opencontent.org/openpub/">http://www.openco...>).
Index: pref-Security_Guide-Preface.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/pref-Security_Guide-Preface.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- pref-Security_Guide-Preface.html 22 Dec 2008 19:28:43 -0000 1.1
+++ pref-Security_Guide-Preface.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev" href="index.html"
title="Linux Security Guide"/><link rel="next"
href="We_Need_Feedback.html" title="2. We Need
Feedback!"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="index.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n" href="We_Need_Feedback.
html"><strong>Next</strong></a></li></ul><div
class="preface" lang="en-US"><div
class="titlepage"><div><div><h1
id="pref-Security_Guide-Preface"
class="title">Preface</h1></div></div></div><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="d0e91">1. Document
Conventions</h2></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up" href="index.html" title="Linux
Security Guide"/><link rel="prev" href="index.html"
title="Linux Security Guide"/><link rel="next"
href="We_Need_Feedback.html" title="2. We Need
Feedback!"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="index.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n" href="We_Need_Feedback.
html"><strong>Next</strong></a></li></ul><div
class="preface" lang="en-US"><div
class="titlepage"><div><div><h1
id="pref-Security_Guide-Preface"
class="title">Preface</h1></div></div></div><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="d0e91">1. Document
Conventions</h2></div></div></div><div
class="para">
This manual uses several conventions to highlight certain words and phrases and draw
attention to specific pieces of information.
</div><div class="para">
In PDF and paper editions, this manual uses typefaces drawn from the <a
href="https://fedorahosted.org/liberation-fonts/">Liberation Fonts</a>
set. The Liberation Fonts set is also used in HTML editions if the set is installed on
your system. If not, alternative but equivalent typefaces are displayed. Note: Red Hat
Enterprise Linux 5 and later includes the Liberation Fonts set by default.
Index: sect-Security_Guide-Additional_Resources-Related_Books.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Related_Books.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Additional_Resources-Related_Books.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Additional_Resources-Related_Books.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Books</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"
title="2.5.5. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"
title="2.5.5.2. Useful TCP Wrappers Websites"/><link rel="next"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/>
</a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Related_Books">2.5.5.3. Related
Books</h4></div></div></div><a id="d0e9152"
class="indexterm"/><a id="d0e9159"
class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Books</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"
title="2.5.5. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"
title="2.5.5.2. Useful TCP Wrappers Websites"/><link rel="next"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/>
</a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Related_Books">2.5.5.3. Related
Books</h4></div></div></div><a id="d0e9152"
class="indexterm"/><a id="d0e9159"
class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
<em class="citetitle">Hacking Linux Exposed</em> by Brian
Hatch, James Lee, and George Kurtz; Osbourne/McGraw-Hill — An excellent security resource
with information about TCP Wrappers and <code
class="systemitem">xinetd</code>.
</div></li></ul></div></div><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Prev</strong>2.5.5.2. Useful
TCP Wrappers Websites</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos.html"><strong>Next</strong>2.6. Kerberos</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Additional_Resources-Related_Documentation.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Related_Documentation.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Additional_Resources-Related_Documentation.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-Additional_Resources-Related_Documentation.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Documentation</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Additional_Resources.html"
title="2.8.9. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"
title="2.8.9.2. Useful Firewall Websites"/><link rel="next"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul cl
ass="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Related_Documentation">2.8.9.3. Related
Documentation</h4></div></div></div><div
class="itemizedlist"><ul><li><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Documentation</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Additional_Resources.html"
title="2.8.9. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"
title="2.8.9.2. Useful Firewall Websites"/><link rel="next"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul cl
ass="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Related_Documentation">2.8.9.3. Related
Documentation</h4></div></div></div><div
class="itemizedlist"><ul><li><div class="para">
<em class="citetitle">Red Hat Linux Firewalls</em>, by Bill
McCarty; Red Hat Press — a comprehensive reference to building network and server
firewalls using open source packet filtering technology such as Netfilter and <code
class="command">iptables</code>. It includes topics that cover
analyzing firewall logs, developing firewall rules, and customizing your firewall using
various graphical tools.
</div></li><li><div class="para">
<em class="citetitle">Linux Firewalls</em>, by Robert
Ziegler; New Riders Press — contains a wealth of information on building firewalls using
both 2.2 kernel <code class="command">ipchains</code> as well as
Netfilter and <code class="command">iptables</code>. Additional
security topics such as remote access issues and intrusion detection systems are also
covered.
Index: sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Firewall Websites</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Additional_Resources.html"
title="2.8.9. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-Firewalls-Additional_Resources.html"
title="2.8.9. Additional Resources"/><link rel="next"
href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"
title="2.8.9.3. Related Documentation"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites">2.8.9.2. Useful
Firewall Websites</h4></div></div></div><div
class="itemizedlist"><ul><li><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Firewall Websites</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Additional_Resources.html"
title="2.8.9. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-Firewalls-Additional_Resources.html"
title="2.8.9. Additional Resources"/><link rel="next"
href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"
title="2.8.9.3. Related Documentation"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites">2.8.9.2. Useful
Firewall Websites</h4></div></div></div><div
class="itemizedlist"><ul><li><div class="para">
<a
href="http://www.netfilter.org/">http://www.netfilter.org/&l... — The
official homepage of the Netfilter and <code
class="command">iptables</code> project.
</div></li><li><div class="para">
<a
href="http://www.tldp.org/">http://www.tldp.org/</a> — The
Linux Documentation Project contains several useful guides relating to firewall creation
and administration.
Index: sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
IP Tables Websites</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables-Additional_Resources.html"
title="2.9.7. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-IPTables-Additional_Resources.html"
title="2.9.7. Additional Resources"/><link rel="next"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="chap-Security_Guide-Encryption.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites">2.9.7.2. Useful
IP Tables Websites</h4></div></div></div><a
id="d0e16278" class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
IP Tables Websites</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables-Additional_Resources.html"
title="2.9.7. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-IPTables-Additional_Resources.html"
title="2.9.7. Additional Resources"/><link rel="next"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="chap-Security_Guide-Encryption.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites">2.9.7.2. Useful
IP Tables Websites</h4></div></div></div><a
id="d0e16278" class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
<a
href="http://www.netfilter.org/">http://www.netfilter.org/&l... — The
home of the netfilter/iptables project. Contains assorted information about <code
class="command">iptables</code>, including a FAQ addressing specific
problems and various helpful guides by Rusty Russell, the Linux IP firewall maintainer.
The HOWTO documents on the site cover subjects such as basic networking concepts, kernel
packet filtering, and NAT configurations.
</div></li><li><div class="para">
<a
href="http://www.linuxnewbie.org/nhf/Security/IPtables_Basics.html&q...
— An introduction to the way packets move through the Linux kernel, plus an introduction
to constructing basic <code class="command">iptables</code>
commands.
Index: sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Kerberos Websites</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos-Additional_Resources.html"
title="2.6.10. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Additional_Resources.html"
title="2.6.10. Additional Resources"/><link rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Document
ation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites">2.6.10.2. Useful
Kerberos Websites</h4></div></div></div><a
id="d0e10870" class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Kerberos Websites</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos-Additional_Resources.html"
title="2.6.10. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Additional_Resources.html"
title="2.6.10. Additional Resources"/><link rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Document
ation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites">2.6.10.2. Useful
Kerberos Websites</h4></div></div></div><a
id="d0e10870" class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
<a
href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/k...
— <em class="citetitle">Kerberos: The Network Authentication
Protocol</em> webpage from MIT.
</div></li><li><div class="para">
<a
href="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html"...
— The Kerberos Frequently Asked Questions (FAQ).
Index: sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
PAM Websites</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"
title="2.4.8. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"
title="2.4.8. Additional Resources"/><link rel="next"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP
Wrappers and xinetd"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/ima
ges/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites">2.4.8.2. Useful
PAM Websites</h4></div></div></div><a id="d0e7125"
class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
PAM Websites</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"
title="2.4.8. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"
title="2.4.8. Additional Resources"/><link rel="next"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP
Wrappers and xinetd"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/ima
ges/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites">2.4.8.2. Useful
PAM Websites</h4></div></div></div><a id="d0e7125"
class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
<a
href="http://www.kernel.org/pub/linux/libs/pam/">http://www....
— The primary distribution website for the Linux-PAM project, containing information on
various PAM modules, a FAQ, and additional PAM documentation.
</div><div class="note"><h2>Note</h2><div
class="para">
The documentation in the above website is for the last released upstream version
of PAM and might not be 100% accurate for the PAM version included in Fedora.
Index: sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
TCP Wrappers Websites</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"
title="2.5.5. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"
title="2.5.5. Additional Resources"/><link rel="next"
href="sect-Security_Guide-Additional_Resources-Related_Books.html"
title="2.5.5.3. Related Books"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_ri
ght.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites">2.5.5.2. Useful
TCP Wrappers Websites</h4></div></div></div><a
id="d0e9115" class="indexterm"/><a id="d0e9122"
class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
TCP Wrappers Websites</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"
title="2.5.5. Additional Resources"/><link rel="prev"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"
title="2.5.5. Additional Resources"/><link rel="next"
href="sect-Security_Guide-Additional_Resources-Related_Books.html"
title="2.5.5.3. Related Books"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_ri
ght.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites">2.5.5.2. Useful
TCP Wrappers Websites</h4></div></div></div><a
id="d0e9115" class="indexterm"/><a id="d0e9122"
class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
<a
href="http://www.xinetd.org">http://www.xinetd.org/</a> —
The home of <code class="systemitem">xinetd</code>, containing
sample configuration files, a full listing of features, and an informative FAQ.
</div></li><li><div class="para">
<a
href="http://www.macsecurity.org/resources/xinetd/tutorial.shtml&quo...
— A thorough tutorial that discusses many different ways to optimize default <code
class="systemitem">xinetd</code> configuration files to meet specific
security goals.
Index:
sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html 22
Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Control Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"
title="2.5.4.3. Altering xinetd Configuration Files"/><link
rel="prev"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"
title="2.5.4.3. Altering xinetd Configuration Files"/><link
rel="next"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"
title="2.5.4.3.3. Binding and Redirection
Options"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png"
alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options">2.5.4.3.2. Access
Control Options</h5></div></div></div><a id="d0e8648"
class="indexterm"/><a id="d0e8656"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Control Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"
title="2.5.4.3. Altering xinetd Configuration Files"/><link
rel="prev"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"
title="2.5.4.3. Altering xinetd Configuration Files"/><link
rel="next"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"
title="2.5.4.3.3. Binding and Redirection
Options"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png"
alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options">2.5.4.3.2. Access
Control Options</h5></div></div></div><a id="d0e8648"
class="indexterm"/><a id="d0e8656"
class="indexterm"/><div class="para">
Users of <code class="systemitem">xinetd</code> services can
choose to use the TCP Wrappers hosts access rules, provide access control via the <code
class="systemitem">xinetd</code> configuration files, or a mixture of
both. Refer to <a class="xref"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"
title="2.5.2. TCP Wrappers Configuration Files">Section 2.5.2, “TCP Wrappers
Configuration Files”</a> for more information about TCP Wrappers hosts access
control files.
</div><div class="para">
This section discusses using <code
class="systemitem">xinetd</code> to control access to services.
Index:
sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Redirection Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"
title="2.5.4.3. Altering xinetd Configuration Files"/><link
rel="prev"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"
title="2.5.4.3.2. Access Control Options"/><link rel="next"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"
title="2.5.4.3.4. Resource Management
Options"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options">2.5.4.3.3. Binding
and Redirection Options</h5></div></div></div><a
id="d0e8818" class="indexterm"/><a id="d0e8826"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Redirection Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"
title="2.5.4.3. Altering xinetd Configuration Files"/><link
rel="prev"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"
title="2.5.4.3.2. Access Control Options"/><link rel="next"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"
title="2.5.4.3.4. Resource Management
Options"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options">2.5.4.3.3. Binding
and Redirection Options</h5></div></div></div><a
id="d0e8818" class="indexterm"/><a id="d0e8826"
class="indexterm"/><div class="para">
The service configuration files for <code
class="systemitem">xinetd</code> support binding the service to an IP
address and redirecting incoming requests for that service to another IP address,
hostname, or port.
</div><div class="para">
Binding is controlled with the <code
class="option">bind</code> option in the service-specific configuration
files and links the service to one IP address on the system. When this is configured, the
<code class="option">bind</code> option only allows requests to the
correct IP address to access the service. You can use this method to bind different
services to different network interfaces based on requirements.
Index:
sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Management Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"
title="2.5.4.3. Altering xinetd Configuration Files"/><link
rel="prev"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"
title="2.5.4.3.3. Binding and Redirection Options"/><link
rel="next"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"
title="2.5.5. Additional Resources"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a cl
ass="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options">2.5.4.3.4. Resource
Management Options</h5></div></div></div><a
id="d0e8908" class="indexterm"/><a id="d0e8916"
class="indexterm"/><a id="d0e8922"
class="indexterm"/><a id="d0e8927"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Management Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"
title="2.5.4.3. Altering xinetd Configuration Files"/><link
rel="prev"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"
title="2.5.4.3.3. Binding and Redirection Options"/><link
rel="next"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"
title="2.5.5. Additional Resources"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a cl
ass="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options">2.5.4.3.4. Resource
Management Options</h5></div></div></div><a
id="d0e8908" class="indexterm"/><a id="d0e8916"
class="indexterm"/><a id="d0e8922"
class="indexterm"/><a id="d0e8927"
class="indexterm"/><div class="para">
The <code class="systemitem">xinetd</code> daemon can add a
basic level of protection from Denial of Service (DoS) attacks. The following is a list of
directives which can aid in limiting the effectiveness of such attacks:
</div><div class="itemizedlist"><ul><li><div
class="para">
<code class="option">per_source</code> — Defines the maximum
number of instances for a service per source IP address. It accepts only integers as an
argument and can be used in both <code
class="filename">xinetd.conf</code> and in the service-specific
configuration files in the <code class="filename">xinetd.d/</code>
directory.
Index: sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html 22
Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
to Network Security</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"
title="1.3. Attackers and Vulnerabilities"/><link rel="prev"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"
title="1.3. Attackers and Vulnerabilities"/><link rel="next"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"
title="1.3.3. Threats to Server Security"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/i
mages/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.3.2. Threats
to Network Security</h3></div></div></div><a
id="d0e1033" class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
to Network Security</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"
title="1.3. Attackers and Vulnerabilities"/><link rel="prev"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"
title="1.3. Attackers and Vulnerabilities"/><link rel="next"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"
title="1.3.3. Threats to Server Security"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/i
mages/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.3.2. Threats
to Network Security</h3></div></div></div><a
id="d0e1033" class="indexterm"/><div class="para">
Bad practices when configuring the following aspects of a network can increase the
risk of attack.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures">1.3.2.1. Insecure
Architectures</h4></div></div></div><a id="d0e1043"
class="indexterm"/><div class="para">
A misconfigured network is a primary entry point for unauthorized users. Leaving a
trust-based, open local network vulnerable to the highly-insecure Internet is much like
leaving a door ajar in a crime-ridden neighborhood — nothing may happen for an arbitrary
amount of time, but <span
class="emphasis"><em>eventually</em></span> someone
exploits the opportunity.
Index: sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html 22
Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
to Server Security</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"
title="1.3. Attackers and Vulnerabilities"/><link rel="prev"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"
title="1.3.2. Threats to Network Security"/><link rel="next"
href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"
title="1.3.3.2. Unpatched Services"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.3.3. Threats
to Server Security</h3></div></div></div><a
id="d0e1074" class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
to Server Security</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"
title="1.3. Attackers and Vulnerabilities"/><link rel="prev"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"
title="1.3.2. Threats to Network Security"/><link rel="next"
href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"
title="1.3.3.2. Unpatched Services"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.3.3. Threats
to Server Security</h3></div></div></div><a
id="d0e1074" class="indexterm"/><div class="para">
Server security is as important as network security because servers often hold a great
deal of an organization's vital information. If a server is compromised, all of its
contents may become available for the cracker to steal or manipulate at will. The
following sections detail some of the main issues.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports">1.3.3.1. Unused
Services and Open Ports</h4></div></div></div><a
id="d0e1084" class="indexterm"/><div class="para">
A full installation of Fedora contains 1000+ application and library packages.
However, most server administrators do not opt to install every single package in the
distribution, preferring instead to install a base installation of packages, including
several server applications.
Index:
sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
to Workstation and Home PC Security</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"
title="1.3. Attackers and Vulnerabilities"/><link rel="prev"
href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"
title="1.3.3.4. Inherently Insecure Services"/><link rel="next"
href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"
title="1.3.4.2. Vulnerable Client
Applications"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="r
ight" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.3.4. Threats
to Workstation and Home PC Security</h3></div></div></div><a
id="d0e1172" class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
to Workstation and Home PC Security</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"
title="1.3. Attackers and Vulnerabilities"/><link rel="prev"
href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"
title="1.3.3.4. Inherently Insecure Services"/><link rel="next"
href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"
title="1.3.4.2. Vulnerable Client
Applications"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="r
ight" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.3.4. Threats
to Workstation and Home PC Security</h3></div></div></div><a
id="d0e1172" class="indexterm"/><div class="para">
Workstations and home PCs may not be as prone to attack as networks or servers, but
since they often contain sensitive data, such as credit card information, they are
targeted by system crackers. Workstations can also be co-opted without the user's
knowledge and used by attackers as "slave" machines in coordinated attacks. For
these reasons, knowing the vulnerabilities of a workstation can save users the headache of
reinstalling the operating system, or worse, recovering from data theft.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords">1.3.4.1. Bad
Passwords</h4></div></div></div><a id="d0e1182"
class="indexterm"/><div class="para">
Bad passwords are one of the easiest ways for an attacker to gain access to a system.
For more on how to avoid common pitfalls when creating a password, refer to <a
class="xref"
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security"
title="2.1.3. Password Security">Section 2.1.3, “Password
Security”</a>.
Index: sect-Security_Guide-Attackers_and_Vulnerabilities.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Attackers_and_Vulnerabilities.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Attackers_and_Vulnerabilities.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Attackers_and_Vulnerabilities.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Vulnerabilities</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Security_Overview.html"
title="Chapter 1. Security Overview"/><link rel="prev"
href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"
title="1.2.3.5. Anticipating Your Future Needs"/><link
rel="next"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"
title="1.3.2. Threats to Network Security"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Attackers_and_Vulnerabilities">1.3. Attackers and
Vulnerabilities</h2></div></div></div><a id="d0e933"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Vulnerabilities</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Security_Overview.html"
title="Chapter 1. Security Overview"/><link rel="prev"
href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"
title="1.2.3.5. Anticipating Your Future Needs"/><link
rel="next"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"
title="1.3.2. Threats to Network Security"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Attackers_and_Vulnerabilities">1.3. Attackers and
Vulnerabilities</h2></div></div></div><a id="d0e933"
class="indexterm"/><div class="para">
To plan and implement a good security strategy, first be aware of some of the issues
which determined, motivated attackers exploit to compromise systems. But before detailing
these issues, the terminology used when identifying an attacker must be defined.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1. A
Quick History of Hackers</h3></div></div></div><a
id="d0e941" class="indexterm"/><a id="d0e946"
class="indexterm"/><div class="para">
The modern meaning of the term <em class="firstterm">hacker</em>
has origins dating back to the 1960s and the Massachusetts Institute of Technology (MIT)
Tech Model Railroad Club, which designed train sets of large scale and intricate detail.
Hacker was a name used for club members who discovered a clever trick or workaround for a
problem.
Index:
sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
the IPTables Service</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/><link rel="prev"
href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"
title="2.8.2.5. Saving the Settings"/><link rel="next"
href="sect-Security_Guide-Firewalls-Using_IPTables.html"
title="2.8.3. Using IPTables"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_rig
ht.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">2.8.2.6. Activating
the IPTables Service</h4></div></div></div><a
id="d0e13140" class="indexterm"/><a id="d0e13148"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
the IPTables Service</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/><link rel="prev"
href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"
title="2.8.2.5. Saving the Settings"/><link rel="next"
href="sect-Security_Guide-Firewalls-Using_IPTables.html"
title="2.8.3. Using IPTables"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_rig
ht.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">2.8.2.6. Activating
the IPTables Service</h4></div></div></div><a
id="d0e13140" class="indexterm"/><a id="d0e13148"
class="indexterm"/><div class="para">
The firewall rules are only active if the <code
class="command">iptables</code> service is running. To manually start
the service, use the following command:
</div><pre class="screen">[root@myServer ~] # service iptables
restart
</pre><div class="para">
Index:
sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Disabling the Firewall</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/><link rel="prev"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/><link rel="next"
href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"
title="2.8.2.3. Trusted Services"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall">2.8.2.2. Enabling
and Disabling the Firewall</h4></div></div></div><a
id="d0e12938" class="indexterm"/><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Disabling the Firewall</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/><link rel="prev"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/><link rel="next"
href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"
title="2.8.2.3. Trusted Services"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall">2.8.2.2. Enabling
and Disabling the Firewall</h4></div></div></div><a
id="d0e12938" class="indexterm"/><div
class="para">
Select one of the following options for the firewall:
</div><div class="itemizedlist"><ul><li><div
class="para">
<span
class="guilabel"><strong>Disabled</strong></span> —
Disabling the firewall provides complete access to your system and does no security
checking. This should only be selected if you are running on a trusted network (not the
Internet) or need to configure a custom firewall using the iptables command line tool.
Index: sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Ports</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/><link rel="prev"
href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"
title="2.8.2.3. Trusted Services"/><link rel="next"
href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"
title="2.8.2.5. Saving the Settings"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/imag
e_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">2.8.2.4. Other
Ports</h4></div></div></div><a id="d0e13065"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Ports</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/><link rel="prev"
href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"
title="2.8.2.3. Trusted Services"/><link rel="next"
href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"
title="2.8.2.5. Saving the Settings"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/imag
e_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">2.8.2.4. Other
Ports</h4></div></div></div><a id="d0e13065"
class="indexterm"/><div class="para">
The <span class="application"><strong>Security Level
Configuration Tool</strong></span> includes an <span
class="guilabel"><strong>Other ports</strong></span>
section for specifying custom IP ports as being trusted by <code
class="command">iptables</code>. For example, to allow IRC and Internet
printing protocol (IPP) to pass through the firewall, add the following to the <span
class="guilabel"><strong>Other ports</strong></span>
section:
</div><div class="para">
<code class="computeroutput">194:tcp,631:tcp</code>
Index: sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
the Settings</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/><link rel="prev"
href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"
title="2.8.2.4. Other Ports"/><link rel="next"
href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"
title="2.8.2.6. Activating the IPTables
Service"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings">2.8.2.5. Saving
the Settings</h4></div></div></div><a id="d0e13093"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
the Settings</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/><link rel="prev"
href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"
title="2.8.2.4. Other Ports"/><link rel="next"
href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"
title="2.8.2.6. Activating the IPTables
Service"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings">2.8.2.5. Saving
the Settings</h4></div></div></div><a id="d0e13093"
class="indexterm"/><div class="para">
Click <span
class="guibutton"><strong>OK</strong></span> to save the
changes and enable or disable the firewall. If <span
class="guilabel"><strong>Enable firewall</strong></span>
was selected, the options selected are translated to <code
class="command">iptables</code> commands and written to the <code
class="filename">/etc/sysconfig/iptables</code> file. The <code
class="command">iptables</code> service is also started so that the
firewall is activated immediately after saving the selected options. If <span
class="guilabel"><strong>Disable firewall</strong></span>
was selected, the <code
class="filename">/etc/sysconfig/iptables</code> file is removed and the
<code class="command">iptables</code> service is stopped
immediately.
</div><div class="para">
The selected options are also written to the <code
class="filename">/etc/sysconfig/system-config-securitylevel</code> file
so that the settings can be restored the next time the application is started. Do not edit
this file by hand.
Index: sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Services</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/><link rel="prev"
href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"
title="2.8.2.2. Enabling and Disabling the Firewall"/><link
rel="next"
href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"
title="2.8.2.4. Other Ports"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src=
"Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services">2.8.2.3. Trusted
Services</h4></div></div></div><a id="d0e12978"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Services</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/><link rel="prev"
href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"
title="2.8.2.2. Enabling and Disabling the Firewall"/><link
rel="next"
href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"
title="2.8.2.4. Other Ports"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src=
"Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services">2.8.2.3. Trusted
Services</h4></div></div></div><a id="d0e12978"
class="indexterm"/><div class="para">
Enabling options in the <span class="guilabel"><strong>Trusted
services</strong></span> list allows the specified service to pass through the
firewall.
</div><div class="variablelist"><dl><dt><span
class="term"><span class="guilabel"><strong>WWW
(HTTP)</strong></span></span></dt><dd><div
class="para">
The HTTP protocol is used by Apache (and by other Web servers) to serve web pages.
If you plan on making your Web server publicly available, select this check box. This
option is not required for viewing pages locally or for developing web pages. This service
requires that the <code class="filename">httpd</code> package be
installed.
Index: sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/><link rel="next"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"
title="2.9.3.3. IPTables Parameter Options"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_
Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options">2.9.3.2. Command
Options</h4></div></div></div><a id="d0e14492"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/><link rel="next"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"
title="2.9.3.3. IPTables Parameter Options"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_
Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options">2.9.3.2. Command
Options</h4></div></div></div><a id="d0e14492"
class="indexterm"/><div class="para">
Command options instruct <code class="command">iptables</code>
to perform a specific action. Only one command option is allowed per <code
class="command">iptables</code> command. With the exception of the help
command, all commands are written in upper-case characters.
</div><div class="para">
The <code class="command">iptables</code> commands are as
follows:
@@ -21,11 +21,11 @@
<code class="option">-h</code> — Provides a list of command
structures, as well as a quick summary of command parameters and options.
</div></li><li><div class="para">
<code class="option">-I [<integer>]</code> —
Inserts the rule in the specified chain at a point specified by a user-defined integer
argument. If no argument is specified, the rule is inserted at the top of the chain.
- </div><div class="caution"><h2>Caution</h2><div
class="para">
- As noted above, the order of rules in a chain determines which rules apply to which
packets. This is important to remember when adding rules using either the <code
class="option">-A</code> or <code
class="option">-I</code> option.
- </div><div class="para">
- This is especially important when adding rules using the <code
class="option">-I</code> with an integer argument. If you specify an
existing number when adding a rule to a chain, <code
class="command">iptables</code> adds the new rule <span
class="emphasis"><em>before</em></span> (or above) the
existing rule.
- </div></div></li><li><div class="para">
+ </div><div
class="important"><h2>Important</h2><div
class="para">
+ As noted above, the order of rules in a chain determines which rules apply to
which packets. This is important to remember when adding rules using either the <code
class="option">-A</code> or <code
class="option">-I</code> option.
+ </div><div class="para">
+ This is especially important when adding rules using the <code
class="option">-I</code> with an integer argument. If you specify an
existing number when adding a rule to a chain, <code
class="command">iptables</code> adds the new rule <span
class="emphasis"><em>before</em></span> (or above) the
existing rule.
+ </div></div></li><li><div class="para">
<code class="option">-L</code> — Lists all of the rules in
the chain specified after the command. To list all rules in all chains in the default
<code class="option">filter</code> table, do not specify a chain or
table. Otherwise, the following syntax should be used to list the rules in a specific
chain in a particular table:
</div><pre class="screen"><code
class="computeroutput"> iptables -L <em
class="replaceable"><code><chain-name></code></em>
-t <em
class="replaceable"><code><table-name></code></em></code>
</pre><div class="para">
Index: sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html 22 Dec
2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html 24 Dec
2008 01:24:52 -0000 1.2
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Match Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/><link rel="prev"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"
title="2.9.3.3. IPTables Parameter Options"/><link rel="next"
href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"
title="2.9.3.4.2. UDP Protocol"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content
/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">2.9.3.4. IPTables
Match Options</h4></div></div></div><a id="d0e14889"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Match Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/><link rel="prev"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"
title="2.9.3.3. IPTables Parameter Options"/><link rel="next"
href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"
title="2.9.3.4.2. UDP Protocol"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content
/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">2.9.3.4. IPTables
Match Options</h4></div></div></div><a id="d0e14889"
class="indexterm"/><div class="para">
Different network protocols provide specialized matching options which can be
configured to match a particular packet using that protocol. However, the protocol must
first be specified in the <code class="command">iptables</code>
command. For example, <code class="option">-p <em
class="replaceable"><code><protocol-name></code></em></code>
enables options for the specified protocol. Note that you can also use the protocol ID,
instead of the protocol name. Refer to the following examples, each of which have the same
effect:
</div><pre class="screen"><code class="command">
iptables -A INPUT -p icmp --icmp-type any -j ACCEPT </code><code
class="command"> iptables -A INPUT -p 5813 --icmp-type any -j ACCEPT
</code>
</pre><div class="para">
Service definitions are provided in the <code
class="filename">/etc/services</code> file. For readability, it is
recommended that you use the service names rather than the port numbers.
- </div><div
class="important"><h2>Important</h2><div
class="para">
+ </div><div class="warning"><h2>Warning</h2><div
class="para">
Secure the <code class="filename">/etc/services</code> file to
prevent unauthorized editing. If this file is editable, crackers can use it to enable
ports on your machine you have otherwise closed. To secure this file, type the following
commands as root:
</div><pre class="screen"><code
class="command"> [root@myServer ~]# chown root.root /etc/services
[root@myServer ~]# chmod 0644 /etc/services [root@myServer ~]# chattr +i /etc/services
</code>
</pre><div class="para">
Index: sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html 22
Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Parameter Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/><link rel="prev"
href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"
title="2.9.3.2. Command Options"/><link rel="next"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"
title="2.9.3.4. IPTables Match Options"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_C
ontent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options">2.9.3.3. IPTables
Parameter Options</h4></div></div></div><a
id="d0e14656" class="indexterm"/><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Parameter Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/><link rel="prev"
href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"
title="2.9.3.2. Command Options"/><link rel="next"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"
title="2.9.3.4. IPTables Match Options"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_C
ontent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options">2.9.3.3. IPTables
Parameter Options</h4></div></div></div><a
id="d0e14656" class="indexterm"/><div
class="para">
Certain <code class="command">iptables</code> commands,
including those used to add, append, delete, insert, or replace rules within a particular
chain, require various parameters to construct a packet filtering rule.
</div><div class="itemizedlist"><ul><li><div
class="para">
<code class="option">-c</code> — Resets the counters for a
particular rule. This parameter accepts the <code
class="option">PKTS</code> and <code
class="option">BYTES</code> options to specify which counter to reset.
Index: sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/><link rel="prev"
href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"
title="2.9.3.5. Target Options"/><link rel="next"
href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"
title="2.9.4. Saving IPTables Rules"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="D
ocumentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">2.9.3.6. Listing
Options</h4></div></div></div><a id="d0e15519"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/><link rel="prev"
href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"
title="2.9.3.5. Target Options"/><link rel="next"
href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"
title="2.9.4. Saving IPTables Rules"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="D
ocumentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">2.9.3.6. Listing
Options</h4></div></div></div><a id="d0e15519"
class="indexterm"/><div class="para">
The default list command, <code class="command">iptables -L
[<chain-name>]</code>, provides a very basic overview of the default
filter table's current chains. Additional options provide more information:
</div><div class="itemizedlist"><ul><li><div
class="para">
<code class="option">-v</code> — Displays verbose output,
such as the number of packets and bytes each chain has processed, the number of packets
and bytes each rule has matched, and which interfaces apply to a particular rule.
Index: sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"
title="2.9.3.4.4. Additional Match Option Modules"/><link
rel="next"
href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"
title="2.9.3.6. Listing Options"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options">2.9.3.5. Target
Options</h4></div></div></div><a id="d0e15360"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Options</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"
title="2.9.3.4.4. Additional Match Option Modules"/><link
rel="next"
href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"
title="2.9.3.6. Listing Options"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options">2.9.3.5. Target
Options</h4></div></div></div><a id="d0e15360"
class="indexterm"/><div class="para">
When a packet has matched a particular rule, the rule can direct the packet to a
number of different targets which determine the appropriate action. Each chain has a
default target, which is used if none of the rules on that chain match a packet or if none
of the rules which match the packet specify a target.
</div><div class="para">
The following are the standard targets:
Index: sect-Security_Guide-Common_Exploits_and_Attacks.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Common_Exploits_and_Attacks.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Common_Exploits_and_Attacks.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Common_Exploits_and_Attacks.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Exploits and Attacks</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Security_Overview.html"
title="Chapter 1. Security Overview"/><link rel="prev"
href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"
title="1.3.4.2. Vulnerable Client Applications"/><link
rel="next" href="sect-Security_Guide-Security_Updates.html"
title="1.5. Security Updates"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png
" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Security_Updates.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Common Exploits and
Attacks</h2></div></div></div><a id="d0e1212"
class="indexterm"/><a id="d0e1217"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Exploits and Attacks</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Security_Overview.html"
title="Chapter 1. Security Overview"/><link rel="prev"
href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"
title="1.3.4.2. Vulnerable Client Applications"/><link
rel="next" href="sect-Security_Guide-Security_Updates.html"
title="1.5. Security Updates"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png
" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Security_Updates.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Common Exploits and
Attacks</h2></div></div></div><a id="d0e1212"
class="indexterm"/><a id="d0e1217"
class="indexterm"/><div class="para">
<a class="xref"
href="sect-Security_Guide-Common_Exploits_and_Attacks.html#tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits"
title="Table 1.1. Common Exploits">Table 1.1, “Common Exploits”</a>
details some of the most common exploits and entry points used by intruders to access
organizational network resources. Key to these common exploits are the explanations of how
they are performed and how administrators can properly safeguard their network against
such attacks.
</div><div class="table"
id="tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits"><div
class="table-contents"><table summary="Common Exploits"
border="1"><colgroup><col width="2*"/><col
width="4*"/><col
width="4*"/></colgroup><thead><tr><th>
Exploit
Index:
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Installation Instructions</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"
title="3.8. 7-Zip Encrypted Archives"/><link rel="prev"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"
title="3.8. 7-Zip Encrypted Archives"/><link rel="next"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"
title="3.8.3. Step-by-Step Usage
Instructions"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="
Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">3.8.2. Step-by-Step
Installation Instructions</h3></div></div></div><div
class="itemizedlist"><ul><li><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Installation Instructions</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"
title="3.8. 7-Zip Encrypted Archives"/><link rel="prev"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"
title="3.8. 7-Zip Encrypted Archives"/><link rel="next"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"
title="3.8.3. Step-by-Step Usage
Instructions"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="
Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">3.8.2. Step-by-Step
Installation Instructions</h3></div></div></div><div
class="itemizedlist"><ul><li><div class="para">
Open a Terminal: <code class="code">Click
''Applications'' -> ''System Tools'' ->
''Terminal''</code>
</div></li><li><div class="para">
Install 7-Zip with sudo access: <code class="code">sudo yum install
p7zip</code>
Index: sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html 22 Dec
2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html 24 Dec
2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
of note</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"
title="3.8. 7-Zip Encrypted Archives"/><link rel="prev"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"
title="3.8.3. Step-by-Step Usage Instructions"/><link rel="next"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"
title="Chapter 4. General Principles of Information
Security"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><i
mg src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">3.8.4. Things
of note</h3></div></div></div><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
of note</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"
title="3.8. 7-Zip Encrypted Archives"/><link rel="prev"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"
title="3.8.3. Step-by-Step Usage Instructions"/><link rel="next"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"
title="Chapter 4. General Principles of Information
Security"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><i
mg src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">3.8.4. Things
of note</h3></div></div></div><div class="para">
7-Zip is not shipped by default with Microsoft Windows or Mac OS X. If you need to use
your 7-Zip files on those platforms you will need to install the appropriate version of
7-Zip on those computers. See the 7-Zip <a
href="http://www.7-zip.org/download.html">download page</a>.
</div><div class="para">
GNOME's File Roller application will recognize your .7z files and attempt to open
them, but it will fail with the error "''An error occurred while loading the
archive.''" when it attempts to do so. This is because File Roller does not
currently support the extraction of encrypted 7-Zip files. A bug report
([
http://bugzilla.gnome.org/show_bug.cgi?id=490732 Gnome Bug 490732]) has been submitted.
Index: sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html 22 Dec
2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html 24 Dec
2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Usage Instructions</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"
title="3.8. 7-Zip Encrypted Archives"/><link rel="prev"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"
title="3.8.2. Step-by-Step Installation Instructions"/><link
rel="next"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"
title="3.8.4. Things of note"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.o
rg"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">3.8.3. Step-by-Step
Usage Instructions</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Usage Instructions</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"
title="3.8. 7-Zip Encrypted Archives"/><link rel="prev"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"
title="3.8.2. Step-by-Step Installation Instructions"/><link
rel="next"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"
title="3.8.4. Things of note"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.o
rg"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">3.8.3. Step-by-Step
Usage Instructions</h3></div></div></div><div
class="para">
By following these instructions you are going to compress and encrypt your
"Documents" directory. Your original "Documents" directory will remain
unaltered. This technique can be applied to any directory or file you have access to on
the filesystem.
</div><div class="itemizedlist"><ul><li><div
class="para">
Open a Terminal:<code class="code">Click
''Applications'' -> ''System Tools'' ->
''Terminal''</code>
Index: sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Encrypted Archives</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"
title="3.7.5. Links of Interest"/><link rel="next"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"
title="3.8.2. Step-by-Step Installation
Instructions"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.pn
g" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">3.8. 7-Zip
Encrypted Archives</h2></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Encrypted Archives</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"
title="3.7.5. Links of Interest"/><link rel="next"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"
title="3.8.2. Step-by-Step Installation
Instructions"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.pn
g" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">3.8. 7-Zip
Encrypted Archives</h2></div></div></div><div
class="para">
<a
href="http://www.7-zip.org/">7-Zip</a> is a cross-platform,
next generation, file compression tool that can also use strong encryption (AES-256) to
protect the contents of the archive. This is extremely useful when you need to move data
between multiple computers that use varying operating systems (i.e. Linux at home, Windows
at work) and you want a portable encryption solution.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1. 7-Zip
Installation in Fedora</h3></div></div></div><div
class="para">
7-Zip is not a base package in Fedora, but it is available in the software repository.
Once installed, the package will update alongside the rest of the software on the computer
with no special attention necessary.
Index: sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html 22
Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... Disk
Encryption</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="next"
href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"
title="3.3. File Based Encryption"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li cla
ss="previous"><a accesskey="p"
href="chap-Security_Guide-Encryption.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">3.2. Full
Disk Encryption</h2></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... Disk
Encryption</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="next"
href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"
title="3.3. File Based Encryption"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li cla
ss="previous"><a accesskey="p"
href="chap-Security_Guide-Encryption.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">3.2. Full
Disk Encryption</h2></div></div></div><div
class="para">
Full disk or partition encryption is one of the best ways of protecting your data. Not
only is each file protected but also the temporary storage that may contain parts of these
files is also protected. Full disk encryption will protect all of your files so you
don't have to worry about selecting what you want to protect and possibly missing a
file.
</div><div class="para">
Fedora 9 natively supports LUKS Encryption. LUKS will bulk encrypt your hard drive
partitions so that while your computer is off your data is protected. This will also
protect your computer from attackers attempting to use single-user-mode to login to your
computer or otherwise gain access. LUKS can be manually setup on Fedora 8.
Index: sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html 22 Dec
2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html 24 Dec
2008 01:24:52 -0000 1.2
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Your Future Needs</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"
title="1.2.3. Evaluating the Tools"/><link rel="prev"
href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"
title="1.2.3.4. VLAD the Scanner"/><link rel="next"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"
title="1.3. Attackers and Vulnerabilities"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs">1.2.3.5. Anticipating
Your Future Needs</h4></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Your Future Needs</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"
title="1.2.3. Evaluating the Tools"/><link rel="prev"
href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"
title="1.2.3.4. VLAD the Scanner"/><link rel="next"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"
title="1.3. Attackers and Vulnerabilities"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs">1.2.3.5. Anticipating
Your Future Needs</h4></div></div></div><div
class="para">
Depending upon your target and resources, there are many tools available. There are
tools for wireless networks, Novell networks, Windows systems, Linux systems, and more.
Another essential part of performing assessments may include reviewing physical security,
personnel screening, or voice/PBX network assessment. New concepts, such as <em
class="firstterm">war walking</em> scanning the perimeter of your
enterprise's physical structures for wireless network vulnerabilities are some
emerging concepts that you can investigate and, if needed, incorporate into your
assessments. Imagination and exposure are the only limits of planning and conducting
vulnerability assessments.
</div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Prev</strong>1.2.3.4. VLAD
the Scanner</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Next</strong>1.3. Attackers
and Vulnerabilities</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Evaluating_the_Tools-Nessus.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Evaluating_the_Tools-Nessus.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Evaluating_the_Tools-Nessus.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Evaluating_the_Tools-Nessus.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"
title="1.2.3. Evaluating the Tools"/><link rel="prev"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"
title="1.2.3. Evaluating the Tools"/><link rel="next"
href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"
title="1.2.3.3. Nikto"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/><
/a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Evaluating_the_Tools-Nessus">1.2.3.2. Nessus</h4></div></div></div><a
id="d0e847" class="indexterm"/><a id="d0e852"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"
title="1.2.3. Evaluating the Tools"/><link rel="prev"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"
title="1.2.3. Evaluating the Tools"/><link rel="next"
href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"
title="1.2.3.3. Nikto"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/><
/a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Evaluating_the_Tools-Nessus">1.2.3.2. Nessus</h4></div></div></div><a
id="d0e847" class="indexterm"/><a id="d0e852"
class="indexterm"/><div class="para">
Nessus is a full-service security scanner. The plug-in architecture of Nessus allows
users to customize it for their systems and networks. As with any scanner, Nessus is only
as good as the signature database it relies upon. Fortunately, Nessus is frequently
updated and features full reporting, host scanning, and real-time vulnerability searches.
Remember that there could be false positives and false negatives, even in a tool as
powerful and as frequently updated as Nessus.
</div><div class="note"><h2>Note</h2><div
class="para">
Nessus is not included with Fedora and is not supported. It has been included in
this document as a reference to users who may be interested in using this popular
application.
Index: sect-Security_Guide-Evaluating_the_Tools-Nikto.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Evaluating_the_Tools-Nikto.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Evaluating_the_Tools-Nikto.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Evaluating_the_Tools-Nikto.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"
title="1.2.3. Evaluating the Tools"/><link rel="prev"
href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"
title="1.2.3.2. Nessus"/><link rel="next"
href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"
title="1.2.3.4. VLAD the Scanner"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><u
l class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Evaluating_the_Tools-Nikto">1.2.3.3. Nikto</h4></div></div></div><a
id="d0e872" class="indexterm"/><a id="d0e877"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"
title="1.2.3. Evaluating the Tools"/><link rel="prev"
href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"
title="1.2.3.2. Nessus"/><link rel="next"
href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"
title="1.2.3.4. VLAD the Scanner"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><u
l class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Evaluating_the_Tools-Nikto">1.2.3.3. Nikto</h4></div></div></div><a
id="d0e872" class="indexterm"/><a id="d0e877"
class="indexterm"/><div class="para">
Nikto is an excellent common gateway interface (CGI) script scanner. Nikto not only
checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion
detection systems. It comes with thorough documentation which should be carefully reviewed
prior to running the program. If you have Web servers serving up CGI scripts, Nikto can be
an excellent resource for checking the security of these servers.
</div><div class="note"><h2>Note</h2><div
class="para">
Nikto is not included with Fedora and is not supported. It has been included in this
document as a reference to users who may be interested in using this popular application.
Index: sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
the Scanner</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"
title="1.2.3. Evaluating the Tools"/><link rel="prev"
href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"
title="1.2.3.3. Nikto"/><link rel="next"
href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"
title="1.2.3.5. Anticipating Your Future
Needs"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner">1.2.3.4. VLAD
the Scanner</h4></div></div></div><a id="d0e897"
class="indexterm"/><a id="d0e902"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
the Scanner</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"
title="1.2.3. Evaluating the Tools"/><link rel="prev"
href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"
title="1.2.3.3. Nikto"/><link rel="next"
href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"
title="1.2.3.5. Anticipating Your Future
Needs"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner">1.2.3.4. VLAD
the Scanner</h4></div></div></div><a id="d0e897"
class="indexterm"/><a id="d0e902"
class="indexterm"/><div class="para">
VLAD is a vulnerabilities scanner developed by the <acronym
class="acronym">RAZOR</acronym> team at Bindview, Inc., which checks
for the SANS Top Ten list of common security issues (SNMP issues, file sharing issues,
etc.). While not as full-featured as Nessus, VLAD is worth investigating.
</div><div class="note"><h2>Note</h2><div
class="para">
VLAD is not included with Fedora and is not supported. It has been included in this
document as a reference to users who may be interested in using this popular application.
Index: sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and IPTables</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"
title="2.8.5. FORWARD and NAT Rules"/><link rel="prev"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"
title="2.8.5.2. Prerouting"/><link rel="next"
href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"
title="2.8.6. Malicious Software and Spoofed IP
Addresses"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/imag
e_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables">2.8.5.3. DMZs
and IPTables</h4></div></div></div><a id="d0e13629"
class="indexterm"/><a id="d0e13635"
class="indexterm"/><a id="d0e13640"
class="indexterm"/><a id="d0e13643"
class="indexterm"/><a id="d0e13651"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and IPTables</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"
title="2.8.5. FORWARD and NAT Rules"/><link rel="prev"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"
title="2.8.5.2. Prerouting"/><link rel="next"
href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"
title="2.8.6. Malicious Software and Spoofed IP
Addresses"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/imag
e_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables">2.8.5.3. DMZs
and IPTables</h4></div></div></div><a id="d0e13629"
class="indexterm"/><a id="d0e13635"
class="indexterm"/><a id="d0e13640"
class="indexterm"/><a id="d0e13643"
class="indexterm"/><a id="d0e13651"
class="indexterm"/><div class="para">
You can create <code class="command">iptables</code> rules to
route traffic to certain machines, such as a dedicated HTTP or FTP server, in a <em
class="firstterm">demilitarized zone</em> (<acronym
class="acronym">DMZ</acronym>). A <acronym
class="acronym">DMZ</acronym> is a special local subnetwork dedicated
to providing services on a public carrier, such as the Internet.
</div><div class="para">
For example, to set a rule for routing incoming HTTP requests to a dedicated HTTP
server at 10.0.4.2 (outside of the 192.168.1.0/24 range of the LAN), NAT uses the <code
class="computeroutput">PREROUTING</code> table to forward the packets
to the appropriate destination:
Index: sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"
title="2.8.5. FORWARD and NAT Rules"/><link rel="prev"
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"
title="2.8.5. FORWARD and NAT Rules"/><link rel="next"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"
title="2.8.5.3. DMZs and IPTables"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting">2.8.5.2. Prerouting</h4></div></div></div><a
id="d0e13595" class="indexterm"/><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"
title="2.8.5. FORWARD and NAT Rules"/><link rel="prev"
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"
title="2.8.5. FORWARD and NAT Rules"/><link rel="next"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"
title="2.8.5.3. DMZs and IPTables"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting">2.8.5.2. Prerouting</h4></div></div></div><a
id="d0e13595" class="indexterm"/><div
class="para">
If you have a server on your internal network that you want make available
externally, you can use the <code class="option">-j DNAT</code>
target of the PREROUTING chain in NAT to specify a destination IP address and port where
incoming packets requesting a connection to your internal service can be forwarded.
</div><div class="para">
For example, if you want to forward incoming HTTP requests to your dedicated Apache
HTTP Server at 172.31.0.23, use the following command:
Index: sect-Security_Guide-Firewalls-Additional_Resources.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Additional_Resources.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Firewalls-Additional_Resources.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Firewalls-Additional_Resources.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Resources</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Firewalls-IPv6.html"
title="2.8.8. IPv6"/><link rel="next"
href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"
title="2.8.9.2. Useful Firewall Websites"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"
<a accesskey="p"
href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-Additional_Resources">2.8.9. Additional
Resources</h3></div></div></div><a id="d0e13868"
class="indexterm"/><a id="d0e13873"
class="indexterm"/><a id="d0e13878"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Resources</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Firewalls-IPv6.html"
title="2.8.8. IPv6"/><link rel="next"
href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"
title="2.8.9.2. Useful Firewall Websites"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"
<a accesskey="p"
href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-Additional_Resources">2.8.9. Additional
Resources</h3></div></div></div><a id="d0e13868"
class="indexterm"/><a id="d0e13873"
class="indexterm"/><a id="d0e13878"
class="indexterm"/><div class="para">
There are
several aspects to firewalls and the Linux Netfilter subsystem that could not be covered
in this chapter. For more information, refer to the following resources.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">2.8.9.1. Installed
Firewall Documentation</h4></div></div></div><div
class="itemizedlist"><ul><li><div class="para">
Refer to <a class="xref"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables">Section 2.9, “IPTables”</a> for more detailed
information on the <code class="command">iptables</code> command,
including definitions for many command options.
Index: sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Firewall Configuration</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="next"
href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"
title="2.8.2.2. Enabling and Disabling the
Firewall"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Firewalls.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">2.8.2. Basic
Firewall Configuration</h3></div></div></div><a
id="d0e12871" class="indexterm"/><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Firewall Configuration</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="next"
href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"
title="2.8.2.2. Enabling and Disabling the
Firewall"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Firewalls.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">2.8.2. Basic
Firewall Configuration</h3></div></div></div><a
id="d0e12871" class="indexterm"/><div
class="para">
Just as a firewall in a building attempts to prevent a fire from spreading, a computer
firewall attempts to prevent malicious software from spreading to your computer. It also
helps to prevent unauthorized users from accessing your computer.
</div><div class="para">
In a default Fedora installation, a firewall exists between your computer or network
and any untrusted networks, for example the Internet. It determines which services on your
computer remote users can access. A properly configured firewall can greatly increase the
security of your system. It is recommended that you configure a firewall for any Fedora
system with an Internet connection.
Index: sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
IPTables Filtering</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"
title="2.8.3.3. Saving and Restoring IPTables Rules"/><link
rel="next"
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"
title="2.8.5. FORWARD and NAT Rules"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering">2.8.4. Common
IPTables Filtering</h3></div></div></div><a
id="d0e13368" class="indexterm"/><a id="d0e13376"
class="indexterm"/><a id="d0e13384"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
IPTables Filtering</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"
title="2.8.3.3. Saving and Restoring IPTables Rules"/><link
rel="next"
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"
title="2.8.5. FORWARD and NAT Rules"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering">2.8.4. Common
IPTables Filtering</h3></div></div></div><a
id="d0e13368" class="indexterm"/><a id="d0e13376"
class="indexterm"/><a id="d0e13384"
class="indexterm"/><div class="para">
Preventing remote attackers from accessing a LAN is one of the most important aspects
of network security. The integrity of a LAN should be protected from malicious remote
users through the use of stringent firewall rules.
</div><div class="para">
However, with a default policy set to block all incoming, outgoing, and forwarded
packets, it is impossible for the firewall/gateway and internal LAN users to communicate
with each other or with external resources.
Index: sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and NAT Rules</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"
title="2.8.4. Common IPTables Filtering"/><link rel="next"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"
title="2.8.5.2. Prerouting"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">2.8.5. <code
class="computeroutput">FORWARD</code> and <acronym
class="acronym">NAT</acronym>
Rules</h3></div></div></div><a id="d0e13460"
class="indexterm"/><a id="d0e13465"
class="indexterm"/><a id="d0e13468"
class="indexterm"/><a id="d0e13475"
class="indexterm"/><a id="d0e13483"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and NAT Rules</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"
title="2.8.4. Common IPTables Filtering"/><link rel="next"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"
title="2.8.5.2. Prerouting"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">2.8.5. <code
class="computeroutput">FORWARD</code> and <acronym
class="acronym">NAT</acronym>
Rules</h3></div></div></div><a id="d0e13460"
class="indexterm"/><a id="d0e13465"
class="indexterm"/><a id="d0e13468"
class="indexterm"/><a id="d0e13475"
class="indexterm"/><a id="d0e13483"
class="indexterm"/><div class="para">
Most ISPs provide only a limited number of publicly routable IP addresses to the
organizations they serve.
</div><div class="para">
Administrators must, therefore, find alternative ways to share access to Internet
services without giving public IP addresses to every node on the LAN. Using private IP
addresses is the most common way of allowing all nodes on a LAN to properly access
internal and external network services.
Index: sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Connection Tracking</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"
title="2.8.6. Malicious Software and Spoofed IP Addresses"/><link
rel="next" href="sect-Security_Guide-Firewalls-IPv6.html"
title="2.8.8. IPv6"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><u
l class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">2.8.7. IPTables
and Connection Tracking</h3></div></div></div><a
id="d0e13752" class="indexterm"/><a id="d0e13757"
class="indexterm"/><a id="d0e13762"
class="indexterm"/><a id="d0e13768"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Connection Tracking</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"
title="2.8.6. Malicious Software and Spoofed IP Addresses"/><link
rel="next" href="sect-Security_Guide-Firewalls-IPv6.html"
title="2.8.8. IPv6"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><u
l class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">2.8.7. IPTables
and Connection Tracking</h3></div></div></div><a
id="d0e13752" class="indexterm"/><a id="d0e13757"
class="indexterm"/><a id="d0e13762"
class="indexterm"/><a id="d0e13768"
class="indexterm"/><div class="para">
You can inspect and restrict connections to services based on their <em
class="firstterm">connection state.</em> A module within <code
class="command">iptables</code> uses a method called <em
class="firstterm">connection tracking</em> to store information about
incoming connections. You can allow or deny access based on the following connection
states:
</div><a id="d0e13785" class="indexterm"/><a
id="d0e13793" class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
<code class="option">NEW</code> — A packet requesting a new
connection, such as an HTTP request.
Index: sect-Security_Guide-Firewalls-IPv6.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-IPv6.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Firewalls-IPv6.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Firewalls-IPv6.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"
title="2.8.7. IPTables and Connection Tracking"/><link
rel="next"
href="sect-Security_Guide-Firewalls-Additional_Resources.html"
title="2.8.9. Additional Resources"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><
li class="previous"><a accesskey="p"
href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-IPv6">2.8.8. IPv6</h3></div></div></div><a
id="d0e13836" class="indexterm"/><a id="d0e13840"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"
title="2.8.7. IPTables and Connection Tracking"/><link
rel="next"
href="sect-Security_Guide-Firewalls-Additional_Resources.html"
title="2.8.9. Additional Resources"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><
li class="previous"><a accesskey="p"
href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-IPv6">2.8.8. IPv6</h3></div></div></div><a
id="d0e13836" class="indexterm"/><a id="d0e13840"
class="indexterm"/><div class="para">
The introduction of the next-generation Internet Protocol, called IPv6, expands beyond
the 32-bit address limit of IPv4 (or IP). IPv6 supports 128-bit addresses, and carrier
networks that are IPv6 aware are therefore able to address a larger number of routable
addresses than IPv4.
</div><div class="para">
Fedora supports IPv6 firewall rules using the Netfilter 6 subsystem and the <code
class="command">ip6tables</code> command. In Fedora 5, both IPv4 and
IPv6 services are enabled by default.
Index: sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html 22 Dec
2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html 24 Dec
2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Software and Spoofed IP Addresses</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"
title="2.8.5.3. DMZs and IPTables"/><link rel="next"
href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"
title="2.8.7. IPTables and Connection
Tracking"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">2.8.6. Malicious
Software and Spoofed IP Addresses</h3></div></div></div><a
id="d0e13687" class="indexterm"/><a id="d0e13692"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Software and Spoofed IP Addresses</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"
title="2.8.5.3. DMZs and IPTables"/><link rel="next"
href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"
title="2.8.7. IPTables and Connection
Tracking"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">2.8.6. Malicious
Software and Spoofed IP Addresses</h3></div></div></div><a
id="d0e13687" class="indexterm"/><a id="d0e13692"
class="indexterm"/><div class="para">
More elaborate rules can be created that control access to specific subnets, or even
specific nodes, within a LAN. You can also restrict certain dubious applications or
programs such as trojans, worms, and other client/server viruses from contacting their
server.
</div><div class="para">
For example, some trojans scan networks for services on ports from 31337 to 31340
(called the <span class="emphasis"><em>elite</em></span>
ports in cracking terminology).
Index: sect-Security_Guide-Firewalls-Using_IPTables.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Using_IPTables.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Firewalls-Using_IPTables.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Firewalls-Using_IPTables.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
IPTables</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"
title="2.8.2.6. Activating the IPTables Service"/><link
rel="next"
href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"
title="2.8.3.2. Basic Firewall Policies"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documen
tation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-Using_IPTables">2.8.3. Using
IPTables</h3></div></div></div><a id="d0e13191"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
IPTables</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/><link rel="prev"
href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"
title="2.8.2.6. Activating the IPTables Service"/><link
rel="next"
href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"
title="2.8.3.2. Basic Firewall Policies"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documen
tation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Firewalls-Using_IPTables">2.8.3. Using
IPTables</h3></div></div></div><a id="d0e13191"
class="indexterm"/><div class="para">
The first step in using <code class="command">iptables</code> is
to start the <code class="command">iptables</code> service. Use the
following command to start the <code class="command">iptables</code>
service:
</div><pre class="screen">[root@myServer ~] # service iptables
start
</pre><div class="note"><h2>Note</h2><div
class="para">
Index: sect-Security_Guide-Firewalls.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Firewalls.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Firewalls.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"
title="2.7.8. Starting and Stopping an IPsec Connection"/><link
rel="next"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Firewalls">2.8. Firewalls</h2></div></div></div><a
id="d0e12677" class="indexterm"/><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"
title="2.7.8. Starting and Stopping an IPsec Connection"/><link
rel="next"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Firewalls">2.8. Firewalls</h2></div></div></div><a
id="d0e12677" class="indexterm"/><div
class="para">
Information security is commonly thought of as a process and not a product. However,
standard security implementations usually employ some form of dedicated mechanism to
control access privileges and restrict network resources to users who are authorized,
identifiable, and traceable. Fedora includes several tools to assist administrators and
security engineers with network-level access control issues.
</div><div class="para">
Firewalls are one of the core components of a network security implementation. Several
vendors market firewall solutions catering to all levels of the marketplace: from home
users protecting one PC to data center solutions safeguarding vital enterprise
information. Firewalls can be stand-alone hardware solutions, such as firewall appliances
by Cisco, Nokia, and Sonicwall. Vendors such as Checkpoint, McAfee, and Symantec have also
developed proprietary software firewall solutions for home and business markets.
Index:
sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... IASE
Documents</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"
title="Chapter 4. General Principles of Information Security"/><link
rel="prev"
href="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html"
title="4.3. NSA Documents"/><link rel="next"
href="chap-Security_Guide-Secure_Installation.html"
title="Chapter 5. Secure Installation"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images
/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="chap-Security_Guide-Secure_Installation.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents">4.4. DISA
IASE Documents</h2></div></div></div><div
class="itemizedlist"><ul><li><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... IASE
Documents</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"
title="Chapter 4. General Principles of Information Security"/><link
rel="prev"
href="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html"
title="4.3. NSA Documents"/><link rel="next"
href="chap-Security_Guide-Secure_Installation.html"
title="Chapter 5. Secure Installation"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images
/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="chap-Security_Guide-Secure_Installation.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents">4.4. DISA
IASE Documents</h2></div></div></div><div
class="itemizedlist"><ul><li><div class="para">
<a
href="iase.disa.mil/stigs/stig/index.html">Security Technical
Implementation Guides</a> (STIG) Scroll down to the Unix STIG
</div></li><li><div class="para">
<a
href="iase.disa.mil/stigs/checklist/index.html">Security
Checklists</a> Scroll down to the Unix Security Checklists
Index: sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html 22
Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Documents</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"
title="Chapter 4. General Principles of Information Security"/><link
rel="prev"
href="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html"
title="4.2. Tips, Guides, and Tools"/><link rel="next"
href="sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html"
title="4.4. DISA IASE Documents"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fe
doraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents">4.3. NSA
Documents</h2></div></div></div><div
class="itemizedlist"><ul><li><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Documents</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"
title="Chapter 4. General Principles of Information Security"/><link
rel="prev"
href="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html"
title="4.2. Tips, Guides, and Tools"/><link rel="next"
href="sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html"
title="4.4. DISA IASE Documents"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fe
doraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-General_Principles_of_Information_Security-DISA_IASE_Documents.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents">4.3. NSA
Documents</h2></div></div></div><div
class="itemizedlist"><ul><li><div class="para">
<a
href="www.nsa.gov/notices/notic00004.cfm?Address=/snac/os/redhat/rhe...
Tips for the Red Hat Enterprise Linux 5 (PDF)</a>
</div></li><li><div class="para">
<a
href="www.nsa.gov/notices/notic00004.cfm?Address=/snac/os/redhat/rhe...
to the Secure Configuration of Red Hat Enterprise Linux 5 (PDF)</a>
Index:
sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...,
Guides, and Tools</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"
title="Chapter 4. General Principles of Information Security"/><link
rel="prev"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"
title="Chapter 4. General Principles of Information Security"/><link
rel="next"
href="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html"
title="4.3. NSA Documents"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.
fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">4.2. Tips,
Guides, and Tools</h2></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...,
Guides, and Tools</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"
title="Chapter 4. General Principles of Information Security"/><link
rel="prev"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"
title="Chapter 4. General Principles of Information Security"/><link
rel="next"
href="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html"
title="4.3. NSA Documents"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.
fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">4.2. Tips,
Guides, and Tools</h2></div></div></div><div
class="para">
Most of the above tips are very basic. Depending on your knowledge of Linux and how
comfortable you are with modifying your system, some changes could be made to help make
your installation more secure. As mentioned above, the NSA has hardening guides and tips
for securing Red Hat Enterprise Linux 5. Likewise, the <a
href="http://www.disa.mil/">Defense Information Systems Agency</a>
(DISA) has an <a href="iase.disa.mil">Information Assurance Support
Environment</a> in which they publish checklists and tests for verifying the
security of your system. The documents from the NSA are a good read for anyone familiar
with Linux while the information from DISA is extremely specific and advanced knowledge of
Unix/Linux would be a great benefit. Links to these documents are listed below. We will
try to pull some of the larger items out of these documents and explain how to implement
them in Fedora and why they are important. In addition to documentation, DISA has made
available SR
R scripts that allow an administrator to check specific settings on a system quickly. The
SRR scripts will provide an XML-formatted report listing any known vulnerable settings
that you have on your system.
</div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Prev</strong>Chapter 4. General
Principles of Information Secu...</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-General_Principles_of_Information_Security-NSA_Documents.html"><strong>Next</strong>4.3. NSA
Documents</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-IPTables-Additional_Resources.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-Additional_Resources.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-IPTables-Additional_Resources.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-IPTables-Additional_Resources.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Resources</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"
title="2.9.6. IPTables and IPv6"/><link rel="next"
href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"
title="2.9.7.2. Useful IP Tables Websites"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-IPTables-Additional_Resources">2.9.7. Additional
Resources</h3></div></div></div><a id="d0e16237"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Resources</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"
title="2.9.6. IPTables and IPv6"/><link rel="next"
href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"
title="2.9.7.2. Useful IP Tables Websites"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-IPTables-Additional_Resources">2.9.7. Additional
Resources</h3></div></div></div><a id="d0e16237"
class="indexterm"/><div class="para">
Refer to the following sources for additional information on packet filtering with
<code class="command">iptables</code>.
</div><div class="itemizedlist"><ul><li><div
class="para">
<a class="xref" href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls">Section 2.8, “Firewalls”</a> — Contains a
chapter about the role of firewalls within an overall security strategy as well as
strategies for constructing firewall rules.
Index: sect-Security_Guide-IPTables-Command_Options_for_IPTables.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-Command_Options_for_IPTables.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-IPTables-Command_Options_for_IPTables.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-IPTables-Command_Options_for_IPTables.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Options for IPTables</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"
title="2.9.2. Differences Between IPTables and IPChains"/><link
rel="next"
href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"
title="2.9.3.2. Command Options"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt=
"Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-IPTables-Command_Options_for_IPTables">2.9.3. Command
Options for IPTables</h3></div></div></div><a
id="d0e14355" class="indexterm"/><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Options for IPTables</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"
title="2.9.2. Differences Between IPTables and IPChains"/><link
rel="next"
href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"
title="2.9.3.2. Command Options"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt=
"Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-IPTables-Command_Options_for_IPTables">2.9.3. Command
Options for IPTables</h3></div></div></div><a
id="d0e14355" class="indexterm"/><div
class="para">
Rules for filtering packets are created using the <code
class="command">iptables</code> command. The following aspects of the
packet are most often used as criteria:
</div><div class="itemizedlist"><ul><li><div
class="para">
<span class="emphasis"><em>Packet Type</em></span>
— Specifies the type of packets the command filters.
Index: sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html 22 Dec
2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html 24 Dec
2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Between IPTables and IPChains</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="next"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li class="
previous"><a accesskey="p"
href="sect-Security_Guide-IPTables.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains">2.9.2. Differences
Between IPTables and IPChains</h3></div></div></div><a
id="d0e14256" class="indexterm"/><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Between IPTables and IPChains</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="next"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"
title="2.9.3. Command Options for IPTables"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li class="
previous"><a accesskey="p"
href="sect-Security_Guide-IPTables.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains">2.9.2. Differences
Between IPTables and IPChains</h3></div></div></div><a
id="d0e14256" class="indexterm"/><div
class="para">
Both <code class="command">ipchains</code> and <code
class="command">iptables</code> use chains of rules that operate within
the Linux kernel to filter packets based on matches with specified rules or rule sets.
However, <code class="command">iptables</code> offers a more
extensible way of filtering packets, giving the administrator greater control without
building undue complexity into the system.
</div><div class="para">
You should be aware of the following significant differences between <code
class="command">ipchains</code> and <code
class="command">iptables</code>:
Index: sect-Security_Guide-IPTables-IPTables_Control_Scripts.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-IPTables_Control_Scripts.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-IPTables-IPTables_Control_Scripts.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-IPTables-IPTables_Control_Scripts.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Control Scripts</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"
title="2.9.4. Saving IPTables Rules"/><link rel="next"
href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"
title="2.9.6. IPTables and IPv6"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="pr
evious"><a accesskey="p"
href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-IPTables-IPTables_Control_Scripts">2.9.5. IPTables
Control Scripts</h3></div></div></div><a
id="d0e15749" class="indexterm"/><a id="d0e15757"
class="indexterm"/><a id="d0e15765"
class="indexterm"/><a id="d0e15773"
class="indexterm"/><a id="d0e15781"
class="indexterm"/><a id="d0e15789"
class="indexterm"/><a id="d0e15797"
class="indexterm"/><a id="d0e15805"
class="indexterm"/><a id="d0e15813"
class="indexterm"/><a id="d0e15821"
class="indexterm"/><a id="d0e15829"
class="indexterm"/><a id="d0e15837"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Control Scripts</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"
title="2.9.4. Saving IPTables Rules"/><link rel="next"
href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"
title="2.9.6. IPTables and IPv6"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="pr
evious"><a accesskey="p"
href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-IPTables-IPTables_Control_Scripts">2.9.5. IPTables
Control Scripts</h3></div></div></div><a
id="d0e15749" class="indexterm"/><a id="d0e15757"
class="indexterm"/><a id="d0e15765"
class="indexterm"/><a id="d0e15773"
class="indexterm"/><a id="d0e15781"
class="indexterm"/><a id="d0e15789"
class="indexterm"/><a id="d0e15797"
class="indexterm"/><a id="d0e15805"
class="indexterm"/><a id="d0e15813"
class="indexterm"/><a id="d0e15821"
class="indexterm"/><a id="d0e15829"
class="indexterm"/><a id="d0e15837"
class="indexterm"/><div class="para">
There are two basic methods for controlling <code
class="command">iptables</code> in Fedora:
</div><div class="itemizedlist"><ul><li><div
class="para">
<span class="application"><strong>Security Level Configuration
Tool</strong></span> (<code
class="command">system-config-securitylevel</code>) — A graphical
interface for creating, activating, and saving basic firewall rules. Refer to <a
class="xref"
href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"
title="2.8.2. Basic Firewall Configuration">Section 2.8.2, “Basic Firewall
Configuration”</a> for more information.
@@ -34,9 +34,9 @@
This option could be useful if a server is known to be compromised. Rather than
physically disconnecting from the network or shutting down the system, you can use this
option to stop all further network traffic but leave the machine in a state ready for
analysis or other forensics.
</div></li><li><div class="para">
<code class="command">save</code> — Saves firewall rules to
<code class="filename">/etc/sysconfig/iptables</code> using <code
class="command">iptables-save</code>. Refer to <a
class="xref"
href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"
title="2.9.4. Saving IPTables Rules">Section 2.9.4, “Saving IPTables
Rules”</a> for more information.
- </div></li></ul></div></li></ul></div><div
class="tip"><h2>Tip</h2><div class="para">
- To use the same initscript commands to control netfilter for IPv6, substitute <code
class="command">ip6tables</code> for <code
class="command">iptables</code> in the <code
class="command">/sbin/service</code> commands listed in this section.
For more information about IPv6 and netfilter, refer to <a class="xref"
href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"
title="2.9.6. IPTables and IPv6">Section 2.9.6, “IPTables and
IPv6”</a>.
- </div></div><div class="section"
lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">2.9.5.1. IPTables
Control Scripts Configuration File</h4></div></div></div><a
id="d0e16033" class="indexterm"/><div
class="para">
+ </div></li></ul></div></li></ul></div><div
class="note"><h2>Note</h2><div class="para">
+ To use the same initscript commands to control netfilter for IPv6, substitute
<code class="command">ip6tables</code> for <code
class="command">iptables</code> in the <code
class="command">/sbin/service</code> commands listed in this section.
For more information about IPv6 and netfilter, refer to <a class="xref"
href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"
title="2.9.6. IPTables and IPv6">Section 2.9.6, “IPTables and
IPv6”</a>.
+ </div></div><div class="section"
lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">2.9.5.1. IPTables
Control Scripts Configuration File</h4></div></div></div><a
id="d0e16033" class="indexterm"/><div
class="para">
The behavior of the <code class="command">iptables</code>
initscripts is controlled by the <code
class="filename">/etc/sysconfig/iptables-config</code> configuration
file. The following is a list of directives contained in this file:
</div><div class="itemizedlist"><ul><li><div
class="para">
<code class="command">IPTABLES_MODULES</code> — Specifies a
space-separated list of additional <code
class="command">iptables</code> modules to load when a firewall is
activated. These can include connection tracking and NAT helpers.
Index: sect-Security_Guide-IPTables-IPTables_and_IPv6.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-IPTables_and_IPv6.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-IPTables-IPTables_and_IPv6.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-IPTables-IPTables_and_IPv6.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and IPv6</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"
title="2.9.5. IPTables Control Scripts"/><link rel="next"
href="sect-Security_Guide-IPTables-Additional_Resources.html"
title="2.9.7. Additional Resources"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li clas
s="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-IPTables-IPTables_and_IPv6">2.9.6. IPTables and
IPv6</h3></div></div></div><a id="d0e16173"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and IPv6</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="prev"
href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"
title="2.9.5. IPTables Control Scripts"/><link rel="next"
href="sect-Security_Guide-IPTables-Additional_Resources.html"
title="2.9.7. Additional Resources"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li clas
s="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-IPTables-IPTables_and_IPv6">2.9.6. IPTables and
IPv6</h3></div></div></div><a id="d0e16173"
class="indexterm"/><div class="para">
If the <code class="filename">iptables-ipv6</code> package is
installed, netfilter in Fedora can filter the next-generation IPv6 Internet protocol. The
command used to manipulate the IPv6 netfilter is <code
class="command">ip6tables</code>.
</div><div class="para">
Most directives for this command are identical to those used for <code
class="command">iptables</code>, except the <code
class="command">nat</code> table is not yet supported. This means that
it is not yet possible to perform IPv6 network address translation tasks, such as
masquerading and port forwarding.
Index: sect-Security_Guide-IPTables-Saving_IPTables_Rules.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-IPTables-Saving_IPTables_Rules.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-IPTables-Saving_IPTables_Rules.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
IPTables Rules</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="prev"
href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"
title="2.9.3.6. Listing Options"/><link rel="next"
href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"
title="2.9.5. IPTables Control Scripts"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="
docnav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-IPTables-Saving_IPTables_Rules">2.9.4. Saving
IPTables Rules</h3></div></div></div><a id="d0e15584"
class="indexterm"/><a id="d0e15590"
class="indexterm"/><a id="d0e15598"
class="indexterm"/><a id="d0e15605"
class="indexterm"/><a id="d0e15612"
class="indexterm"/><a id="d0e15620"
class="indexterm"/><a id="d0e15629"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
IPTables Rules</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-IPTables.html"
title="2.9. IPTables"/><link rel="prev"
href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"
title="2.9.3.6. Listing Options"/><link rel="next"
href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"
title="2.9.5. IPTables Control Scripts"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="
docnav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-IPTables-Saving_IPTables_Rules">2.9.4. Saving
IPTables Rules</h3></div></div></div><a id="d0e15584"
class="indexterm"/><a id="d0e15590"
class="indexterm"/><a id="d0e15598"
class="indexterm"/><a id="d0e15605"
class="indexterm"/><a id="d0e15612"
class="indexterm"/><a id="d0e15620"
class="indexterm"/><a id="d0e15629"
class="indexterm"/><div class="para">
Rules created with the <code class="command">iptables</code>
command are stored in memory. If the system is restarted before saving the <code
class="command">iptables</code> rule set, all rules are lost. For
netfilter rules to persist through a system reboot, they need to be saved. To save
netfilter rules, type the following command as root:
</div><pre class="screen"><code class="command">
/sbin/service iptables save </code>
</pre><div class="para">
Index: sect-Security_Guide-IPTables.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-IPTables.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-IPTables.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"
title="2.8.9.3. Related Documentation"/><link rel="next"
href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"
title="2.9.2. Differences Between IPTables and
IPChains"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-IPTables">2.9. IPTables</h2></div></div></div><a
id="d0e13957" class="indexterm"/><a id="d0e13963"
class="indexterm"/><a id="d0e13969"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"
title="2.8.9.3. Related Documentation"/><link rel="next"
href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"
title="2.9.2. Differences Between IPTables and
IPChains"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-IPTables">2.9. IPTables</h2></div></div></div><a
id="d0e13957" class="indexterm"/><a id="d0e13963"
class="indexterm"/><a id="d0e13969"
class="indexterm"/><div class="para">
Included with Fedora are advanced tools for network <em
class="firstterm">packet filtering</em> — the process of controlling
network packets as they enter, move through, and exit the network stack within the kernel.
Kernel versions prior to 2.4 relied on <code
class="command">ipchains</code> for packet filtering and used lists of
rules applied to packets at each step of the filtering process. The 2.4 kernel introduced
<code class="command">iptables</code> (also called <em
class="firstterm">netfilter</em>), which is similar to <code
class="command">ipchains</code> but greatly expands the scope and
control available for filtering network packets.
</div><div class="para">
This chapter focuses on packet filtering basics, defines the differences between
<code class="command">ipchains</code> and <code
class="command">iptables</code>, explains various options available
with <code class="command">iptables</code> commands, and explains
how filtering rules can be preserved between system reboots.
</div><div class="para">
Refer to <a class="xref"
href="sect-Security_Guide-IPTables-Additional_Resources.html"
title="2.9.7. Additional Resources">Section 2.9.7, “Additional
Resources”</a> for instructions on how to construct <code
class="command">iptables</code> rules and setting up a firewall based
on these rules.
- </div><div class="warning"><h2>Warning</h2><div
class="para">
+ </div><div class="important"><h2>Important</h2><div
class="para">
The default firewall mechanism in the 2.4 and later kernels is <code
class="command">iptables</code>, but <code
class="command">iptables</code> cannot be used if <code
class="command">ipchains</code> is already running. If <code
class="command">ipchains</code> is present at boot time, the kernel
issues an error and fails to start <code
class="command">iptables</code>.
</div><div class="para">
The functionality of <code class="command">ipchains</code> is
not affected by these errors.
Index: sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html 22 Dec
2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html 24 Dec
2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Match Option Modules</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"
title="2.9.3.4. IPTables Match Options"/><link rel="prev"
href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"
title="2.9.3.4.3. ICMP Protocol"/><link rel="next"
href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"
title="2.9.3.5. Target Options"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">2.9.3.4.4. Additional
Match Option Modules</h5></div></div></div><a
id="d0e15192" class="indexterm"/><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Match Option Modules</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"
title="2.9.3.4. IPTables Match Options"/><link rel="prev"
href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"
title="2.9.3.4.3. ICMP Protocol"/><link rel="next"
href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"
title="2.9.3.5. Target Options"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">2.9.3.4.4. Additional
Match Option Modules</h5></div></div></div><a
id="d0e15192" class="indexterm"/><div
class="para">
Additional match options are available through modules loaded by the <code
class="command">iptables</code> command.
</div><div class="para">
To use a match option module, load the module by name using the <code
class="option">-m <em
class="replaceable"><code><module-name></code></em></code>,
where <em
class="replaceable"><code><module-name></code></em>
is the name of the module.
Index: sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Protocol</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"
title="2.9.3.4. IPTables Match Options"/><link rel="prev"
href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"
title="2.9.3.4.2. UDP Protocol"/><link rel="next"
href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"
title="2.9.3.4.4. Additional Match Option
Modules"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol">2.9.3.4.3. ICMP
Protocol</h5></div></div></div><a id="d0e15166"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Protocol</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"
title="2.9.3.4. IPTables Match Options"/><link rel="prev"
href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"
title="2.9.3.4.2. UDP Protocol"/><link rel="next"
href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"
title="2.9.3.4.4. Additional Match Option
Modules"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol">2.9.3.4.3. ICMP
Protocol</h5></div></div></div><a id="d0e15166"
class="indexterm"/><div class="para">
The following match options are available for the Internet Control Message Protocol
(ICMP) (<code class="option">-p icmp</code>):
</div><div class="itemizedlist"><ul><li><div
class="para">
<code class="option">--icmp-type</code> — Sets the name or
number of the ICMP type to match with the rule. A list of valid ICMP names can be
retrieved by typing the <code class="command">iptables -p icmp
-h</code> command.
Index: sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Protocol</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"
title="2.9.3.4. IPTables Match Options"/><link rel="prev"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"
title="2.9.3.4. IPTables Match Options"/><link rel="next"
href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"
title="2.9.3.4.3. ICMP Protocol"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/ima
ges/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol">2.9.3.4.2. UDP
Protocol</h5></div></div></div><a id="d0e15114"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Protocol</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"
title="2.9.3.4. IPTables Match Options"/><link rel="prev"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"
title="2.9.3.4. IPTables Match Options"/><link rel="next"
href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"
title="2.9.3.4.3. ICMP Protocol"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/ima
ges/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol">2.9.3.4.2. UDP
Protocol</h5></div></div></div><a id="d0e15114"
class="indexterm"/><div class="para">
These match options are available for the UDP protocol (<code
class="option">-p udp</code>):
</div><div class="itemizedlist"><ul><li><div
class="para">
<code class="option">--dport</code> — Specifies the
destination port of the UDP packet, using the service name, port number, or range of port
numbers. The <code class="option">--destination-port</code> match
option is synonymous with <code class="option">--dport</code>.
Index:
sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
IPsec Host-to-Host Configuration</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"
title="2.7.6. IPsec Host-to-Host Configuration"/><link
rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"
title="2.7.6. IPsec Host-to-Host Configuration"/><link
rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"
title="2.7.7. IPsec Network-to-Network
Configuration"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_
left.png" alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration">2.7.6.2. Manual
<abbr class="abbrev">IPsec</abbr> Host-to-Host
Configuration</h4></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
IPsec Host-to-Host Configuration</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"
title="2.7.6. IPsec Host-to-Host Configuration"/><link
rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"
title="2.7.6. IPsec Host-to-Host Configuration"/><link
rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"
title="2.7.7. IPsec Network-to-Network
Configuration"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_
left.png" alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration">2.7.6.2. Manual
<abbr class="abbrev">IPsec</abbr> Host-to-Host
Configuration</h4></div></div></div><div
class="para">
The first step in creating a connection is to gather system and network information
from each workstation. For a host-to-host connection, you need the following:
</div><div class="itemizedlist"><ul><li><div
class="para">
The IP address of each host
Index:
sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
IPsec Network-to-Network Configuration</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"
title="2.7.7. IPsec Network-to-Network Configuration"/><link
rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"
title="2.7.7. IPsec Network-to-Network Configuration"/><link
rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"
title="2.7.8. Starting and Stopping an IPsec
Connection"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><i
mg src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration">2.7.7.2. Manual
<abbr class="abbrev">IPsec</abbr> Network-to-Network
Configuration</h4></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
IPsec Network-to-Network Configuration</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"
title="2.7.7. IPsec Network-to-Network Configuration"/><link
rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"
title="2.7.7. IPsec Network-to-Network Configuration"/><link
rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"
title="2.7.8. Starting and Stopping an IPsec
Connection"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><i
mg src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration">2.7.7.2. Manual
<abbr class="abbrev">IPsec</abbr> Network-to-Network
Configuration</h4></div></div></div><div
class="para">
Suppose <acronym class="acronym">LAN</acronym> A
(
lana.example.com) and <acronym class="acronym">LAN</acronym> B
(
lanb.example.com) want to connect to each other through an <abbr
class="abbrev">IPsec</abbr> tunnel. The network address for <acronym
class="acronym">LAN</acronym> A is in the 192.168.1.0/24 range, while
<acronym class="acronym">LAN</acronym> B uses the 192.168.2.0/24
range. The gateway IP address is 192.168.1.254 for <acronym
class="acronym">LAN</acronym> A and 192.168.2.254 for <acronym
class="acronym">LAN</acronym> B. The <abbr
class="abbrev">IPsec</abbr> routers are separate from each <acronym
class="acronym">LAN</acronym> gateway and use two network devices: eth0
is assigned to an externally-accessible static IP address which accesses the Internet,
while eth1 acts as a routing point to process and transmit <acronym
class="acronym">LAN</acronym> packets from one network node to the
remote network nodes.
</div><div class="para">
The <abbr class="abbrev">IPsec</abbr> connection between each
network uses a pre-shared key with the value of <code
class="computeroutput">r3dh4tl1nux</code>, and the administrators of A
and B agree to let <code class="command">racoon</code> automatically
generate and share an authentication key between each <abbr
class="abbrev">IPsec</abbr> router. The administrator of <acronym
class="acronym">LAN</acronym> A decides to name the <abbr
class="abbrev">IPsec</abbr> connection <code
class="computeroutput">ipsec0</code>, while the administrator of
<acronym class="acronym">LAN</acronym> B names the <abbr
class="abbrev">IPsec</abbr> connection <code
class="computeroutput">ipsec1</code>.
Index: sect-Security_Guide-Kerberos-Additional_Resources.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Additional_Resources.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Kerberos-Additional_Resources.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Kerberos-Additional_Resources.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Resources</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"
title="2.6.9. Setting Up Cross Realm Authentication"/><link
rel="next"
href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"
title="2.6.10.2. Useful Kerberos Websites"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Doc
umentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Additional_Resources">2.6.10. Additional
Resources</h3></div></div></div><a id="d0e10726"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Resources</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"
title="2.6.9. Setting Up Cross Realm Authentication"/><link
rel="next"
href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"
title="2.6.10.2. Useful Kerberos Websites"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Doc
umentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Additional_Resources">2.6.10. Additional
Resources</h3></div></div></div><a id="d0e10726"
class="indexterm"/><div class="para">
For more information about Kerberos, refer to the following resources.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation">2.6.10.1. Installed
Kerberos Documentation</h4></div></div></div><a
id="d0e10736" class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
The <em class="citetitle">Kerberos V5 Installation Guide</em>
and the <em class="citetitle">Kerberos V5 System Administrator's
Guide</em> in PostScript and HTML formats. These can be found in the <code
class="filename">/usr/share/doc/krb5-server-<em
class="replaceable"><code><version-number></code></em>/</code>
directory (where <em
class="replaceable"><code><version-number></code></em>
is the version number of the <code
class="command">krb5-server</code> package installed on your system).
Index: sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
a Kerberos 5 Client</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"
title="2.6.5. Configuring a Kerberos 5 Server"/><link rel="next"
href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"
title="2.6.7. Domain-to-Realm Mapping"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/><
/a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">2.6.6. Configuring
a Kerberos 5 Client</h3></div></div></div><a
id="d0e9792" class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
a Kerberos 5 Client</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"
title="2.6.5. Configuring a Kerberos 5 Server"/><link rel="next"
href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"
title="2.6.7. Domain-to-Realm Mapping"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/><
/a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">2.6.6. Configuring
a Kerberos 5 Client</h3></div></div></div><a
id="d0e9792" class="indexterm"/><div class="para">
Setting up a Kerberos 5 client is less involved than setting up a server. At a
minimum, install the client packages and provide each client with a valid <code
class="filename">krb5.conf</code> configuration file. While <code
class="command">ssh</code> and <code
class="command">slogin</code> are the preferred method of remotely
logging in to client systems, Kerberized versions of <code
class="command">rsh</code> and <code
class="command">rlogin</code> are still available, though deploying
them requires that a few more configuration changes be made.
</div><div class="procedure"><ol
class="1"><li><div class="para">
Be sure that time synchronization is in place between the Kerberos client and the
KDC. Refer to <a class="xref"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"
title="2.6.5. Configuring a Kerberos 5 Server">Section 2.6.5, “Configuring a
Kerberos 5 Server”</a> for more information. In addition, verify that DNS is working
properly on the Kerberos client before configuring the Kerberos client programs.
Index: sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
a Kerberos 5 Server</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"
title="2.6.4. Kerberos and PAM"/><link rel="next"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"
title="2.6.6. Configuring a Kerberos 5
Client"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul cla
ss="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">2.6.5. Configuring
a Kerberos 5 Server</h3></div></div></div><a
id="d0e9582" class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
a Kerberos 5 Server</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"
title="2.6.4. Kerberos and PAM"/><link rel="next"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"
title="2.6.6. Configuring a Kerberos 5
Client"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul cla
ss="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">2.6.5. Configuring
a Kerberos 5 Server</h3></div></div></div><a
id="d0e9582" class="indexterm"/><div class="para">
When setting up Kerberos, install the KDC first. If it is necessary to set up slave
servers, install the master first.
</div><div class="para">
To configure the first Kerberos KDC, follow these steps:
Index: sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Mapping</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"
title="2.6.6. Configuring a Kerberos 5 Client"/><link rel="next"
href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"
title="2.6.8. Setting Up Secondary KDCs"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a><
/p><ul class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">2.6.7. Domain-to-Realm
Mapping</h3></div></div></div><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Mapping</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"
title="2.6.6. Configuring a Kerberos 5 Client"/><link rel="next"
href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"
title="2.6.8. Setting Up Secondary KDCs"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a><
/p><ul class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">2.6.7. Domain-to-Realm
Mapping</h3></div></div></div><div class="para">
When a client attempts to access a service running on a particular server, it knows
the name of the service (<span
class="emphasis"><em>host</em></span>) and the name of the
server (<span
class="emphasis"><em>foo.example.com</em></span>), but
because more than one realm may be deployed on your network, it must guess at the name of
the realm in which the service resides.
</div><div class="para">
By default, the name of the realm is taken to be the DNS domain name of the server,
upper-cased.
Index: sect-Security_Guide-Kerberos-How_Kerberos_Works.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-How_Kerberos_Works.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Kerberos-How_Kerberos_Works.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Kerberos-How_Kerberos_Works.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Kerberos Works</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"
title="2.6.2. Kerberos Terminology"/><link rel="next"
href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"
title="2.6.4. Kerberos and PAM"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a
accesskey="p"
href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-How_Kerberos_Works">2.6.3. How Kerberos
Works</h3></div></div></div><a id="d0e9443"
class="indexterm"/><a id="d0e9448"
class="indexterm"/><a id="d0e9453"
class="indexterm"/><a id="d0e9458"
class="indexterm"/><a id="d0e9463"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Kerberos Works</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"
title="2.6.2. Kerberos Terminology"/><link rel="next"
href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"
title="2.6.4. Kerberos and PAM"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a
accesskey="p"
href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-How_Kerberos_Works">2.6.3. How Kerberos
Works</h3></div></div></div><a id="d0e9443"
class="indexterm"/><a id="d0e9448"
class="indexterm"/><a id="d0e9453"
class="indexterm"/><a id="d0e9458"
class="indexterm"/><a id="d0e9463"
class="indexterm"/><div class="para">
Kerberos differs from username/password authentication methods. Instead of
authenticating each user to each network service, Kerberos uses symmetric encryption and a
trusted third party (a KDC), to authenticate users to a suite of network services. When a
user authenticates to the KDC, the KDC sends a ticket specific to that session back to the
user's machine, and any Kerberos-aware services look for the ticket on the user's
machine rather than requiring the user to authenticate using a password.
</div><div class="para">
When a user on a Kerberos-aware network logs in to their workstation, their principal
is sent to the KDC as part of a request for a TGT from the Authentication Server. This
request can be sent by the log-in program so that it is transparent to the user, or can be
sent by the <code class="command">kinit</code> program after the
user logs in.
Index: sect-Security_Guide-Kerberos-Kerberos_Terminology.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Kerberos_Terminology.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Kerberos-Kerberos_Terminology.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Kerberos-Kerberos_Terminology.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Terminology</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="next"
href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"
title="2.6.3. How Kerberos Works"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Sec
urity_Guide-Kerberos.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Kerberos_Terminology">2.6.2. Kerberos
Terminology</h3></div></div></div><a id="d0e9276"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Terminology</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="next"
href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"
title="2.6.3. How Kerberos Works"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Sec
urity_Guide-Kerberos.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Kerberos_Terminology">2.6.2. Kerberos
Terminology</h3></div></div></div><a id="d0e9276"
class="indexterm"/><div class="para">
Kerberos has its own terminology to define various aspects of the service. Before
learning how Kerberos works, it is important to learn the following terms.
</div><div class="variablelist"><dl><dt><span
class="term">authentication server
(AS)</span></dt><dd><div class="para">
A server that issues tickets for a desired service which are in turn given to users
for access to the service. The AS responds to requests from clients who do not have or do
not send credentials with a request. It is usually used to gain access to the
ticket-granting server (TGS) service by issuing a ticket-granting ticket (TGT). The AS
usually runs on the same host as the key distribution center (KDC).
Index: sect-Security_Guide-Kerberos-Kerberos_and_PAM.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Kerberos_and_PAM.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Kerberos-Kerberos_and_PAM.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Kerberos-Kerberos_and_PAM.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and PAM</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"
title="2.6.3. How Kerberos Works"/><link rel="next"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"
title="2.6.5. Configuring a Kerberos 5
Server"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"
<li class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Kerberos_and_PAM">2.6.4. Kerberos and
PAM</h3></div></div></div><a id="d0e9547"
class="indexterm"/><a id="d0e9552"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and PAM</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"
title="2.6.3. How Kerberos Works"/><link rel="next"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"
title="2.6.5. Configuring a Kerberos 5
Server"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"
<li class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Kerberos_and_PAM">2.6.4. Kerberos and
PAM</h3></div></div></div><a id="d0e9547"
class="indexterm"/><a id="d0e9552"
class="indexterm"/><div class="para">
Kerberos-aware services do not currently make use of Pluggable Authentication Modules
(PAM) — these services bypass PAM completely. However, applications that use PAM can make
use of Kerberos for authentication if the <code
class="filename">pam_krb5</code> module (provided in the <code
class="filename">pam_krb5</code> package) is installed. The <code
class="filename">pam_krb5</code> package contains sample configuration
files that allow services such as <code class="command">login</code>
and <code class="command">gdm</code> to authenticate users as well
as obtain initial credentials using their passwords. If access to network servers is
always performed using Kerberos-aware services or services that use GSS-API, such as IMAP,
the network can be considered reasonably safe.
- </div><div class="tip"><h2>Tip</h2><div
class="para">
- Administrators should be careful not to allow users to authenticate to most network
services using Kerberos passwords. Many protocols used by these services do not encrypt
the password before sending it over the network, destroying the benefits of the Kerberos
system. For example, users should not be allowed to authenticate to Telnet services with
the same password they use for Kerberos authentication.
- </div></div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Prev</strong>2.6.3. How
Kerberos Works</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Next</strong>2.6.5. Configuring
a Kerberos 5 Server</a></li></ul></body></html>
\ No newline at end of file
+ </div><div
class="important"><h2>Important</h2><div
class="para">
+ Administrators should be careful not to allow users to authenticate to most network
services using Kerberos passwords. Many protocols used by these services do not encrypt
the password before sending it over the network, destroying the benefits of the Kerberos
system. For example, users should not be allowed to authenticate to Telnet services with
the same password they use for Kerberos authentication.
+ </div></div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Prev</strong>2.6.3. How
Kerberos Works</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Next</strong>2.6.5. Configuring
a Kerberos 5 Server</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Up Cross Realm Authentication</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"
title="2.6.8. Setting Up Secondary KDCs"/><link rel="next"
href="sect-Security_Guide-Kerberos-Additional_Resources.html"
title="2.6.10. Additional Resources"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">2.6.9. Setting
Up Cross Realm Authentication</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Up Cross Realm Authentication</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"
title="2.6.8. Setting Up Secondary KDCs"/><link rel="next"
href="sect-Security_Guide-Kerberos-Additional_Resources.html"
title="2.6.10. Additional Resources"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">2.6.9. Setting
Up Cross Realm Authentication</h3></div></div></div><div
class="para">
<span class="emphasis"><em>Cross-realm
authentication</em></span> is the term which is used to describe situations in
which clients (typically users) of one realm use Kerberos to authenticate to services
(typically server processes running on a particular server system) which belong to a realm
other than their own.
</div><div class="para">
For the simplest case, in order for a client of a realm named <code
class="literal">A.EXAMPLE.COM</code> to access a service in the
<code class="literal">B.EXAMPLE.COM</code> realm, both realms must
share a key for a principal named <code
class="literal">krbtgt/B.EXAMPLE.COM(a)A.EXAMPLE.COM</code>, and both
keys must have the same key version number associated with them.
@@ -10,9 +10,9 @@
</div><div class="literallayout"><p> <code
class="computeroutput"><code
class="prompt">#</code> <strong
class="userinput"><code>kadmin -r A.EXAMPLE.COM</code></strong></code> <code
class="computeroutput"><code
class="prompt">kadmin:</code> <strong
class="userinput"><code>add_principal krbtgt/B.EXAMPLE.COM(a)A.EXAMPLE.COM</code></strong></code> <code
class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM@A.EXAMPLE.COM":</code> <code
class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM@A.EXAMPLE.COM":</code> <code
class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM(a)A.EXAMPLE.com" created.</code> <strong
class="userinput"><code>quit</code></strong> <code
class="computeroutput"><code
class="prompt">#</code> <strong
class="userinput"><code>kadmin -r B.EXAMPLE.COM</code></strong></code> <code
class="computeroutput"><code
class="prompt">kadmin:</code> <strong
class="userinput"><code>add_principal krbtgt/B.EXA
MPLE.COM(a)A.EXAMPLE.COM</code></strong></code> <code
class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM@A.EXAMPLE.COM":</code> <code
class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM@A.EXAMPLE.COM":</code> <code
class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM(a)A.EXAMPLE.com" created.</code> <strong
class="userinput"><code>quit</code></strong><br/>
</p></div><div class="para">
Use the <code class="command">get_principal</code> command to
verify that both entries have matching key version numbers (<code
class="literal">kvno</code> values) and encryption types.
- </div><div class="caution"><h2>Dumping the Database
Doesn't Do It</h2><div class="para">
- Security-conscious administrators may attempt to use the <code
class="command">add_principal</code> command's <code
class="literal">-randkey</code> option to assign a random key instead
of a password, dump the new entry from the database of the first realm, and import it into
the second. This will not work unless the master keys for the realm databases are
identical, as the keys contained in a database dump are themselves encrypted using the
master key.
- </div></div><div class="para">
+ </div><div class="important"><h2>Dumping the Database
Doesn't Do It</h2><div class="para">
+ Security-conscious administrators may attempt to use the <code
class="command">add_principal</code> command's <code
class="literal">-randkey</code> option to assign a random key instead
of a password, dump the new entry from the database of the first realm, and import it into
the second. This will not work unless the master keys for the realm databases are
identical, as the keys contained in a database dump are themselves encrypted using the
master key.
+ </div></div><div class="para">
Clients in the <code class="literal">A.EXAMPLE.COM</code> realm
are now able to authenticate to services in the <code
class="literal">B.EXAMPLE.COM</code> realm. Put another way, the
<code class="literal">B.EXAMPLE.COM</code> realm now <span
class="emphasis"><em>trusts</em></span> the <code
class="literal">A.EXAMPLE.COM</code> realm, or phrased even more
simply, <code class="literal">B.EXAMPLE.COM</code> now <span
class="emphasis"><em>trusts</em></span> <code
class="literal">A.EXAMPLE.COM</code>.
</div><div class="para">
This brings us to an important point: cross-realm trust is unidirectional by default.
The KDC for the <code class="literal">B.EXAMPLE.COM</code> realm may
trust clients from the <code class="literal">A.EXAMPLE.COM</code> to
authenticate to services in the <code
class="literal">B.EXAMPLE.COM</code> realm, but the fact that it does
has no effect on whether or not clients in the <code
class="literal">B.EXAMPLE.COM</code> realm are trusted to authenticate
to services in the <code class="literal">A.EXAMPLE.COM</code> realm.
To establish trust in the other direction, both realms would need to share keys for the
<code class="literal">krbtgt/A.EXAMPLE.COM(a)B.EXAMPLE.COM</code>
service (take note of the reversed in order of the two realms compared to the example
above).
Index: sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Up Secondary KDCs</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"
title="2.6.7. Domain-to-Realm Mapping"/><link rel="next"
href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"
title="2.6.9. Setting Up Cross Realm
Authentication"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation Si
te"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">2.6.8. Setting Up
Secondary KDCs</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Up Secondary KDCs</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos"/><link rel="prev"
href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"
title="2.6.7. Domain-to-Realm Mapping"/><link rel="next"
href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"
title="2.6.9. Setting Up Cross Realm
Authentication"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation Si
te"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">2.6.8. Setting Up
Secondary KDCs</h3></div></div></div><div
class="para">
For a number of reasons, you may choose to run multiple KDCs for a given realm. In
this scenario, one KDC (the <span class="emphasis"><em>master
KDC</em></span>) keeps a writable copy of the realm database and runs <code
class="command">kadmind</code> (it is also your realm's <span
class="emphasis"><em>admin server</em></span>), and one or
more KDCs (<span class="emphasis"><em>slave
KDCs</em></span>) keep read-only copies of the database and run <code
class="command">kpropd</code>.
</div><div class="para">
The master-slave propagation procedure entails the master KDC dumping its database to
a temporary dump file and then transmitting that file to each of its slaves, which then
overwrite their previously-received read-only copies of the database with the contents of
the dump file.
Index: sect-Security_Guide-Kerberos.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Kerberos.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Kerberos.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Related_Books.html"
title="2.5.5.3. Related Books"/><link rel="next"
href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"
title="2.6.2. Kerberos Terminology"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="do
cnav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Kerberos">2.6. Kerberos</h2></div></div></div><a
id="d0e9180" class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Related_Books.html"
title="2.5.5.3. Related Books"/><link rel="next"
href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"
title="2.6.2. Kerberos Terminology"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="do
cnav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Kerberos">2.6. Kerberos</h2></div></div></div><a
id="d0e9180" class="indexterm"/><div class="para">
System security and integrity within a network can be unwieldy. It can occupy the time
of several administrators just to keep track of what services are being run on a network
and the manner in which these services are used.
</div><div class="para">
Further, authenticating users to network services can prove dangerous when the method
used by the protocol is inherently insecure, as evidenced by the transfer of unencrypted
passwords over a network using the traditional FTP and Telnet protocols.
Index: sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html 22 Dec 2008 19:28:43
-0000 1.1
+++ sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... of
Interest</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk
Encryption"/><link rel="prev"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"
title="3.7.4. What you have just accomplished."/><link
rel="next"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"
title="3.8. 7-Zip Encrypted Archives"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">3.7.5. Links
of Interest</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... of
Interest</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk
Encryption"/><link rel="prev"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"
title="3.7.4. What you have just accomplished."/><link
rel="next"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"
title="3.8. 7-Zip Encrypted Archives"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">3.7.5. Links
of Interest</h3></div></div></div><div
class="para">
For additional information on LUKS or encrypting hard drives under Fedora please visit
one of the following links:
</div><div class="itemizedlist"><ul><li><div
class="para">
<a
href="http://luks.endorphin.org/">LUKS - Linux Unified Key
Setup</a>
Index:
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Instructions</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk
Encryption"/><link rel="prev"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"
title="3.7.2. Manually Encrypting Directories"/><link rel="next"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"
title="3.7.4. What you have just
accomplished."/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedo
raproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">3.7.3. Step-by-Step
Instructions</h3></div></div></div><div
class="orderedlist"><ol><li><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Instructions</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk
Encryption"/><link rel="prev"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"
title="3.7.2. Manually Encrypting Directories"/><link rel="next"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"
title="3.7.4. What you have just
accomplished."/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedo
raproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">3.7.3. Step-by-Step
Instructions</h3></div></div></div><div
class="orderedlist"><ol><li><div class="para">
enter runlevel 1: <code class="code">telinit 1</code>
</div></li><li><div class="para">
unmount your existing /home: <code class="code"> umount
/home</code>
Index:
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... you
have just accomplished.</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk
Encryption"/><link rel="prev"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"
title="3.7.3. Step-by-Step Instructions"/><link rel="next"
href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"
title="3.7.5. Links of Interest"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">3.7.4. What
you have just accomplished.</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... you
have just accomplished.</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk
Encryption"/><link rel="prev"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"
title="3.7.3. Step-by-Step Instructions"/><link rel="next"
href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"
title="3.7.5. Links of Interest"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">3.7.4. What
you have just accomplished.</h3></div></div></div><div
class="para">
Congratulations, you now have an encrypted partition for all of your data to safely
rest while the computer is off.
</div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Prev</strong>3.7.3. Step-by-Step
Instructions</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Next</strong>3.7.5. Links
of Interest</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html 22 Dec
2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html 24 Dec
2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Encrypting Directories</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk
Encryption"/><link rel="prev"
href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk
Encryption"/><link rel="next"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"
title="3.7.3. Step-by-Step Instructions"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image
_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">3.7.2. Manually
Encrypting Directories</h3></div></div></div><div
class="warning"><h2>Warning</h2><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Encrypting Directories</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk
Encryption"/><link rel="prev"
href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk
Encryption"/><link rel="next"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"
title="3.7.3. Step-by-Step Instructions"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image
_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">3.7.2. Manually
Encrypting Directories</h3></div></div></div><div
class="warning"><h2>Warning</h2><div
class="para">
Following this procedure will remove all data on the partition that you are
encrypting. You WILL lose all your information! Make sure you backup your data to an
external source before beginning this procedure!
</div></div><div class="para">
If you are running a version of Fedora prior to Fedora 9 and want to encrypt a
partition, or you want to encrypt a partition after the installation of the current
version of Fedora, the following directions are for you. The below example demonstrates
encrypting your /home partition but any partition can be used.
Index: sect-Security_Guide-LUKS_Disk_Encryption.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-LUKS_Disk_Encryption.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-LUKS_Disk_Encryption.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... Disk
Encryption</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"
title="3.6. Secure Shell"/><link rel="next"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"
title="3.7.2. Manually Encrypting
Directories"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a
</p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-LUKS_Disk_Encryption">3.7. LUKS Disk
Encryption</h2></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... Disk
Encryption</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Encryption.html"
title="Chapter 3. Encryption"/><link rel="prev"
href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"
title="3.6. Secure Shell"/><link rel="next"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"
title="3.7.2. Manually Encrypting
Directories"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a
</p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-LUKS_Disk_Encryption">3.7. LUKS Disk
Encryption</h2></div></div></div><div
class="para">
Linux Unified Key Setup-on-disk-format (or LUKS)
allows you to encrypt partitions on your Linux computer. This is particularly important
when it comes to mobile computers and removable media. LUKS allows multiple user keys to
decrypt a master key which is used for the bulk encryption of the partition.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1. LUKS
Implementation in Fedora</h3></div></div></div><div
class="para">
Fedora 9, and later, utilizes LUKS to perform file system encryption. By default, the
option to encrypt the file system is unchecked during the installation. If you select the
option to encrypt you hard drive, you will be prompted for a passphrase that will be asked
every time you boot the computer. This passphrase "unlocks" the bulk encryption
key that is used to decrypt your partition. If you choose to modify the default partition
table you can choose which partitions you want to encrypt. This is set in the partition
table settings
Index: sect-Security_Guide-Option_Fields-Access_Control.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Option_Fields-Access_Control.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Option_Fields-Access_Control.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Option_Fields-Access_Control.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Control</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"
title="2.5.2.2. Option Fields"/><link rel="prev"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"
title="2.5.2.2. Option Fields"/><link rel="next"
href="sect-Security_Guide-Option_Fields-Shell_Commands.html"
title="2.5.2.2.3. Shell Commands"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documen
tation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Option_Fields-Access_Control">2.5.2.2.2. Access
Control</h5></div></div></div><a id="d0e7930"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Control</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"
title="2.5.2.2. Option Fields"/><link rel="prev"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"
title="2.5.2.2. Option Fields"/><link rel="next"
href="sect-Security_Guide-Option_Fields-Shell_Commands.html"
title="2.5.2.2.3. Shell Commands"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documen
tation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Option_Fields-Access_Control">2.5.2.2.2. Access
Control</h5></div></div></div><a id="d0e7930"
class="indexterm"/><div class="para">
Option fields also allow administrators to explicitly allow or deny hosts in a
single rule by adding the <code class="option">allow</code> or
<code class="option">deny</code> directive as the final option.
</div><div class="para">
For example, the following two rules allow SSH connections from <code
class="systemitem">client-1.example.com</code>, but deny connections
from <code class="systemitem">client-2.example.com</code>:
Index: sect-Security_Guide-Option_Fields-Expansions.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Option_Fields-Expansions.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Option_Fields-Expansions.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Option_Fields-Expansions.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"
title="2.5.2.2. Option Fields"/><link rel="prev"
href="sect-Security_Guide-Option_Fields-Shell_Commands.html"
title="2.5.2.2.3. Shell Commands"/><link rel="next"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"
title="2.5.3. xinetd"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul cla
ss="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Option_Fields-Expansions">2.5.2.2.4. Expansions</h5></div></div></div><a
id="d0e8040" class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"
title="2.5.2.2. Option Fields"/><link rel="prev"
href="sect-Security_Guide-Option_Fields-Shell_Commands.html"
title="2.5.2.2.3. Shell Commands"/><link rel="next"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"
title="2.5.3. xinetd"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul cla
ss="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Option_Fields-Expansions">2.5.2.2.4. Expansions</h5></div></div></div><a
id="d0e8040" class="indexterm"/><div class="para">
Expansions, when used in conjunction with the <code
class="command">spawn</code> and <code
class="command">twist</code> directives, provide information about the
client, server, and processes involved.
</div><div class="para">
The following is a list of supported expansions:
Index: sect-Security_Guide-Option_Fields-Shell_Commands.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Option_Fields-Shell_Commands.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Option_Fields-Shell_Commands.html 22 Dec 2008 19:28:43 -0000 1.1
+++ sect-Security_Guide-Option_Fields-Shell_Commands.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Commands</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"
title="2.5.2.2. Option Fields"/><link rel="prev"
href="sect-Security_Guide-Option_Fields-Access_Control.html"
title="2.5.2.2.2. Access Control"/><link rel="next"
href="sect-Security_Guide-Option_Fields-Expansions.html"
title="2.5.2.2.4. Expansions"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><
ul class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Option_Fields-Shell_Commands">2.5.2.2.3. Shell
Commands</h5></div></div></div><a id="d0e7966"
class="indexterm"/><a id="d0e7973"
class="indexterm"/><a id="d0e7982"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Commands</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"
title="2.5.2.2. Option Fields"/><link rel="prev"
href="sect-Security_Guide-Option_Fields-Access_Control.html"
title="2.5.2.2.2. Access Control"/><link rel="next"
href="sect-Security_Guide-Option_Fields-Expansions.html"
title="2.5.2.2.4. Expansions"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><
ul class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Option_Fields-Shell_Commands">2.5.2.2.3. Shell
Commands</h5></div></div></div><a id="d0e7966"
class="indexterm"/><a id="d0e7973"
class="indexterm"/><a id="d0e7982"
class="indexterm"/><div class="para">
Option fields allow access rules to launch shell commands through the following two
directives:
</div><div class="itemizedlist"><ul><li><div
class="para">
<code class="command">spawn</code> — Launches a shell
command as a child process. This directive can perform tasks like using <code
class="command">/usr/sbin/safe_finger</code> to get more information
about the requesting client or create special log files using the <code
class="command">echo</code> command.
Index: sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Flag</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"
title="2.4.3. PAM Configuration File Format"/><link rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"
title="2.4.3. PAM Configuration File Format"/><link rel="next"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"
title="2.4.3.3. Module Name"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedorapr
oject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">2.4.3.2. Control
Flag</h4></div></div></div><a id="d0e6266"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Flag</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"
title="2.4.3. PAM Configuration File Format"/><link rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"
title="2.4.3. PAM Configuration File Format"/><link rel="next"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"
title="2.4.3.3. Module Name"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedorapr
oject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">2.4.3.2. Control
Flag</h4></div></div></div><a id="d0e6266"
class="indexterm"/><div class="para">
All PAM modules generate a success or failure result when called. Control flags tell
PAM what do with the result. Modules can be stacked in a particular order, and the control
flags determine how important the success or failure of a particular module is to the
overall goal of authenticating the user to the service.
</div><div class="para">
There are four predefined control flags:
Index: sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Arguments</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"
title="2.4.3. PAM Configuration File Format"/><link rel="prev"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"
title="2.4.3.3. Module Name"/><link rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"
title="2.4.4. Sample PAM Configuration Files"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fe
doraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments">2.4.3.4. Module
Arguments</h4></div></div></div><a id="d0e6375"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Arguments</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"
title="2.4.3. PAM Configuration File Format"/><link rel="prev"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"
title="2.4.3.3. Module Name"/><link rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"
title="2.4.4. Sample PAM Configuration Files"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fe
doraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments">2.4.3.4. Module
Arguments</h4></div></div></div><a id="d0e6375"
class="indexterm"/><div class="para">
PAM uses <em class="firstterm">arguments</em> to pass
information to a pluggable module during authentication for some modules.
</div><div class="para">
For example, the <code class="filename">pam_userdb.so</code>
module uses information stored in a Berkeley DB file to authenticate the user. Berkeley DB
is an open source database system embedded in many applications. The module takes a
<code class="filename">db</code> argument so that Berkeley DB knows
which database to use for the requested service.
Index: sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html 22 Dec 2008
19:28:43 -0000 1.1
+++ sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Name</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"
title="2.4.3. PAM Configuration File Format"/><link rel="prev"
href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"
title="2.4.3.2. Control Flag"/><link rel="next"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"
title="2.4.3.4. Module Arguments"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">2.4.3.3. Module
Name</h4></div></div></div><a id="d0e6354"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Name</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"
title="2.4.3. PAM Configuration File Format"/><link rel="prev"
href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"
title="2.4.3.2. Control Flag"/><link rel="next"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"
title="2.4.3.4. Module Arguments"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">2.4.3.3. Module
Name</h4></div></div></div><a id="d0e6354"
class="indexterm"/><div class="para">
The module name provides PAM with the name of the pluggable module containing the
specified module interface. In older versions of Fedora, the full path to the module was
provided in the PAM configuration file. However, since the advent of <em
class="firstterm">multilib</em> systems, which store 64-bit PAM modules
in the <code class="filename">/lib64/security/</code> directory, the
directory name is omitted because the application is linked to the appropriate version of
<code class="filename">libpam</code>, which can locate the correct
version of the module.
</div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Prev</strong>2.4.3.2. Control
Flag</a></li><li class="up"><a accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Next</strong>2.4.3.4. Module
Arguments</a></li></ul></body></html>
\ No newline at end of file
Index:
sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html 22
Dec 2008 19:28:43 -0000 1.1
+++
sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
pam_timestamp Directives</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"
title="2.4.6. PAM and Administrative Credential Caching"/><link
rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"
title="2.4.6. PAM and Administrative Credential Caching"/><link
rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"
title="2.4.7. PAM and Device Ownership"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img src="Common_
Content/images/image_left.png" alt="Product Site"/></a><a
class="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives">2.4.6.2. Common
pam_timestamp Directives</h4></div></div></div><a
id="d0e6774" class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
pam_timestamp Directives</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"
title="2.4.6. PAM and Administrative Credential Caching"/><link
rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"
title="2.4.6. PAM and Administrative Credential Caching"/><link
rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"
title="2.4.7. PAM and Device Ownership"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img src="Common_
Content/images/image_left.png" alt="Product Site"/></a><a
class="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives">2.4.6.2. Common
pam_timestamp Directives</h4></div></div></div><a
id="d0e6774" class="indexterm"/><div class="para">
The <code class="filename">pam_timestamp.so</code> module
accepts several directives. The following are the two most commonly used options:
</div><div class="itemizedlist"><ul><li><div
class="para">
<code class="command">timestamp_timeout</code> — Specifies
the period (in seconds) for which the timestamp file is valid. The default value is 300
(five minutes).
Index: sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Access</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"
title="2.4.7. PAM and Device Ownership"/><link rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"
title="2.4.7. PAM and Device Ownership"/><link rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"
title="2.4.8. Additional Resources"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs
.fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access">2.4.7.2. Application
Access</h4></div></div></div><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Access</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"
title="2.4.7. PAM and Device Ownership"/><link rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"
title="2.4.7. PAM and Device Ownership"/><link rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"
title="2.4.8. Additional Resources"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs
.fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access">2.4.7.2. Application
Access</h4></div></div></div><div class="para">
The console user also has access to certain programs configured for use in the
<code class="filename">/etc/security/console.apps/</code>
directory.
</div><div class="para">
This directory contains configuration files which enable the console user to run
certain applications in <code class="filename">/sbin</code> and
<code class="filename">/usr/sbin</code>.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html 22
Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Resources</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"
title="2.4.7.2. Application Access"/><link rel="next"
href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"
title="2.4.8.2. Useful PAM Websites"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images
/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">2.4.8. Additional
Resources</h3></div></div></div><a id="d0e7004"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Resources</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"
title="2.4.7.2. Application Access"/><link rel="next"
href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"
title="2.4.8.2. Useful PAM Websites"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images
/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">2.4.8. Additional
Resources</h3></div></div></div><a id="d0e7004"
class="indexterm"/><div class="para">
The following resources further explain methods to use and configure PAM. In addition
to these resources, read the PAM configuration files on the system to better understand
how they are structured.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation">2.4.8.1. Installed
PAM Documentation</h4></div></div></div><a
id="d0e7014" class="indexterm"/><div
class="itemizedlist"><ul><li><div class="para">
PAM-related man pages — Several man pages exist for the various applications and
configuration files involved with PAM. The following is a list of some of the more
important man pages.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html 22
Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
PAM Modules</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"
title="2.4.4. Sample PAM Configuration Files"/><link rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"
title="2.4.6. PAM and Administrative Credential
Caching"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product Site
"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">2.4.5. Creating
PAM Modules</h3></div></div></div><a id="d0e6602"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
PAM Modules</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"
title="2.4.4. Sample PAM Configuration Files"/><link rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"
title="2.4.6. PAM and Administrative Credential
Caching"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product Site
"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">2.4.5. Creating
PAM Modules</h3></div></div></div><a id="d0e6602"
class="indexterm"/><div class="para">
You can create or add new PAM modules at any time for use by PAM-aware applications.
</div><div class="para">
For example, a developer might create a one-time-password creation method and write a
PAM module to support it. PAM-aware programs can immediately use the new module and
password method without being recompiled or otherwise modified.
Index:
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Configuration File Format</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"
title="2.4.2. PAM Configuration Files"/><link rel="next"
href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"
title="2.4.3.2. Control Flag"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">2.4.3. PAM
Configuration File Format</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Configuration File Format</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"
title="2.4.2. PAM Configuration Files"/><link rel="next"
href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"
title="2.4.3.2. Control Flag"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">2.4.3. PAM
Configuration File Format</h3></div></div></div><div
class="para">
Each PAM configuration file contains a group of directives formatted as follows:
</div><pre class="screen"><em
class="replaceable"><code><module
interface></code></em> <em
class="replaceable"><code><control
flag></code></em> <em
class="replaceable"><code><module
name></code></em> <em
class="replaceable"><code><module
arguments></code></em>
</pre><div class="para">
Index:
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Configuration Files</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"
title="2.4.3. PAM Configuration File Format"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedo
raproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">2.4.2. PAM
Configuration Files</h3></div></div></div><a
id="d0e6037" class="indexterm"/><a id="d0e6043"
class="indexterm"/><a id="d0e6049"
class="indexterm"/><a id="d0e6055"
class="indexterm"/><a id="d0e6061"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Configuration Files</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"
title="2.4.3. PAM Configuration File Format"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedo
raproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">2.4.2. PAM
Configuration Files</h3></div></div></div><a
id="d0e6037" class="indexterm"/><a id="d0e6043"
class="indexterm"/><a id="d0e6049"
class="indexterm"/><a id="d0e6055"
class="indexterm"/><a id="d0e6061"
class="indexterm"/><div class="para">
The <code class="filename">/etc/pam.d/</code> directory contains
the PAM configuration files for each PAM-aware application. In earlier versions of PAM,
the <code class="filename">/etc/pam.conf</code> file was used, but
this file is now deprecated and is only used if the <code
class="filename">/etc/pam.d/</code> directory does not exist.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files">2.4.2.1. PAM
Service Files</h4></div></div></div><a id="d0e6080"
class="indexterm"/><div class="para">
Each PAM-aware application or <em
class="firstterm">service</em> has a file in the <code
class="filename">/etc/pam.d/</code> directory. Each file in this
directory has the same name as the service to which it controls access.
Index:
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... and
Administrative Credential Caching</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"
title="2.4.5. Creating PAM Modules"/><link rel="next"
href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"
title="2.4.6.2. Common pam_timestamp
Directives"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a cl
ass="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">2.4.6. PAM
and Administrative Credential Caching</h3></div></div></div><a
id="d0e6629" class="indexterm"/><a id="d0e6637"
class="indexterm"/><a id="d0e6643"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... and
Administrative Credential Caching</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"
title="2.4.5. Creating PAM Modules"/><link rel="next"
href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"
title="2.4.6.2. Common pam_timestamp
Directives"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a cl
ass="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">2.4.6. PAM
and Administrative Credential Caching</h3></div></div></div><a
id="d0e6629" class="indexterm"/><a id="d0e6637"
class="indexterm"/><a id="d0e6643"
class="indexterm"/><div class="para">
A number of graphical administrative tools in Fedora provide users with elevated
privileges for up to five minutes using the <code
class="filename">pam_timestamp.so</code> module. It is important to
understand how this mechanism works, because a user who walks away from a terminal while
<code class="filename">pam_timestamp.so</code> is in effect leaves
the machine open to manipulation by anyone with physical access to the console.
</div><div class="para">
In the PAM timestamp scheme, the graphical administrative application prompts the user
for the root password when it is launched. When the user has been authenticated, the
<code class="filename">pam_timestamp.so</code> module creates a
timestamp file. By default, this is created in the <code
class="filename">/var/run/sudo/</code> directory. If the timestamp file
already exists, graphical administrative programs do not prompt for a password. Instead,
the <code class="filename">pam_timestamp.so</code> module freshens
the timestamp file, reserving an extra five minutes of unchallenged administrative access
for the user.
Index:
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... and
Device Ownership</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"
title="2.4.6.2. Common pam_timestamp Directives"/><link
rel="next"
href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"
title="2.4.7.2. Application Access"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.f
edoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">2.4.7. PAM
and Device Ownership</h3></div></div></div><a
id="d0e6813" class="indexterm"/><a id="d0e6821"
class="indexterm"/><a id="d0e6827"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... and
Device Ownership</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"
title="2.4.6.2. Common pam_timestamp Directives"/><link
rel="next"
href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"
title="2.4.7.2. Application Access"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.f
edoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">2.4.7. PAM
and Device Ownership</h3></div></div></div><a
id="d0e6813" class="indexterm"/><a id="d0e6821"
class="indexterm"/><a id="d0e6827"
class="indexterm"/><div class="para">
In Fedora, the first user who logs in at the physical console of the machine can
manipulate certain devices and perform certain tasks normally reserved for the root user.
This is controlled by a PAM module called <code
class="filename">pam_console.so</code>.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership">2.4.7.1. Device
Ownership</h4></div></div></div><div
class="para">
When a user logs in to a Fedora system, the <code
class="filename">pam_console.so</code> module is called by <code
class="command">login</code> or the graphical login programs, <span
class="application"><strong>gdm</strong></span>, <span
class="application"><strong>kdm</strong></span>, and
<span class="application"><strong>xdm</strong></span>.
If this user is the first user to log in at the physical console — referred to as the
<em class="firstterm">console user</em> — the module grants the user
ownership of a variety of devices normally owned by root. The console user owns these
devices until the last local session for that user ends. After this user has logged out,
ownership of the devices reverts back to the root user.
Index:
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
PAM Configuration Files</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"
title="2.4.3.4. Module Arguments"/><link rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"
title="2.4.5. Creating PAM Modules"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">2.4.4. Sample
PAM Configuration Files</h3></div></div></div><a
id="d0e6419" class="indexterm"/><a id="d0e6424"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
PAM Configuration Files</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules (PAM)"/><link
rel="prev"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"
title="2.4.3.4. Module Arguments"/><link rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"
title="2.4.5. Creating PAM Modules"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">2.4.4. Sample
PAM Configuration Files</h3></div></div></div><a
id="d0e6419" class="indexterm"/><a id="d0e6424"
class="indexterm"/><div class="para">
The following is a sample PAM application configuration file:
</div><pre class="screen">#%PAM-1.0
auth required pam_securetty.so
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html 22 Dec 2008 19:28:44
-0000 1.1
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Authentication Modules (PAM)</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"
title="2.3.5. Configuring Firefox to use Kerberos for SSO"/><link
rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"
title="2.4.2. PAM Configuration Files"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://
docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM">2.4. Pluggable
Authentication Modules (PAM)</h2></div></div></div><a
id="d0e5985" class="indexterm"/><a id="d0e5990"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Authentication Modules (PAM)</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"
title="2.3.5. Configuring Firefox to use Kerberos for SSO"/><link
rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"
title="2.4.2. PAM Configuration Files"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://
docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM">2.4. Pluggable
Authentication Modules (PAM)</h2></div></div></div><a
id="d0e5985" class="indexterm"/><a id="d0e5990"
class="indexterm"/><div class="para">
Programs that grant users access to a system use <em
class="firstterm">authentication</em> to verify each other's
identity (that is, to establish that a user is who they say they are).
</div><div class="para">
Historically, each program had its own way of authenticating users. In Fedora, many
programs are configured to use a centralized authentication mechanism called <em
class="firstterm">Pluggable Authentication Modules</em> (<acronym
class="acronym">PAM</acronym>).
Index: sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html 22 Dec
2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html 24 Dec
2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
LUKS Partition Encryption</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Secure_Installation.html"
title="Chapter 5. Secure Installation"/><link rel="prev"
href="chap-Security_Guide-Secure_Installation.html"
title="Chapter 5. Secure Installation"/><link rel="next"
href="chap-Security_Guide-Software_Maintenance.html"
title="Chapter 6. Software Maintenance"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><u
l class="docnav"><li class="previous"><a
accesskey="p"
href="chap-Security_Guide-Secure_Installation.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="chap-Security_Guide-Software_Maintenance.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">5.2. Utilize
LUKS Partition Encryption</h2></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
LUKS Partition Encryption</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Secure_Installation.html"
title="Chapter 5. Secure Installation"/><link rel="prev"
href="chap-Security_Guide-Secure_Installation.html"
title="Chapter 5. Secure Installation"/><link rel="next"
href="chap-Security_Guide-Software_Maintenance.html"
title="Chapter 6. Software Maintenance"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><u
l class="docnav"><li class="previous"><a
accesskey="p"
href="chap-Security_Guide-Secure_Installation.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="chap-Security_Guide-Software_Maintenance.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">5.2. Utilize
LUKS Partition Encryption</h2></div></div></div><div
class="para">
Since Fedora 9, implementation of <a
href="http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncrypt...
Unified Key Setup-on-disk-format</a>(LUKS) encryption has become a lot easier.
During the installation process an option to encrypt your partitions will be presented to
the user. The user must supply a passphrase that will be the key to unlock the bulk
encryption key that will be used to secure the partition's data.
</div><div class="para">
Fedora 8, however, does not have LUKS support built-in; however it is easily
implemented. <a
href="http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncrypt...
procedures</a> are available that allow the user to implement partition encryption
on their Fedora 8 installation.
Index: sect-Security_Guide-Securing_FTP-Anonymous_Access.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_FTP-Anonymous_Access.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_FTP-Anonymous_Access.html 22 Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Securing_FTP-Anonymous_Access.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Access</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"
title="2.2.6. Securing FTP"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"
title="2.2.6. Securing FTP"/><link rel="next"
href="sect-Security_Guide-Securing_FTP-User_Accounts.html"
title="2.2.6.3. User Accounts"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li cl
ass="previous"><a accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_FTP-Anonymous_Access">2.2.6.2. Anonymous
Access</h4></div></div></div><a id="d0e5148"
class="indexterm"/><a id="d0e5153"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Access</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"
title="2.2.6. Securing FTP"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"
title="2.2.6. Securing FTP"/><link rel="next"
href="sect-Security_Guide-Securing_FTP-User_Accounts.html"
title="2.2.6.3. User Accounts"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li cl
ass="previous"><a accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_FTP-Anonymous_Access">2.2.6.2. Anonymous
Access</h4></div></div></div><a id="d0e5148"
class="indexterm"/><a id="d0e5153"
class="indexterm"/><div class="para">
The presence of the <code class="filename">/var/ftp/</code>
directory activates the anonymous account.
</div><div class="para">
The easiest way to create this directory is to install the <code
class="filename">vsftpd</code> package. This package establishes a
directory tree for anonymous users and configures the permissions on directories to
read-only for anonymous users.
</div><div class="para">
By default the anonymous user cannot write to any directories.
- </div><div class="caution"><h2>Caution</h2><div
class="para">
- If enabling anonymous access to an FTP server, be aware of where sensitive data is
stored.
- </div></div><div class="section"
lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload">2.2.6.2.1. Anonymous
Upload</h5></div></div></div><a id="d0e5180"
class="indexterm"/><a id="d0e5185"
class="indexterm"/><div class="para">
+ </div><div class="warning"><h2>Warning</h2><div
class="para">
+ If enabling anonymous access to an FTP server, be aware of where sensitive data is
stored.
+ </div></div><div class="section"
lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload">2.2.6.2.1. Anonymous
Upload</h5></div></div></div><a id="d0e5180"
class="indexterm"/><a id="d0e5185"
class="indexterm"/><div class="para">
To allow anonymous users to upload files, it is recommended that a write-only
directory be created within <code
class="filename">/var/ftp/pub/</code>.
</div><div class="para">
To do this, type the following command:
Index: sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
TCP Wrappers To Control Access</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"
title="2.2.6. Securing FTP"/><link rel="prev"
href="sect-Security_Guide-Securing_FTP-User_Accounts.html"
title="2.2.6.3. User Accounts"/><link rel="next"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"
title="2.2.7. Securing Sendmail"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a><
/p><ul class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access">2.2.6.4. Use
TCP Wrappers To Control Access</h4></div></div></div><a
id="d0e5280" class="indexterm"/><a id="d0e5285"
class="indexterm"/><a id="d0e5290"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
TCP Wrappers To Control Access</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"
title="2.2.6. Securing FTP"/><link rel="prev"
href="sect-Security_Guide-Securing_FTP-User_Accounts.html"
title="2.2.6.3. User Accounts"/><link rel="next"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"
title="2.2.7. Securing Sendmail"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a><
/p><ul class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access">2.2.6.4. Use
TCP Wrappers To Control Access</h4></div></div></div><a
id="d0e5280" class="indexterm"/><a id="d0e5285"
class="indexterm"/><a id="d0e5290"
class="indexterm"/><div class="para">
Use TCP Wrappers to control access to either FTP daemon as outlined in <a
class="xref"
href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers"
title="2.2.1.1. Enhancing Security With TCP Wrappers">Section 2.2.1.1,
“Enhancing Security With TCP Wrappers”</a>.
</div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Prev</strong>2.2.6.3. User
Accounts</a></li><li class="up"><a accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Next</strong>2.2.7. Securing
Sendmail</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Securing_FTP-User_Accounts.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_FTP-User_Accounts.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_FTP-User_Accounts.html 22 Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Securing_FTP-User_Accounts.html 24 Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Accounts</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"
title="2.2.6. Securing FTP"/><link rel="prev"
href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"
title="2.2.6.2. Anonymous Access"/><link rel="next"
href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"
title="2.2.6.4. Use TCP Wrappers To Control
Access"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Document
ation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_FTP-User_Accounts">2.2.6.3. User
Accounts</h4></div></div></div><a id="d0e5227"
class="indexterm"/><a id="d0e5232"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Accounts</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"
title="2.2.6. Securing FTP"/><link rel="prev"
href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"
title="2.2.6.2. Anonymous Access"/><link rel="next"
href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"
title="2.2.6.4. Use TCP Wrappers To Control
Access"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Document
ation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_FTP-User_Accounts">2.2.6.3. User
Accounts</h4></div></div></div><a id="d0e5227"
class="indexterm"/><a id="d0e5232"
class="indexterm"/><div class="para">
Because FTP transmits unencrypted usernames and passwords over insecure networks for
authentication, it is a good idea to deny system users access to the server from their
user accounts.
</div><div class="para">
To disable all user accounts in <code
class="command">vsftpd</code>, add the following directive to <code
class="filename">/etc/vsftpd/vsftpd.conf</code>:
Index: sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html 22 Dec 2008 19:28:44
-0000 1.1
+++ sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
of Syntax Errors</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_NFS.html"
title="2.2.4. Securing NFS"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Securing_NFS.html"
title="2.2.4. Securing NFS"/><link rel="next"
href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"
title="2.2.4.3. Do Not Use the no_root_squash
Option"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="D
ocumentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors">2.2.4.2. Beware
of Syntax Errors</h4></div></div></div><a
id="d0e4823" class="indexterm"/><a id="d0e4828"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
of Syntax Errors</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_NFS.html"
title="2.2.4. Securing NFS"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Securing_NFS.html"
title="2.2.4. Securing NFS"/><link rel="next"
href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"
title="2.2.4.3. Do Not Use the no_root_squash
Option"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="D
ocumentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors">2.2.4.2. Beware
of Syntax Errors</h4></div></div></div><a
id="d0e4823" class="indexterm"/><a id="d0e4828"
class="indexterm"/><div class="para">
The NFS server determines which file systems to export and which hosts to export
these directories to by consulting the <code
class="filename">/etc/exports</code> file. Be careful not to add
extraneous spaces when editing this file.
</div><div class="para">
For instance, the following line in the <code
class="filename">/etc/exports</code> file shares the directory <code
class="command">/tmp/nfs/</code> to the host <code
class="command">bob.example.com</code> with read/write permissions.
Index: sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... Not
Use the no_root_squash Option</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_NFS.html"
title="2.2.4. Securing NFS"/><link rel="prev"
href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"
title="2.2.4.2. Beware of Syntax Errors"/><link rel="next"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"
title="2.2.5. Securing the Apache HTTP
Server"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/image
s/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option">2.2.4.3. Do
Not Use the <code class="command">no_root_squash</code>
Option</h4></div></div></div><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... Not
Use the no_root_squash Option</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_NFS.html"
title="2.2.4. Securing NFS"/><link rel="prev"
href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"
title="2.2.4.2. Beware of Syntax Errors"/><link rel="next"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"
title="2.2.5. Securing the Apache HTTP
Server"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/image
s/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option">2.2.4.3. Do
Not Use the <code class="command">no_root_squash</code>
Option</h4></div></div></div><div class="para">
By default, NFS shares change the root user to the <code
class="command">nfsnobody</code> user, an unprivileged user account.
This changes the owner of all root-created files to <code
class="command">nfsnobody</code>, which prevents uploading of programs
with the setuid bit set.
</div><div class="para">
If <code class="command">no_root_squash</code> is used, remote
root users are able to change any file on the shared file system and leave applications
infected by trojans for other users to inadvertently execute.
Index: sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html 22
Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Static Ports and Use iptables Rules</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"
title="2.2.3. Securing NIS"/><link rel="prev"
href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"
title="2.2.3.3. Edit the /var/yp/securenets File"/><link
rel="next"
href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"
title="2.2.3.5. Use Kerberos Authentication"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_C
ontent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules">2.2.3.4. Assign
Static Ports and Use iptables Rules</h4></div></div></div><a
id="d0e4689" class="indexterm"/><a id="d0e4694"
class="indexterm"/><a id="d0e4701"
class="indexterm"/><a id="d0e4706"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Static Ports and Use iptables Rules</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"
title="2.2.3. Securing NIS"/><link rel="prev"
href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"
title="2.2.3.3. Edit the /var/yp/securenets File"/><link
rel="next"
href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"
title="2.2.3.5. Use Kerberos Authentication"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_C
ontent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules">2.2.3.4. Assign
Static Ports and Use iptables Rules</h4></div></div></div><a
id="d0e4689" class="indexterm"/><a id="d0e4694"
class="indexterm"/><a id="d0e4701"
class="indexterm"/><a id="d0e4706"
class="indexterm"/><div class="para">
All of the servers related to NIS can be assigned specific ports except for <code
class="command">rpc.yppasswdd</code> — the daemon that allows users to
change their login passwords. Assigning ports to the other two NIS server daemons,
<code class="command">rpc.ypxfrd</code> and <code
class="command">ypserv</code>, allows for the creation of firewall
rules to further protect the NIS server daemons from intruders.
</div><div class="para">
To do this, add the following lines to <code
class="filename">/etc/sysconfig/network</code>:
@@ -12,6 +12,6 @@
iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 835 -j DROP
</pre><div class="para">
This means that the server only allows connections to ports 834 and 835 if the
requests come from the 192.168.0.0/24 network, regardless of the protocol.
- </div><div class="tip"><h2>Tip</h2><div
class="para">
- Refer to <a class="xref"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls">Section 2.8, “Firewalls”</a> for more
information about implementing firewalls with iptables commands.
- </div></div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Prev</strong>2.2.3.3. Edit
the /var/yp/securenets File</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Next</strong>2.2.3.5. Use
Kerberos Authentication</a></li></ul></body></html>
\ No newline at end of file
+ </div><div class="note"><h2>Note</h2><div
class="para">
+ Refer to <a class="xref"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls">Section 2.8, “Firewalls”</a> for more
information about implementing firewalls with iptables commands.
+ </div></div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Prev</strong>2.2.3.3. Edit
the /var/yp/securenets File</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Next</strong>2.2.3.5. Use
Kerberos Authentication</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
the /var/yp/securenets File</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"
title="2.2.3. Securing NIS"/><link rel="prev"
href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"
title="2.2.3.2. Use a Password-like NIS Domain Name and Hostname"/><link
rel="next"
href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"
title="2.2.3.4. Assign Static Ports and Use iptables
Rules"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File">2.2.3.3. Edit
the <code class="filename">/var/yp/securenets</code>
File</h4></div></div></div><a id="d0e4647"
class="indexterm"/><a id="d0e4653"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
the /var/yp/securenets File</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"
title="2.2.3. Securing NIS"/><link rel="prev"
href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"
title="2.2.3.2. Use a Password-like NIS Domain Name and Hostname"/><link
rel="next"
href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"
title="2.2.3.4. Assign Static Ports and Use iptables
Rules"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File">2.2.3.3. Edit
the <code class="filename">/var/yp/securenets</code>
File</h4></div></div></div><a id="d0e4647"
class="indexterm"/><a id="d0e4653"
class="indexterm"/><div class="para">
If the <code class="filename">/var/yp/securenets</code> file is
blank or does not exist (as is the case after a default installation), NIS listens to all
networks. One of the first things to do is to put netmask/network pairs in the file so
that <code class="command">ypserv</code> only responds to requests
from the appropriate network.
</div><div class="para">
Below is a sample entry from a <code
class="filename">/var/yp/securenets</code> file:
Index: sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html 22 Dec 2008 19:28:44
-0000 1.1
+++ sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Kerberos Authentication</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"
title="2.2.3. Securing NIS"/><link rel="prev"
href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"
title="2.2.3.4. Assign Static Ports and Use iptables Rules"/><link
rel="next"
href="sect-Security_Guide-Server_Security-Securing_NFS.html"
title="2.2.4. Securing NFS"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication">2.2.3.5. Use
Kerberos Authentication</h4></div></div></div><a
id="d0e4747" class="indexterm"/><a id="d0e4752"
class="indexterm"/><a id="d0e4759"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Kerberos Authentication</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"
title="2.2.3. Securing NIS"/><link rel="prev"
href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"
title="2.2.3.4. Assign Static Ports and Use iptables Rules"/><link
rel="next"
href="sect-Security_Guide-Server_Security-Securing_NFS.html"
title="2.2.4. Securing NFS"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication">2.2.3.5. Use
Kerberos Authentication</h4></div></div></div><a
id="d0e4747" class="indexterm"/><a id="d0e4752"
class="indexterm"/><a id="d0e4759"
class="indexterm"/><div class="para">
One of the issues to consider when NIS is used for authentication is that whenever a
user logs into a machine, a password hash from the <code
class="filename">/etc/shadow</code> map is sent over the network. If an
intruder gains access to an NIS domain and sniffs network traffic, they can collect
usernames and password hashes. With enough time, a password cracking program can guess
weak passwords, and an attacker can gain access to a valid account on the network.
</div><div class="para">
Since Kerberos uses secret-key cryptography, no password hashes are ever sent over
the network, making the system far more secure. Refer to <a class="xref"
href="sect-Security_Guide-Kerberos.html"
title="2.6. Kerberos">Section 2.6, “Kerberos”</a> for more information
about Kerberos.
Index:
sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... a
Password-like NIS Domain Name and Hostname</title><link
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"
title="2.2.3. Securing NIS"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"
title="2.2.3. Securing NIS"/><link rel="next"
href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"
title="2.2.3.3. Edit the /var/yp/securenets
File"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_rig
ht.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname">2.2.3.2. Use
a Password-like NIS Domain Name and
Hostname</h4></div></div></div><a id="d0e4585"
class="indexterm"/><a id="d0e4590"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... a
Password-like NIS Domain Name and Hostname</title><link
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"
title="2.2.3. Securing NIS"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"
title="2.2.3. Securing NIS"/><link rel="next"
href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"
title="2.2.3.3. Edit the /var/yp/securenets
File"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_rig
ht.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname">2.2.3.2. Use
a Password-like NIS Domain Name and
Hostname</h4></div></div></div><a id="d0e4585"
class="indexterm"/><a id="d0e4590"
class="indexterm"/><div class="para">
Any machine within an NIS domain can use commands to extract information from the
server without authentication, as long as the user knows the NIS server's DNS hostname
and NIS domain name.
</div><div class="para">
For instance, if someone either connects a laptop computer into the network or breaks
into the network from outside (and manages to spoof an internal IP address), the following
command reveals the <code class="command">/etc/passwd</code> map:
Index: sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html 24 Dec 2008
01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
portmap With iptables</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"
title="2.2.2. Securing Portmap"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"
title="2.2.2. Securing Portmap"/><link rel="next"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"
title="2.2.3. Securing NIS"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a><
/p><ul class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables">2.2.2.2. Protect
portmap With iptables</h4></div></div></div><a
id="d0e4461" class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
portmap With iptables</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"
title="2.2.2. Securing Portmap"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"
title="2.2.2. Securing Portmap"/><link rel="next"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"
title="2.2.3. Securing NIS"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a><
/p><ul class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables">2.2.2.2. Protect
portmap With iptables</h4></div></div></div><a
id="d0e4461" class="indexterm"/><div class="para">
To further restrict access to the <code
class="command">portmap</code> service, it is a good idea to add
iptables rules to the server and restrict access to specific networks.
</div><div class="para">
Below are two example iptables commands. The first allows TCP connections to the port
111 (used by the <code class="command">portmap</code> service) from
the 192.168.0.0/24 network. The second allows TCP connections to the same port from the
localhost. This is necessary for the <code
class="command">sgi_fam</code> service used by <span
class="application"><strong>Nautilus</strong></span>. All
other packets are dropped.
@@ -10,6 +10,6 @@
</pre><div class="para">
To similarly limit UDP traffic, use the following command.
</div><pre class="screen">iptables -A INPUT -p udp -s!
192.168.0.0/24 --dport 111 -j DROP
-</pre><div class="tip"><h2>Tip</h2><div
class="para">
- Refer to <a class="xref"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls">Section 2.8, “Firewalls”</a> for more
information about implementing firewalls with iptables commands.
- </div></div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Prev</strong>2.2.2. Securing
Portmap</a></li><li class="up"><a accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Next</strong>2.2.3. Securing
NIS</a></li></ul></body></html>
\ No newline at end of file
+</pre><div class="note"><h2>Note</h2><div
class="para">
+ Refer to <a class="xref"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls">Section 2.8, “Firewalls”</a> for more
information about implementing firewalls with iptables commands.
+ </div></div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Prev</strong>2.2.2. Securing
Portmap</a></li><li class="up"><a accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Next</strong>2.2.3. Securing
NIS</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html 22 Dec 2008 19:28:44
-0000 1.1
+++ sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Users</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"
title="2.2.7. Securing Sendmail"/><link rel="prev"
href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"
title="2.2.7.2. NFS and Sendmail"/><link rel="next"
href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"
title="2.2.8. Verifying Which Ports Are
Listening"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_righ
t.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users">2.2.7.3. Mail-only
Users</h4></div></div></div><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Users</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"
title="2.2.7. Securing Sendmail"/><link rel="prev"
href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"
title="2.2.7.2. NFS and Sendmail"/><link rel="next"
href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"
title="2.2.8. Verifying Which Ports Are
Listening"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_righ
t.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users">2.2.7.3. Mail-only
Users</h4></div></div></div><div class="para">
To help prevent local user exploits on the Sendmail server, it is best for mail users
to only access the Sendmail server using an email program. Shell accounts on the mail
server should not be allowed and all user shells in the <code
class="filename">/etc/passwd</code> file should be set to <code
class="command">/sbin/nologin</code> (with the possible exception of
the root user).
</div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Prev</strong>2.2.7.2. NFS
and Sendmail</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Next</strong>2.2.8. Verifying
Which Ports Are Listening</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html 22 Dec 2008 19:28:44
-0000 1.1
+++ sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html 24 Dec 2008 01:24:52
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Sendmail</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"
title="2.2.7. Securing Sendmail"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"
title="2.2.7. Securing Sendmail"/><link rel="next"
href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"
title="2.2.7.3. Mail-only Users"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a>
</p><ul class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail">2.2.7.2. NFS and
Sendmail</h4></div></div></div><a id="d0e5372"
class="indexterm"/><a id="d0e5377"
class="indexterm"/><a id="d0e5382"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Sendmail</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"
title="2.2.7. Securing Sendmail"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"
title="2.2.7. Securing Sendmail"/><link rel="next"
href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"
title="2.2.7.3. Mail-only Users"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a>
</p><ul class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail">2.2.7.2. NFS and
Sendmail</h4></div></div></div><a id="d0e5372"
class="indexterm"/><a id="d0e5377"
class="indexterm"/><a id="d0e5382"
class="indexterm"/><div class="para">
Never put the mail spool directory, <code
class="filename">/var/spool/mail/</code>, on an NFS shared volume.
</div><div class="para">
Because NFSv2 and NFSv3 do not maintain control over user and group IDs, two or more
users can have the same UID, and receive and read each other's mail.
Index:
sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... Not
Remove the IncludesNoExec Directive</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"
title="2.2.5. Securing the Apache HTTP Server"/><link rel="prev"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html"
title="2.2.5.3. The UserDir Directive"/><link rel="next"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html"
title="2.2.5.5. Restrict Permissions for Executable
Directories"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png"
alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive">2.2.5.4. Do
Not Remove the <code class="command">IncludesNoExec</code>
Directive</h4></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... Not
Remove the IncludesNoExec Directive</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"
title="2.2.5. Securing the Apache HTTP Server"/><link rel="prev"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html"
title="2.2.5.3. The UserDir Directive"/><link rel="next"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html"
title="2.2.5.5. Restrict Permissions for Executable
Directories"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png"
alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive">2.2.5.4. Do
Not Remove the <code class="command">IncludesNoExec</code>
Directive</h4></div></div></div><div
class="para">
By default, the <em class="firstterm">Server-Side Includes</em>
(<abbr class="abbrev">SSI</abbr>) module cannot execute commands. It
is recommended that you do not change this setting unless absolutely necessary, as it
could potentially enable an attacker to execute commands on the system.
</div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html"><strong>Prev</strong>2.2.5.3. The
UserDir Directive</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html"><strong>Next</strong>2.2.5.5. Restrict
Permissions for Executable
Dire...</a></li></ul></body></html>
\ No newline at end of file
Index:
sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html 24
Dec 2008 01:24:52 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Permissions for Executable Directories</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"
title="2.2.5. Securing the Apache HTTP Server"/><link rel="prev"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html"
title="2.2.5.4. Do Not Remove the IncludesNoExec Directive"/><link
rel="next"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"
title="2.2.6. Securing FTP"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories">2.2.5.5. Restrict
Permissions for Executable Directories</h4></div></div></div><a
id="d0e4979" class="indexterm"/><a id="d0e4984"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Permissions for Executable Directories</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"
title="2.2.5. Securing the Apache HTTP Server"/><link rel="prev"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html"
title="2.2.5.4. Do Not Remove the IncludesNoExec Directive"/><link
rel="next"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"
title="2.2.6. Securing FTP"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories">2.2.5.5. Restrict
Permissions for Executable Directories</h4></div></div></div><a
id="d0e4979" class="indexterm"/><a id="d0e4984"
class="indexterm"/><div class="para">
Ensure that only the root user has write permissions to any directory containing
scripts or CGIs. To do this, type the following commands:
</div><pre class="screen">chown root <em
class="replaceable"><code><directory_name></code></em>chmod
755 <em
class="replaceable"><code><directory_name></code></em>
</pre><div class="important"><h2>Important</h2><div
class="para">
Index: sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html 22 Dec
2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html 24 Dec
2008 01:24:53 -0000 1.2
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Indexes Directive</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"
title="2.2.5. Securing the Apache HTTP Server"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"
title="2.2.5. Securing the Apache HTTP Server"/><link rel="next"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html"
title="2.2.5.3. The UserDir Directive"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedoraproje
ct.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive">2.2.5.2. The
<code class="command">Indexes</code>
Directive</h4></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Indexes Directive</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"
title="2.2.5. Securing the Apache HTTP Server"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"
title="2.2.5. Securing the Apache HTTP Server"/><link rel="next"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html"
title="2.2.5.3. The UserDir Directive"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedoraproje
ct.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive">2.2.5.2. The
<code class="command">Indexes</code>
Directive</h4></div></div></div><div
class="para">
This directive is enabled by default, but may not be desirable. To prevent visitors
from browsing files on the server, remove this directive.
</div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Prev</strong>2.2.5. Securing
the Apache HTTP Server</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html"><strong>Next</strong>2.2.5.3. The
UserDir Directive</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html 22 Dec
2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive.html 24 Dec
2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
UserDir Directive</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"
title="2.2.5. Securing the Apache HTTP Server"/><link rel="prev"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html"
title="2.2.5.2. The Indexes Directive"/><link rel="next"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html"
title="2.2.5.4. Do Not Remove the IncludesNoExec
Directive"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a cla
ss="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive">2.2.5.3. The
<code class="command">UserDir</code>
Directive</h4></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
UserDir Directive</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"
title="2.2.5. Securing the Apache HTTP Server"/><link rel="prev"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html"
title="2.2.5.2. The Indexes Directive"/><link rel="next"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html"
title="2.2.5.4. Do Not Remove the IncludesNoExec
Directive"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a cla
ss="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Do_Not_Remove_the_IncludesNoExec_Directive.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_UserDir_Directive">2.2.5.3. The
<code class="command">UserDir</code>
Directive</h4></div></div></div><div
class="para">
The <code class="command">UserDir</code> directive is disabled
by default because it can confirm the presence of a user account on the system. To enable
user directory browsing on the server, use the following directives:
</div><pre class="screen">UserDir enabled
UserDir disabled root
Index: sect-Security_Guide-Security_Updates.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Security_Updates.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Security_Updates.html 22 Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Security_Updates.html 24 Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Updates</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Security_Overview.html"
title="Chapter 1. Security Overview"/><link rel="prev"
href="sect-Security_Guide-Common_Exploits_and_Attacks.html"
title="1.4. Common Exploits and Attacks"/><link rel="next"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="d
ocnav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="chap-Security_Guide-Securing_Your_Network.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Security_Updates">1.5. Security
Updates</h2></div></div></div><a id="d0e1367"
class="indexterm"/><a id="d0e1372"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Updates</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Security_Overview.html"
title="Chapter 1. Security Overview"/><link rel="prev"
href="sect-Security_Guide-Common_Exploits_and_Attacks.html"
title="1.4. Common Exploits and Attacks"/><link rel="next"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="d
ocnav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="chap-Security_Guide-Securing_Your_Network.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Security_Updates">1.5. Security
Updates</h2></div></div></div><a id="d0e1367"
class="indexterm"/><a id="d0e1372"
class="indexterm"/><div class="para">
As security vulnerabilities are discovered, the affected software must be updated in
order to limit any potential security risks. If the software is part of a package within a
Fedora distribution that is currently supported, Fedora. is committed to releasing updated
packages that fix the vulnerability as soon as possible. Often, announcements about a
given security exploit are accompanied with a patch (or source code that fixes the
problem). This patch is then applied to the Fedora package, tested by the Red Hat quality
assurance team, and released as an errata update. However, if an announcement does not
include a patch, a Red Hat developer works with the maintainer of the software to fix the
problem. Once the problem is fixed, the package is tested and released as an errata
update.
</div><div class="para">
If an errata update is released for software used on your system, it is highly
recommended that you update the effected packages as soon as possible to minimize the
amount of time the system is potentially vulnerable.
@@ -19,9 +19,9 @@
Red Hat Network allows the majority of the update process to be automated. It
determines which RPM packages are necessary for the system, downloads them from a secure
repository, verifies the RPM signature to make sure they have not been tampered with, and
updates them. The package install can occur immediately or can be scheduled during a
certain time period.
</div><div class="para">
Red Hat Network requires a <em class="firstterm">System
Profile</em> for each machine to be updated. The System Profile contains hardware
and software information about the system. This information is kept confidential and is
not given to anyone else. It is only used to determine which errata updates are applicable
to each system, and, without it, Red Hat Network can not determine whether a given system
needs updates. When a security errata (or any type of errata) is released, Red Hat Network
sends an email with a description of the errata as well as a list of systems which are
affected. To apply the update, use the <span
class="application"><strong>Red Hat Update
Agent</strong></span> or schedule the package to be updated through the
website <a href="http://rhn.redhat.com">http://rhn.redhat.com</a>.
- </div><div class="tip"><h2>Tip</h2><div
class="para">
- Fedora includes the <span class="application"><strong>Red Hat
Network Alert Notification Tool</strong></span>, a convenient panel icon that
displays visible alerts when there is an update for a registered Fedora system. Refer to
the following URL for more information about the applet: <a
href="https://rhn.redhat.com/rhn/help/quickstart.jsp">https:...
- </div></div><div
class="important"><h2>Important</h2><div
class="para">
+ </div><div class="note"><h2>Note</h2><div
class="para">
+ Fedora includes the <span class="application"><strong>Red Hat
Network Alert Notification Tool</strong></span>, a convenient panel icon that
displays visible alerts when there is an update for a registered Fedora system. Refer to
the following URL for more information about the applet: <a
href="https://rhn.redhat.com/rhn/help/quickstart.jsp">https:...
+ </div></div><div
class="important"><h2>Important</h2><div
class="para">
Before installing any security errata, be sure to read any special instructions
contained in the errata report and execute them accordingly. Refer to <a
class="xref"
href="sect-Security_Guide-Security_Updates.html#sect-Security_Guide-Updating_Packages-Applying_the_Changes"
title="1.5.1.5. Applying the Changes">Section 1.5.1.5, “Applying the
Changes”</a> for general instructions about applying the changes made by an errata
update.
</div></div></div><div class="section"
lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Updating_Packages-Using_the_Red_Hat_Errata_Website">1.5.1.2. Using
the Red Hat Errata Website</h4></div></div></div><a
id="d0e1440" class="indexterm"/><a id="d0e1445"
class="indexterm"/><div class="para">
When security errata reports are released, they are published on the Red Hat Errata
website available at <a
href="http://www.redhat.com/security/">http://www.redhat.com...;.
From this page, select the product and version for your system, and then select <span
class="guilabel"><strong>security</strong></span> at the
top of the page to display only Fedora Security Advisories. If the synopsis of one of the
advisories describes a package used on your system, click on the synopsis for more
details.
Index: sect-Security_Guide-Server_Security-Securing_FTP.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_FTP.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Server_Security-Securing_FTP.html 22 Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Server_Security-Securing_FTP.html 24 Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
FTP</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html"
title="2.2.5.5. Restrict Permissions for Executable Directories"/><link
rel="next"
href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"
title="2.2.6.2. Anonymous Access"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/
image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Securing_FTP">2.2.6. Securing
FTP</h3></div></div></div><a id="d0e5012"
class="indexterm"/><a id="d0e5017"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
FTP</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html"
title="2.2.5.5. Restrict Permissions for Executable Directories"/><link
rel="next"
href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"
title="2.2.6.2. Anonymous Access"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/
image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-Restrict_Permissions_for_Executable_Directories.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Securing_FTP">2.2.6. Securing
FTP</h3></div></div></div><a id="d0e5012"
class="indexterm"/><a id="d0e5017"
class="indexterm"/><div class="para">
The <em class="firstterm">File Transport Protocol</em> (<abbr
class="abbrev">FTP</abbr>) is an older TCP protocol designed to
transfer files over a network. Because all transactions with the server, including user
authentication, are unencrypted, it is considered an insecure protocol and should be
carefully configured.
</div><div class="para">
Fedora provides three FTP servers.
Index: sect-Security_Guide-Server_Security-Securing_NFS.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_NFS.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Server_Security-Securing_NFS.html 22 Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Server_Security-Securing_NFS.html 24 Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
NFS</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"
title="2.2.3.5. Use Kerberos Authentication"/><link rel="next"
href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"
title="2.2.4.2. Beware of Syntax Errors"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></
a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Securing_NFS">2.2.4. Securing
NFS</h3></div></div></div><a id="d0e4776"
class="indexterm"/><a id="d0e4781"
class="indexterm"/><div
class="important"><h2>Important</h2><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
NFS</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"
title="2.2.3.5. Use Kerberos Authentication"/><link rel="next"
href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"
title="2.2.4.2. Beware of Syntax Errors"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></
a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Securing_NFS">2.2.4. Securing
NFS</h3></div></div></div><a id="d0e4776"
class="indexterm"/><a id="d0e4781"
class="indexterm"/><div
class="important"><h2>Important</h2><div
class="para">
The version of NFS included in Fedora, NFSv4, no longer requires the <code
class="command">portmap</code> service as outlined in <a
class="xref"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"
title="2.2.2. Securing Portmap">Section 2.2.2, “Securing Portmap”</a>.
NFS traffic now utilizes TCP in all versions, rather than UDP, and requires it when using
NFSv4. NFSv4 now includes Kerberos user and group authentication, as part of the <code
class="filename">RPCSEC_GSS</code> kernel module. Information on
<code class="command">portmap</code> is still included, since Fedora
supports NFSv2 and NFSv3, both of which utilize <code
class="command">portmap</code>.
</div></div><div class="section"
lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network">2.2.4.1. Carefully
Plan the Network</h4></div></div></div><a
id="d0e4806" class="indexterm"/><a id="d0e4811"
class="indexterm"/><div class="para">
Now that NFSv4 has the ability to pass all information encrypted using Kerberos over
a network, it is important that the service be configured correctly if it is behind a
firewall or on a segmented network. NFSv2 and NFSv3 still pass data insecurely, and this
should be taken into consideration. Careful network design in all of these regards can
help prevent security breaches.
Index: sect-Security_Guide-Server_Security-Securing_NIS.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_NIS.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Server_Security-Securing_NIS.html 22 Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Server_Security-Securing_NIS.html 24 Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
NIS</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"
title="2.2.2.2. Protect portmap With iptables"/><link rel="next"
href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"
title="2.2.3.2. Use a Password-like NIS Domain Name and
Hostname"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Securing_NIS">2.2.3. Securing
NIS</h3></div></div></div><a id="d0e4499"
class="indexterm"/><a id="d0e4504"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
NIS</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"
title="2.2.2.2. Protect portmap With iptables"/><link rel="next"
href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"
title="2.2.3.2. Use a Password-like NIS Domain Name and
Hostname"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Securing_NIS">2.2.3. Securing
NIS</h3></div></div></div><a id="d0e4499"
class="indexterm"/><a id="d0e4504"
class="indexterm"/><div class="para">
The <em class="firstterm">Network Information Service</em>
(<acronym class="acronym">NIS</acronym>) is an RPC service, called
<code class="command">ypserv</code>,--> which is used in
conjunction with <code class="command">portmap</code> and other
related services to distribute maps of usernames, passwords, and other sensitive
information to any computer claiming to be within its domain.
</div><div class="para">
An NIS server is comprised of several applications. They include the following:
Index: sect-Security_Guide-Server_Security-Securing_Portmap.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_Portmap.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Server_Security-Securing_Portmap.html 22 Dec 2008 19:28:44
-0000 1.1
+++ sect-Security_Guide-Server_Security-Securing_Portmap.html 24 Dec 2008 01:24:53
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Portmap</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="next"
href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"
title="2.2.2.2. Protect portmap With
iptables"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docn
av"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Server_Security.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Securing_Portmap">2.2.2. Securing
Portmap</h3></div></div></div><a id="d0e4408"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Portmap</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="next"
href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"
title="2.2.2.2. Protect portmap With
iptables"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docn
av"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Server_Security.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Securing_Portmap">2.2.2. Securing
Portmap</h3></div></div></div><a id="d0e4408"
class="indexterm"/><div class="para">
The <code class="command">portmap</code> service is a dynamic
port assignment daemon for RPC services such as NIS and NFS. It has weak authentication
mechanisms and has the ability to assign a wide range of ports for the services it
controls. For these reasons, it is difficult to secure.
</div><div class="note"><h2>Note</h2><div
class="para">
Securing <code class="command">portmap</code> only affects
NFSv2 and NFSv3 implementations, since NFSv4 no longer requires it. If you plan to
implement an NFSv2 or NFSv3 server, then <code
class="command">portmap</code> is required, and the following section
applies.
Index: sect-Security_Guide-Server_Security-Securing_Sendmail.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_Sendmail.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Server_Security-Securing_Sendmail.html 22 Dec 2008 19:28:44
-0000 1.1
+++ sect-Security_Guide-Server_Security-Securing_Sendmail.html 24 Dec 2008 01:24:53
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Sendmail</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"
title="2.2.6.4. Use TCP Wrappers To Control Access"/><link
rel="next"
href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"
title="2.2.7.2. NFS and Sendmail"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Securing_Sendmail">2.2.7. Securing
Sendmail</h3></div></div></div><a id="d0e5304"
class="indexterm"/><a id="d0e5309"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Sendmail</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"
title="2.2.6.4. Use TCP Wrappers To Control Access"/><link
rel="next"
href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"
title="2.2.7.2. NFS and Sendmail"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Securing_Sendmail">2.2.7. Securing
Sendmail</h3></div></div></div><a id="d0e5304"
class="indexterm"/><a id="d0e5309"
class="indexterm"/><div class="para">
Sendmail is a Mail Transport Agent (MTA) that uses the Simple Mail Transport Protocol
(SMTP) to deliver electronic messages between other MTAs and to email clients or delivery
agents. Although many MTAs are capable of encrypting traffic between one another, most do
not, so sending email over any public networks is considered an inherently insecure form
of communication.
</div><div class="para">
It is recommended that anyone planning to implement a Sendmail server address the
following issues.
Index: sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html 24 Dec 2008
01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
the Apache HTTP Server</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"
title="2.2.4.3. Do Not Use the no_root_squash Option"/><link
rel="next"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html"
title="2.2.5.2. The Indexes Directive"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">2.2.5. Securing
the Apache HTTP Server</h3></div></div></div><a
id="d0e4898" class="indexterm"/><a id="d0e4903"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
the Apache HTTP Server</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"
title="2.2.4.3. Do Not Use the no_root_squash Option"/><link
rel="next"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html"
title="2.2.5.2. The Indexes Directive"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Securing_the_Apache_HTTP_Server-The_Indexes_Directive.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">2.2.5. Securing
the Apache HTTP Server</h3></div></div></div><a
id="d0e4898" class="indexterm"/><a id="d0e4903"
class="indexterm"/><div class="para">
The Apache HTTP Server is one of the most stable and secure services that ships with
Fedora. A large number of options and techniques are available to secure the Apache HTTP
Server — too numerous to delve into deeply here.
</div><div class="para">
System Administrators should be careful when using the following configuration
options:
Index: sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html 22 Dec
2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html 24 Dec
2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Which Ports Are Listening</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"
title="2.2.7.3. Mail-only Users"/><link rel="next"
href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single
Sign-on (SSO)"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docn
av"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">2.2.8. Verifying
Which Ports Are Listening</h3></div></div></div><a
id="d0e5421" class="indexterm"/><a id="d0e5426"
class="indexterm"/><a id="d0e5433"
class="indexterm"/><a id="d0e5437"
class="indexterm"/><a id="d0e5441"
class="indexterm"/><a id="d0e5444"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Which Ports Are Listening</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Server_Security.html" title="2.2. Server
Security"/><link rel="prev"
href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"
title="2.2.7.3. Mail-only Users"/><link rel="next"
href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single
Sign-on (SSO)"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docn
av"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">2.2.8. Verifying
Which Ports Are Listening</h3></div></div></div><a
id="d0e5421" class="indexterm"/><a id="d0e5426"
class="indexterm"/><a id="d0e5433"
class="indexterm"/><a id="d0e5437"
class="indexterm"/><a id="d0e5441"
class="indexterm"/><a id="d0e5444"
class="indexterm"/><div class="para">
After configuring network services, it is important to pay attention to which ports
are actually listening on the system's network interfaces. Any open ports can be
evidence of an intrusion.
</div><div class="para">
There are two basic approaches for listing the ports that are listening on the
network. The less reliable approach is to query the network stack using commands such as
<code class="command">netstat -an</code> or <code
class="command">lsof -i</code>. This method is less reliable since
these programs do not connect to the machine from the network, but rather check to see
what is running on the system. For this reason, these applications are frequent targets
for replacement by attackers. Crackers attempt to cover their tracks if they open
unauthorized network ports by replacing <code
class="command">netstat</code> and <code
class="command">lsof</code> with their own, modified versions.
Index: sect-Security_Guide-Server_Security.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Server_Security.html 22 Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Server_Security.html 24 Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Security</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="next"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"
title="2.2.2. Securing Portmap"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class
="docnav"><li class="previous"><a accesskey="p"
href="chap-Security_Guide-Securing_Your_Network.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Server_Security">2.2. Server
Security</h2></div></div></div><a id="d0e3991"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Security</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="next"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"
title="2.2.2. Securing Portmap"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class
="docnav"><li class="previous"><a accesskey="p"
href="chap-Security_Guide-Securing_Your_Network.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Server_Security">2.2. Server
Security</h2></div></div></div><a id="d0e3991"
class="indexterm"/><div class="para">
When a system is used as a server on a public network, it becomes a target for attacks.
Hardening the system and locking down services is therefore of paramount importance for
the system administrator.
</div><div class="para">
Before delving into specific issues, review the following general tips for enhancing
server security:
@@ -17,9 +17,9 @@
<em class="firstterm">TCP Wrappers</em> provide access control
to a variety of services. Most modern network services, such as SSH, Telnet, and FTP, make
use of TCP Wrappers, which stand guard between an incoming request and the requested
service.
</div><div class="para">
The benefits offered by TCP Wrappers are enhanced when used in conjunction with
<code class="command">xinetd</code>, a super server that provides
additional access, logging, binding, redirection, and resource utilization control.
- </div><div class="tip"><h2>Tip</h2><div
class="para">
- It is a good idea to use iptables firewall rules in conjunction with TCP Wrappers and
<code class="command">xinetd</code> to create redundancy within
service access controls. Refer to <a class="xref"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls">Section 2.8, “Firewalls”</a> for more
information about implementing firewalls with iptables commands.
- </div></div><div class="para">
+ </div><div class="note"><h2>Note</h2><div
class="para">
+ It is a good idea to use iptables firewall rules in conjunction with TCP Wrappers and
<code class="command">xinetd</code> to create redundancy within
service access controls. Refer to <a class="xref"
href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls">Section 2.8, “Firewalls”</a> for more
information about implementing firewalls with iptables commands.
+ </div></div><div class="para">
The following subsections assume a basic knowledge of each topic and focus on specific
security options.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">2.2.1.1. Enhancing
Security With TCP Wrappers</h4></div></div></div><a
id="d0e4041" class="indexterm"/><div class="para">
TCP Wrappers are capable of much more than denying access to services. This section
illustrates how they can be used to send connection banners, warn of attacks from
particular hosts, and enhance logging functionality. Refer to the <code
class="filename">hosts_options</code> man page for information about
the TCP Wrapper functionality and control language.
Index:
sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Firefox to use Kerberos for SSO</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single
Sign-on (SSO)"/><link rel="prev"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"
title="2.3.4. How Smart Card Login Works"/><link rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules
(PAM)"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">2.3.5. Configuring
Firefox to use Kerberos for SSO</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Firefox to use Kerberos for SSO</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single
Sign-on (SSO)"/><link rel="prev"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"
title="2.3.4. How Smart Card Login Works"/><link rel="next"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"
title="2.4. Pluggable Authentication Modules
(PAM)"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">2.3.5. Configuring
Firefox to use Kerberos for SSO</h3></div></div></div><div
class="para">
You can configure Firefox to use Kerberos for Single Sign-on. In order for this
functionality to work correctly, you need to configure your web browser to send your
Kerberos credentials to the appropriate <abbr
class="abbrev">KDC</abbr>.The following section describes the
configuration changes and other requirements to achieve this.
</div><div class="orderedlist"><ol><li><div
class="para">
In the address bar of Firefox, type <strong
class="userinput"><code>about:config</code></strong> to
display the list of current configuration options.
Index:
sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Started with your new Smart Card</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single
Sign-on (SSO)"/><link rel="prev"
href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single
Sign-on (SSO)"/><link rel="next"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"
title="2.3.3. How Smart Card Enrollment
Works"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="
Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">2.3.2. Getting
Started with your new Smart Card</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Started with your new Smart Card</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single
Sign-on (SSO)"/><link rel="prev"
href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single
Sign-on (SSO)"/><link rel="next"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"
title="2.3.3. How Smart Card Enrollment
Works"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="
Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">2.3.2. Getting
Started with your new Smart Card</h3></div></div></div><div
class="para">
Before you can use your smart card to log in to your system and take advantage of the
increased security options this technology provides, you need to perform some basic
installation and configuration steps. These are described below.
</div><div class="note"><h2>Note</h2><div
class="para">
This section provides a high-level view of getting started with your smart card. More
detailed information is available in the Red Hat Certificate System Enterprise Security
Client Guide.
Index: sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html 22 Dec
2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html 24 Dec
2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Smart Card Enrollment Works</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single
Sign-on (SSO)"/><link rel="prev"
href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"
title="2.3.2. Getting Started with your new Smart Card"/><link
rel="next"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"
title="2.3.4. How Smart Card Login Works"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="
Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">2.3.3. How
Smart Card Enrollment Works</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Smart Card Enrollment Works</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single
Sign-on (SSO)"/><link rel="prev"
href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"
title="2.3.2. Getting Started with your new Smart Card"/><link
rel="next"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"
title="2.3.4. How Smart Card Login Works"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="
Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">2.3.3. How
Smart Card Enrollment Works</h3></div></div></div><div
class="para">
Smart cards are said to be <em class="firstterm">enrolled</em>
when they have received an appropriate certificate signed by a valid Certificate Authority
(<abbr class="abbrev">CA</abbr>). This involves several steps,
described below:
</div><div class="orderedlist"><ol><li><div
class="para">
The user inserts their smart card into the smart card reader on their workstation.
This event is recognized by the Enterprise Security Client (<abbr
class="abbrev">ESC</abbr>).
Index: sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html 24 Dec 2008
01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Smart Card Login Works</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single
Sign-on (SSO)"/><link rel="prev"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"
title="2.3.3. How Smart Card Enrollment Works"/><link rel="next"
href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"
title="2.3.5. Configuring Firefox to use Kerberos for
SSO"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"
<img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">2.3.4. How
Smart Card Login Works</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Smart Card Login Works</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single
Sign-on (SSO)"/><link rel="prev"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"
title="2.3.3. How Smart Card Enrollment Works"/><link rel="next"
href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"
title="2.3.5. Configuring Firefox to use Kerberos for
SSO"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"
<img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">2.3.4. How
Smart Card Login Works</h3></div></div></div><div
class="para">
This section provides a brief overview of the process
of logging in using a smart card.
</div><div class="orderedlist"><ol><li><div
class="para">
When the user inserts their smart card into the smart card reader, this event is
recognized by the PAM facility, which prompts for the user's PIN.
Index: sect-Security_Guide-Single_Sign_on_SSO.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Single_Sign_on_SSO.html 22 Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Single_Sign_on_SSO.html 24 Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Sign-on (SSO)</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"
title="2.2.8. Verifying Which Ports Are Listening"/><link
rel="next"
href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"
title="2.3.2. Getting Started with your new Smart
Card"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.or
g"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Single_Sign_on_SSO">2.3. Single Sign-on
(SSO)</h2></div></div></div><div class="section"
lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1. Introduction</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Sign-on (SSO)</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"
title="2.2.8. Verifying Which Ports Are Listening"/><link
rel="next"
href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"
title="2.3.2. Getting Started with your new Smart
Card"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.or
g"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Single_Sign_on_SSO">2.3. Single Sign-on
(SSO)</h2></div></div></div><div class="section"
lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1. Introduction</h3></div></div></div><div
class="para">
The Fedora SSO functionality reduces the number of times Fedora desktop users have to
enter their passwords. Several major applications leverage the same underlying
authentication and authorization mechanisms so that users can log in to Fedora from the
log-in screen, and then not need to re-enter their passwords. These applications are
detailed below.
</div><div class="para">
In addition, users can log in to their machines even when there is no network (<em
class="firstterm">offline mode</em>) or where network connectivity is
unreliable, for example, wireless access. In the latter case, services will degrade
gracefully.
Index:
sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Signed Packages from Well Known Repositories</title><link
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Software_Maintenance.html"
title="Chapter 6. Software Maintenance"/><link rel="prev"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"
title="6.3. Adjusting Automatic Updates"/><link rel="next"
href="chap-Security_Guide-References.html"
title="Chapter 7. References"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_C
ontent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="chap-Security_Guide-References.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">6.4. Install
Signed Packages from Well Known
Repositories</h2></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Signed Packages from Well Known Repositories</title><link
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Software_Maintenance.html"
title="Chapter 6. Software Maintenance"/><link rel="prev"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"
title="6.3. Adjusting Automatic Updates"/><link rel="next"
href="chap-Security_Guide-References.html"
title="Chapter 7. References"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_C
ontent/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="chap-Security_Guide-References.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">6.4. Install
Signed Packages from Well Known
Repositories</h2></div></div></div><div
class="para">
Software packages are published through repositories. All well known repositories
support package signing. Package signing uses public key technology to prove that the
package that was published by the repository has not been changed since the signature was
applied. This provides some protection against installing software that may have been
maliciously altered after the package was created but before you downloaded it.
</div><div class="para">
Using too many repositories, untrustworthy repositories, or repositories with unsigned
packages has a higher risk of introducing malicious or vulnerable code into your system.
Use caution when adding repositories to yum/software update.
Index:
sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Automatic Updates</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Software_Maintenance.html"
title="Chapter 6. Software Maintenance"/><link rel="prev"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"
title="6.2. Plan and Configure Security Updates"/><link
rel="next"
href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"
title="6.4. Install Signed Packages from Well Known
Repositories"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" hr
ef="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">6.3. Adjusting
Automatic Updates</h2></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Automatic Updates</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Software_Maintenance.html"
title="Chapter 6. Software Maintenance"/><link rel="prev"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"
title="6.2. Plan and Configure Security Updates"/><link
rel="next"
href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"
title="6.4. Install Signed Packages from Well Known
Repositories"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" hr
ef="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">6.3. Adjusting
Automatic Updates</h2></div></div></div><div
class="para">
Fedora 9 is configured to apply all updates on a daily schedule. If you want to change
the how your system installs updates you must do so via '''Software Update
Preferences'''. You can change the schedule, the type of updates to apply or
to notify you of available updates.
</div><div class="para">
In Gnome, you can find controls for your updates at: <code
class="code">System -> Preferences -> System -> Software
Updates</code>. In KDE it is located at: <code
class="code">Applications -> Settings -> Software
Updates</code>.
Index: sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html 22
Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... and
Configure Security Updates</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Software_Maintenance.html"
title="Chapter 6. Software Maintenance"/><link rel="prev"
href="chap-Security_Guide-Software_Maintenance.html"
title="Chapter 6. Software Maintenance"/><link rel="next"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"
title="6.3. Adjusting Automatic Updates"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="chap-Security_Guide-Software_Maintenance.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">6.2. Plan
and Configure Security Updates</h2></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... and
Configure Security Updates</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Software_Maintenance.html"
title="Chapter 6. Software Maintenance"/><link rel="prev"
href="chap-Security_Guide-Software_Maintenance.html"
title="Chapter 6. Software Maintenance"/><link rel="next"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"
title="6.3. Adjusting Automatic Updates"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="chap-Security_Guide-Software_Maintenance.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">6.2. Plan
and Configure Security Updates</h2></div></div></div><div
class="para">
All software contains bugs. Often, these bugs can result in a vulnerability that can
expose your system to malicious users. Unpatched systems are a common cause of computer
intrusions. You should have a plan to install security patches in a timely manner to close
those vulnerabilities so they can not be exploited.
</div><div class="para">
For home users, security updates should be installed as soon as possible. Configuring
automatic installation of security updates is one way to avoid having to remember, but
does carry a slight risk that something can cause a conflict with your configuration or
with other software on the system.
Index: sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html 24 Dec 2008
01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Fields</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"
title="2.5.2. TCP Wrappers Configuration Files"/><link
rel="prev"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"
title="2.5.2. TCP Wrappers Configuration Files"/><link
rel="next"
href="sect-Security_Guide-Option_Fields-Access_Control.html"
title="2.5.2.2.2. Access Control"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="
Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">2.5.2.2. Option
Fields</h4></div></div></div><a id="d0e7854"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Fields</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"
title="2.5.2. TCP Wrappers Configuration Files"/><link
rel="prev"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"
title="2.5.2. TCP Wrappers Configuration Files"/><link
rel="next"
href="sect-Security_Guide-Option_Fields-Access_Control.html"
title="2.5.2.2.2. Access Control"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="
Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">2.5.2.2. Option
Fields</h4></div></div></div><a id="d0e7854"
class="indexterm"/><div class="para">
In addition to basic rules that allow and deny access, the Fedora implementation of
TCP Wrappers supports extensions to the access control language through <em
class="firstterm">option fields</em>. By using option fields in hosts
access rules, administrators can accomplish a variety of tasks such as altering log
behavior, consolidating access control, and launching shell commands.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Option_Fields-Logging">2.5.2.2.1. Logging</h5></div></div></div><a
id="d0e7869" class="indexterm"/><div class="para">
Option fields let administrators easily change the log facility and priority level
for a rule by using the <code class="option">severity</code>
directive.
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html 24 Dec 2008
01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Resources</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP
Wrappers and xinetd"/><link rel="prev"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"
title="2.5.4.3.4. Resource Management Options"/><link rel="next"
href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"
title="2.5.5.2. Useful TCP Wrappers Websites"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="
Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">2.5.5. Additional
Resources</h3></div></div></div><a id="d0e8998"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Resources</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP
Wrappers and xinetd"/><link rel="prev"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"
title="2.5.4.3.4. Resource Management Options"/><link rel="next"
href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"
title="2.5.5.2. Useful TCP Wrappers Websites"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="
Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">2.5.5. Additional
Resources</h3></div></div></div><a id="d0e8998"
class="indexterm"/><div class="para">
More information about TCP Wrappers and <code
class="systemitem">xinetd</code> is available from system documentation
and on the Internet.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation">2.5.5.1. Installed
TCP Wrappers Documentation</h4></div></div></div><a
id="d0e9011" class="indexterm"/><a id="d0e9018"
class="indexterm"/><div class="para">
The documentation on your system is a good place to start looking for additional
configuration options for TCP Wrappers, <code
class="systemitem">xinetd</code>, and access control.
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html 22
Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Wrappers Configuration Files</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP
Wrappers and xinetd"/><link rel="prev"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP
Wrappers and xinetd"/><link rel="next"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"
title="2.5.2.2. Option Fields"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentatio
n Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">2.5.2. TCP
Wrappers Configuration Files</h3></div></div></div><a
id="d0e7335" class="indexterm"/><a id="d0e7343"
class="indexterm"/><a id="d0e7351"
class="indexterm"/><a id="d0e7357"
class="indexterm"/><a id="d0e7363"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Wrappers Configuration Files</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP
Wrappers and xinetd"/><link rel="prev"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP
Wrappers and xinetd"/><link rel="next"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"
title="2.5.2.2. Option Fields"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentatio
n Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">2.5.2. TCP
Wrappers Configuration Files</h3></div></div></div><a
id="d0e7335" class="indexterm"/><a id="d0e7343"
class="indexterm"/><a id="d0e7351"
class="indexterm"/><a id="d0e7357"
class="indexterm"/><a id="d0e7363"
class="indexterm"/><div class="para">
To determine if a client is allowed to connect to a service, TCP Wrappers reference
the following two files, which are commonly referred to as <em
class="firstterm">hosts access</em> files:
</div><div class="itemizedlist"><ul><li><div
class="para">
<code class="filename">/etc/hosts.allow</code>
@@ -73,9 +73,9 @@
<code class="option">UNKNOWN</code> — Matches any host where
the hostname or host address are unknown or where the user is unknown.
</div></li><li><div class="para">
<code class="option">PARANOID</code> — Matches any host
where the hostname does not match the host address.
- </div></li></ul></div><div
class="caution"><h2>Caution</h2><div
class="para">
- The <code class="option">KNOWN</code>, <code
class="option">UNKNOWN</code>, and <code
class="option">PARANOID</code> wildcards should be used with care,
because they rely on functioning DNS server for correct operation. Any disruption to name
resolution may prevent legitimate users from gaining access to a service.
- </div></div></div><div class="section"
lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Formatting_Access_Rules-Patterns">2.5.2.1.2. Patterns</h5></div></div></div><a
id="d0e7657" class="indexterm"/><div class="para">
+ </div></li></ul></div><div
class="important"><h2>Important</h2><div
class="para">
+ The <code class="option">KNOWN</code>, <code
class="option">UNKNOWN</code>, and <code
class="option">PARANOID</code> wildcards should be used with care,
because they rely on functioning DNS server for correct operation. Any disruption to name
resolution may prevent legitimate users from gaining access to a service.
+ </div></div></div><div class="section"
lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Formatting_Access_Rules-Patterns">2.5.2.1.2. Patterns</h5></div></div></div><a
id="d0e7657" class="indexterm"/><div class="para">
Patterns can be used in the client field of access rules to more precisely specify
groups of client hosts.
</div><div class="para">
The following is a list of common patterns for entries in the client field:
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html 22 Dec 2008 19:28:44
-0000 1.1
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html 24 Dec 2008 01:24:53
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP
Wrappers and xinetd"/><link rel="prev"
href="sect-Security_Guide-Option_Fields-Expansions.html"
title="2.5.2.2.4. Expansions"/><link rel="next"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"
title="2.5.4. xinetd Configuration Files"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p>
<ul class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">2.5.3. xinetd</h3></div></div></div><a
id="d0e8185" class="indexterm"/><a id="d0e8191"
class="indexterm"/><a id="d0e8197"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP
Wrappers and xinetd"/><link rel="prev"
href="sect-Security_Guide-Option_Fields-Expansions.html"
title="2.5.2.2.4. Expansions"/><link rel="next"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"
title="2.5.4. xinetd Configuration Files"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p>
<ul class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">2.5.3. xinetd</h3></div></div></div><a
id="d0e8185" class="indexterm"/><a id="d0e8191"
class="indexterm"/><a id="d0e8197"
class="indexterm"/><div class="para">
The <code class="systemitem">xinetd</code> daemon is a
TCP-wrapped <em class="firstterm">super service</em> which controls
access to a subset of popular network services, including FTP, IMAP, and Telnet. It also
provides service-specific configuration options for access control, enhanced logging,
binding, redirection, and resource utilization control.
</div><div class="para">
When a client attempts to connect to a network service controlled by <code
class="systemitem">xinetd</code>, the super service receives the
request and checks for any TCP Wrappers access control rules.
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html 22 Dec
2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html 24 Dec
2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Configuration Files</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP
Wrappers and xinetd"/><link rel="prev"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"
title="2.5.3. xinetd"/><link rel="next"
href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"
title="2.5.4.2. The /etc/xinetd.d/ Directory"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">2.5.4. xinetd
Configuration Files</h3></div></div></div><a
id="d0e8232" class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Configuration Files</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP
Wrappers and xinetd"/><link rel="prev"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"
title="2.5.3. xinetd"/><link rel="next"
href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"
title="2.5.4.2. The /etc/xinetd.d/ Directory"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">2.5.4. xinetd
Configuration Files</h3></div></div></div><a
id="d0e8232" class="indexterm"/><div class="para">
The configuration files for <code
class="systemitem">xinetd</code> are as follows:
</div><div class="itemizedlist"><ul><li><div
class="para">
<code class="filename">/etc/xinetd.conf</code> — The global
<code class="systemitem">xinetd</code> configuration file.
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-TCP_Wrappers_and_xinetd.html 22 Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd.html 24 Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Wrappers and xinetd</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"
title="2.4.8.2. Useful PAM Websites"/><link rel="next"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"
title="2.5.2. TCP Wrappers Configuration
Files"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/image
s/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-TCP_Wrappers_and_xinetd">2.5. TCP Wrappers and
xinetd</h2></div></div></div><a id="d0e7147"
class="indexterm"/><a id="d0e7152"
class="indexterm"/><a id="d0e7158"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Wrappers and xinetd</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"
title="2.4.8.2. Useful PAM Websites"/><link rel="next"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"
title="2.5.2. TCP Wrappers Configuration
Files"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/image
s/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-TCP_Wrappers_and_xinetd">2.5. TCP Wrappers and
xinetd</h2></div></div></div><a id="d0e7147"
class="indexterm"/><a id="d0e7152"
class="indexterm"/><a id="d0e7158"
class="indexterm"/><div class="para">
Controlling access to network services is one of the most important security tasks
facing a server administrator. Fedora provides several tools for this purpose. For
example, an <code class="command">iptables</code>-based firewall
filters out unwelcome network packets within the kernel's network stack. For network
services that utilize it, <em class="firstterm">TCP Wrappers</em>
add an additional layer of protection by defining which hosts are or are not allowed to
connect to "<span
class="emphasis"><em>wrapped</em></span>" network
services. One such wrapped network service is the <code
class="systemitem">xinetd</code> <span
class="emphasis"><em>super server</em></span>. This service
is called a super server because it controls connections to a subset of network services
and further refines access control.
</div><div class="para">
<a class="xref"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services"
title="Figure 2.9. Access Control to Network Services">Figure 2.9, “Access
Control to Network Services”</a> is a basic illustration of how these tools work
together to protect network services.
Index: sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html 22 Dec
2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html 24 Dec
2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Administration</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"
title="1.3.3. Threats to Server Security"/><link rel="prev"
href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"
title="1.3.3.2. Unpatched Services"/><link rel="next"
href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"
title="1.3.3.4. Inherently Insecure Services"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedora
project.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.3.3.3. Inattentive
Administration</h4></div></div></div><a id="d0e1122"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Administration</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"
title="1.3.3. Threats to Server Security"/><link rel="prev"
href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"
title="1.3.3.2. Unpatched Services"/><link rel="next"
href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"
title="1.3.3.4. Inherently Insecure Services"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedora
project.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.3.3.3. Inattentive
Administration</h4></div></div></div><a id="d0e1122"
class="indexterm"/><div class="para">
Administrators who fail to patch their systems are one of the greatest threats to
server security. According to the <em class="firstterm">System
Administration Network and Security Institute</em> (<em
class="firstterm">SANS</em>), the primary cause of computer security
vulnerability is to "assign untrained people to maintain security and provide neither
the training nor the time to make it possible to do the job."<sup>[<a
id="d0e1137" href="#ftn.d0e1137"
class="footnote">4</a>]</sup> This applies as much to
inexperienced administrators as it does to overconfident or amotivated administrators.
</div><div class="para">
Some administrators fail to patch their servers and workstations, while others fail
to watch log messages from the system kernel or network traffic. Another common error is
when default passwords or keys to services are left unchanged. For example, some databases
have default administration passwords because the database developers assume that the
system administrator changes these passwords immediately after installation. If a database
administrator fails to change this password, even an inexperienced cracker can use a
widely-known default password to gain administrative privileges to the database. These are
only a few examples of how inattentive administration can lead to compromised servers.
Index: sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html 22
Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Insecure Services</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"
title="1.3.3. Threats to Server Security"/><link rel="prev"
href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"
title="1.3.3.3. Inattentive Administration"/><link rel="next"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"
title="1.3.4. Threats to Workstation and Home PC
Security"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product Sit
e"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.3.3.4. Inherently
Insecure Services</h4></div></div></div><a
id="d0e1149" class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Insecure Services</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"
title="1.3.3. Threats to Server Security"/><link rel="prev"
href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"
title="1.3.3.3. Inattentive Administration"/><link rel="next"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"
title="1.3.4. Threats to Workstation and Home PC
Security"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product Sit
e"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.3.3.4. Inherently
Insecure Services</h4></div></div></div><a
id="d0e1149" class="indexterm"/><div class="para">
Even the most vigilant organization can fall victim to vulnerabilities if the network
services they choose are inherently insecure. For instance, there are many services
developed under the assumption that they are used over trusted networks; however, this
assumption fails as soon as the service becomes available over the Internet — which is
itself inherently untrusted.
</div><div class="para">
One category of insecure network services are those that require unencrypted
usernames and passwords for authentication. Telnet and FTP are two such services. If
packet sniffing software is monitoring traffic between the remote user and such a service
usernames and passwords can be easily intercepted.
Index: sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html 24 Dec 2008
01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Services</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"
title="1.3.3. Threats to Server Security"/><link rel="prev"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"
title="1.3.3. Threats to Server Security"/><link rel="next"
href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"
title="1.3.3.3. Inattentive Administration"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.f
edoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.3.3.2. Unpatched
Services</h4></div></div></div><a id="d0e1098"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Services</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"
title="1.3.3. Threats to Server Security"/><link rel="prev"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"
title="1.3.3. Threats to Server Security"/><link rel="next"
href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"
title="1.3.3.3. Inattentive Administration"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.f
edoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.3.3.2. Unpatched
Services</h4></div></div></div><a id="d0e1098"
class="indexterm"/><div class="para">
Most server applications that are included in a default installation are solid,
thoroughly tested pieces of software. Having been in use in production environments for
many years, their code has been thoroughly refined and many of the bugs have been found
and fixed.
</div><div class="para">
However, there is no such thing as perfect software and there is always room for
further refinement. Moreover, newer software is often not as rigorously tested as one
might expect, because of its recent arrival to production environments or because it may
not be as popular as other server software.
Index:
sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Client Applications</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"
title="1.3.4. Threats to Workstation and Home PC Security"/><link
rel="prev"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"
title="1.3.4. Threats to Workstation and Home PC Security"/><link
rel="next" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"
title="1.4. Common Exploits and Attacks"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Prod
uct Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.3.4.2. Vulnerable
Client Applications</h4></div></div></div><a
id="d0e1194" class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Client Applications</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"
title="1.3.4. Threats to Workstation and Home PC Security"/><link
rel="prev"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"
title="1.3.4. Threats to Workstation and Home PC Security"/><link
rel="next" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"
title="1.4. Common Exploits and Attacks"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Prod
uct Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.3.4.2. Vulnerable
Client Applications</h4></div></div></div><a
id="d0e1194" class="indexterm"/><div class="para">
Although an administrator may have a fully secure and patched server, that does not
mean remote users are secure when accessing it. For instance, if the server offers Telnet
or FTP services over a public network, an attacker can capture the plain text usernames
and passwords as they pass over the network, and then use the account information to
access the remote user's workstation.
</div><div class="para">
Even when using secure protocols, such as SSH, a remote user may be vulnerable to
certain attacks if they do not keep their client applications updated. For instance, v.1
SSH clients are vulnerable to an X-forwarding attack from malicious SSH servers. Once
connected to the server, the attacker can quietly capture any keystrokes and mouse clicks
made by the client over the network. This problem was fixed in the v.2 SSH protocol, but
it is up to the user to keep track of what applications have such vulnerabilities and
update them as necessary.
Index: sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html 22 Dec 2008 19:28:44
-0000 1.1
+++ sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html 24 Dec 2008 01:24:53
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Firewall Policies</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Using_IPTables.html"
title="2.8.3. Using IPTables"/><link rel="prev"
href="sect-Security_Guide-Firewalls-Using_IPTables.html"
title="2.8.3. Using IPTables"/><link rel="next"
href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"
title="2.8.3.3. Saving and Restoring IPTables
Rules"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies">2.8.3.2. Basic
Firewall Policies</h4></div></div></div><a
id="d0e13289" class="indexterm"/><a id="d0e13294"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Firewall Policies</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Using_IPTables.html"
title="2.8.3. Using IPTables"/><link rel="prev"
href="sect-Security_Guide-Firewalls-Using_IPTables.html"
title="2.8.3. Using IPTables"/><link rel="next"
href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"
title="2.8.3.3. Saving and Restoring IPTables
Rules"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies">2.8.3.2. Basic
Firewall Policies</h4></div></div></div><a
id="d0e13289" class="indexterm"/><a id="d0e13294"
class="indexterm"/><div class="para">
Establishing basic firewall policies creates a foundation for building more detailed,
user-defined rules.
</div><div class="para">
Each <code class="command">iptables</code> chain is comprised
of a default policy, and zero or more rules which work in concert with the default policy
to define the overall ruleset for the firewall.
Index: sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html 22 Dec
2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html 24 Dec
2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Restoring IPTables Rules</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Using_IPTables.html"
title="2.8.3. Using IPTables"/><link rel="prev"
href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"
title="2.8.3.2. Basic Firewall Policies"/><link rel="next"
href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"
title="2.8.4. Common IPTables Filtering"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules">2.8.3.3. Saving
and Restoring IPTables Rules</h4></div></div></div><a
id="d0e13325" class="indexterm"/><a id="d0e13331"
class="indexterm"/><a id="d0e13339"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Restoring IPTables Rules</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Firewalls-Using_IPTables.html"
title="2.8.3. Using IPTables"/><link rel="prev"
href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"
title="2.8.3.2. Basic Firewall Policies"/><link rel="next"
href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"
title="2.8.4. Common IPTables Filtering"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules">2.8.3.3. Saving
and Restoring IPTables Rules</h4></div></div></div><a
id="d0e13325" class="indexterm"/><a id="d0e13331"
class="indexterm"/><a id="d0e13339"
class="indexterm"/><div class="para">
Changes to <code class="command">iptables</code> are
transitory; if the system is rebooted or if the <code
class="command">iptables</code> service is restarted, the rules are
automatically flushed and reset. To save the rules so that they are loaded when the
<code class="command">iptables</code> service is started, use the
following command:
</div><pre class="screen">[root@myServer ~ ] # service iptables
save
</pre><div class="para">
Index:
sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html 22
Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
an IPsec Connection</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"
title="2.7.3. IPsec"/><link rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"
title="2.7.5. IPsec Installation"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="D
ocumentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">2.7.4. Creating
an <abbr class="abbrev">IPsec</abbr>
Connection</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
an IPsec Connection</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"
title="2.7.3. IPsec"/><link rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"
title="2.7.5. IPsec Installation"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="D
ocumentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">2.7.4. Creating
an <abbr class="abbrev">IPsec</abbr>
Connection</h3></div></div></div><div
class="para">
An <abbr class="abbrev">IPsec</abbr> connection is split into
two logical phases. In phase 1, an <abbr class="abbrev">IPsec</abbr>
node initializes the connection with the remote node or network. The remote node or
network checks the requesting node's credentials and both parties negotiate the
authentication method for the connection.
</div><div class="para">
On Fedora systems, an <abbr class="abbrev">IPsec</abbr>
connection uses the <em class="firstterm">pre-shared key</em> method
of <abbr class="abbrev">IPsec</abbr> node authentication. In a
pre-shared key <abbr class="abbrev">IPsec</abbr> connection, both
hosts must use the same key in order to move to Phase 2 of the <abbr
class="abbrev">IPsec</abbr> connection.
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html 22 Dec 2008 19:28:44
-0000 1.1
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html 24 Dec 2008 01:24:53
-0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"
title="2.7.2. VPNs and Fedora"/><link rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"
title="2.7.4. Creating an IPsec Connection"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_ri
ght.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">2.7.3. IPsec</h3></div></div></div><a
id="d0e11051" class="indexterm"/><a id="d0e11056"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
rel="stylesheet" href="./Common_Content/css/default.css"
type="text/css"/><meta name="generator"
content="publican"/><meta name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"
title="2.7.2. VPNs and Fedora"/><link rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"
title="2.7.4. Creating an IPsec Connection"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_ri
ght.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">2.7.3. IPsec</h3></div></div></div><a
id="d0e11051" class="indexterm"/><a id="d0e11056"
class="indexterm"/><div class="para">
Fedora supports <abbr class="abbrev">IPsec</abbr> for connecting
remote hosts and networks to each other using a secure tunnel on a common carrier network
such as the Internet. <abbr class="abbrev">IPsec</abbr> can be
implemented using a host-to-host (one computer workstation to another) or
network-to-network (one <acronym
class="acronym">LAN</acronym>/<acronym
class="acronym">WAN</acronym> to another) configuration.
</div><div class="para">
The <abbr class="abbrev">IPsec</abbr> implementation in Fedora
uses <em class="firstterm">Internet Key Exchange</em> (<em
class="firstterm">IKE</em>), a protocol implemented by the Internet
Engineering Task Force (<acronym class="acronym">IETF</acronym>),
used for mutual authentication and secure associations between connecting systems.
Index:
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Host-to-Host Configuration</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"
title="2.7.5. IPsec Installation"/><link rel="next"
href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"
title="2.7.6.2. Manual IPsec Host-to-Host
Configuration"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://do
cs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">2.7.6. IPsec
Host-to-Host Configuration</h3></div></div></div><a
id="d0e11251" class="indexterm"/><a id="d0e11258"
class="indexterm"/><a id="d0e11265"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Host-to-Host Configuration</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"
title="2.7.5. IPsec Installation"/><link rel="next"
href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"
title="2.7.6.2. Manual IPsec Host-to-Host
Configuration"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://do
cs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">2.7.6. IPsec
Host-to-Host Configuration</h3></div></div></div><a
id="d0e11251" class="indexterm"/><a id="d0e11258"
class="indexterm"/><a id="d0e11265"
class="indexterm"/><div class="para">
IPsec can be configured to connect one desktop or workstation (host) to another using
a host-to-host connection. This type of connection uses the network to which each host is
connected to create a secure tunnel between each host. The requirements of a host-to-host
connection are minimal, as is the configuration of <abbr
class="abbrev">IPsec</abbr> on each host. The hosts need only a
dedicated connection to a carrier network (such as the Internet) and Fedora to create the
<abbr class="abbrev">IPsec</abbr> connection.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection">2.7.6.1. Host-to-Host
Connection</h4></div></div></div><a id="d0e11281"
class="indexterm"/><a id="d0e11286"
class="indexterm"/><div class="para">
A host-to-host <abbr class="abbrev">IPsec</abbr> connection is
an encrypted connection between two systems, both running <abbr
class="abbrev">IPsec</abbr> with the same authentication key. With the
<abbr class="abbrev">IPsec</abbr> connection active, any network
traffic between the two hosts is encrypted.
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html 24 Dec 2008
01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Installation</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"
title="2.7.4. Creating an IPsec Connection"/><link rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"
title="2.7.6. IPsec Host-to-Host
Configuration"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedoraproj
ect.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">2.7.5. IPsec
Installation</h3></div></div></div><a id="d0e11157"
class="indexterm"/><a id="d0e11164"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Installation</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"
title="2.7.4. Creating an IPsec Connection"/><link rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"
title="2.7.6. IPsec Host-to-Host
Configuration"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedoraproj
ect.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">2.7.5. IPsec
Installation</h3></div></div></div><a id="d0e11157"
class="indexterm"/><a id="d0e11164"
class="indexterm"/><div class="para">
Implementing <abbr class="abbrev">IPsec</abbr> requires that the
<code class="filename">ipsec-tools</code> RPM package be installed
on all <abbr class="abbrev">IPsec</abbr> hosts (if using a
host-to-host configuration) or routers (if using a network-to-network configuration). The
RPM package contains essential libraries, daemons, and configuration files for setting up
the <abbr class="abbrev">IPsec</abbr> connection, including:
</div><div class="itemizedlist"><ul><li><div
class="para">
<code class="command">/sbin/setkey</code> — manipulates the
key management and security attributes of <abbr
class="abbrev">IPsec</abbr> in the kernel. This executable is
controlled by the <code class="command">racoon</code> key management
daemon. Refer to the <code class="command">setkey</code>(8) man page
for more information.
Index:
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Network-to-Network Configuration</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"
title="2.7.6.2. Manual IPsec Host-to-Host Configuration"/><link
rel="next"
href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"
title="2.7.7.2. Manual IPsec Network-to-Network
Configuration"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/i
mage_left.png" alt="Product Site"/></a><a
class="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">2.7.7. IPsec
Network-to-Network Configuration</h3></div></div></div><a
id="d0e11898" class="indexterm"/><a id="d0e11905"
class="indexterm"/><a id="d0e11910"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Network-to-Network Configuration</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"
title="2.7.6.2. Manual IPsec Host-to-Host Configuration"/><link
rel="next"
href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"
title="2.7.7.2. Manual IPsec Network-to-Network
Configuration"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/i
mage_left.png" alt="Product Site"/></a><a
class="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">2.7.7. IPsec
Network-to-Network Configuration</h3></div></div></div><a
id="d0e11898" class="indexterm"/><a id="d0e11905"
class="indexterm"/><a id="d0e11910"
class="indexterm"/><div class="para">
IPsec can also be configured to connect an entire network (such as a <acronym
class="acronym">LAN</acronym> or <acronym
class="acronym">WAN</acronym>) to a remote network using a
network-to-network connection. A network-to-network connection requires the setup of
<abbr class="abbrev">IPsec</abbr> routers on each side of the
connecting networks to transparently process and route information from one node on a
<acronym class="acronym">LAN</acronym> to a node on a remote
<acronym class="acronym">LAN</acronym>. <a class="xref"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html#figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection"
title="Figure 2.11. A network-to-network IPsec tunneled
connection">Figure 2.11, “A network-to-network IPsec tunneled
connection”</a> shows a network-to-network <abbr
class="abbrev">IPsec</abbr> tunneled connection.
</div><div class="figure"
id="figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection"><div
class="figure-contents"><div class="mediaobject"><img
src="images/n-t-n-ipsec-diagram.png" alt="A network-to-network IPsec
tunneled connection"/><div class="longdesc"><div
class="para">
A network-to-network <abbr class="abbrev">IPsec</abbr>
tunneled connection
Index:
sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Stopping an IPsec Connection</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"
title="2.7.7.2. Manual IPsec Network-to-Network Configuration"/><link
rel="next" href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><
img src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">2.7.8. Starting
and Stopping an <abbr class="abbrev">IPsec</abbr>
Connection</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
and Stopping an IPsec Connection</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"
title="2.7.7.2. Manual IPsec Network-to-Network Configuration"/><link
rel="next" href="sect-Security_Guide-Firewalls.html"
title="2.8. Firewalls"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><
img src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Firewalls.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">2.7.8. Starting
and Stopping an <abbr class="abbrev">IPsec</abbr>
Connection</h3></div></div></div><div
class="para">
If the <abbr class="abbrev">IPsec</abbr> connection was not
configured to activate on boot, you can control it from the command line.
</div><div class="para">
To start the connection, use the following command on each host for host-to-host
IPsec, or each <abbr class="abbrev">IPsec</abbr> router for
network-to-network IPsec:
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html 24 Dec 2008
01:24:53 -0000 1.2
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... and
Fedora</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"
title="2.7.3. IPsec"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/><
/a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">2.7.2. VPNs
and Fedora</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g... and
Fedora</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"
title="2.7. Virtual Private Networks (VPNs)"/><link rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"
title="2.7.3. IPsec"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/><
/a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">2.7.2. VPNs
and Fedora</h3></div></div></div><div
class="para">
Fedora provides various options in terms of implementing a software solution to
securely connect to a <acronym class="acronym">WAN</acronym>. <em
class="firstterm">Internet Protocol Security</em> (<acronym
class="acronym">IPsec</acronym>) is the supported <abbr
class="abbrev">VPN</abbr> implementation for Fedora, and sufficiently
addresses the usability needs of organizations with branch offices or remote users.
</div></div><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Prev</strong>2.7. Virtual
Private Networks (VPNs)</a></li><li class="up"><a
accesskey="u"
href="#"><strong>Up</strong></a></li><li
class="home"><a accesskey="h"
href="index.html"><strong>Home</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Next</strong>2.7.3. IPsec</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Virtual_Private_Networks_VPNs.html 22 Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs.html 24 Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Private Networks (VPNs)</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"
title="2.6.10.2. Useful Kerberos Websites"/><link rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"
title="2.7.2. VPNs and Fedora"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_rig
ht.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs">2.7. Virtual Private
Networks (VPNs)</h2></div></div></div><a
id="d0e10932" class="indexterm"/><a id="d0e10935"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Private Networks (VPNs)</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Securing_Your_Network.html"
title="Chapter 2. Securing Your Network"/><link rel="prev"
href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"
title="2.6.10.2. Useful Kerberos Websites"/><link rel="next"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"
title="2.7.2. VPNs and Fedora"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_rig
ht.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a
accesskey="p"
href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Virtual_Private_Networks_VPNs">2.7. Virtual Private
Networks (VPNs)</h2></div></div></div><a
id="d0e10932" class="indexterm"/><a id="d0e10935"
class="indexterm"/><div class="para">
Organizations with several satellite offices often connect to each other with dedicated
lines for efficiency and protection of sensitive data in transit. For example, many
businesses use frame relay or <em class="firstterm">Asynchronous Transfer
Mode</em> (<acronym class="acronym">ATM</acronym>) lines as an
end-to-end networking solution to link one office with others. This can be an expensive
proposition, especially for small to medium sized businesses (<acronym
class="acronym">SMB</acronym>s) that want to expand without paying the
high costs associated with enterprise-level, dedicated digital circuits.
</div><div class="para">
To address this need, <em class="firstterm">Virtual Private
Networks</em> (<abbr class="abbrev">VPN</abbr>s) were
developed. Following the same functional principles as dedicated circuits, <abbr
class="abbrev">VPN</abbr>s allow for secured digital communication
between two parties (or networks), creating a <em class="firstterm">Wide
Area Network</em> (<acronym class="acronym">WAN</acronym>)
from existing <em class="firstterm">Local Area Networks</em>
(<acronym class="acronym">LAN</acronym>s). Where it differs from
frame relay or ATM is in its transport medium. <abbr
class="abbrev">VPN</abbr>s transmit over IP using datagrams as the
transport layer, making it a secure conduit through the Internet to an intended
destination. Most free software <abbr class="abbrev">VPN</abbr>
implementations incorporate open standard encryption methods to further mask data in
transit.
Index: sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html 22
Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Assessment and Testing</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Vulnerability_Assessment.html"
title="1.2. Vulnerability Assessment"/><link rel="prev"
href="sect-Security_Guide-Vulnerability_Assessment.html"
title="1.2. Vulnerability Assessment"/><link rel="next"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"
title="1.2.3. Evaluating the Tools"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.2.2. Defining
Assessment and Testing</h3></div></div></div><a
id="d0e683" class="indexterm"/><a id="d0e690"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Assessment and Testing</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Vulnerability_Assessment.html"
title="1.2. Vulnerability Assessment"/><link rel="prev"
href="sect-Security_Guide-Vulnerability_Assessment.html"
title="1.2. Vulnerability Assessment"/><link rel="next"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"
title="1.2.3. Evaluating the Tools"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.2.2. Defining
Assessment and Testing</h3></div></div></div><a
id="d0e683" class="indexterm"/><a id="d0e690"
class="indexterm"/><div class="para">
Vulnerability assessments may be broken down into one of two types: <em
class="firstterm">Outside looking in</em> and <em
class="firstterm">inside looking around</em>.
</div><div class="para">
When performing an outside looking in vulnerability assessment, you are attempting to
compromise your systems from the outside. Being external to your company provides you with
the cracker's viewpoint. You see what a cracker sees — publicly-routable IP addresses,
systems on your <em class="firstterm">DMZ</em>, external interfaces
of your firewall, and more. DMZ stands for "demilitarized zone", which
corresponds to a computer or small subnetwork that sits between a trusted internal
network, such as a corporate private LAN, and an untrusted external network, such as the
public Internet. Typically, the DMZ contains devices accessible to Internet traffic, such
as Web (HTTP ) servers, FTP servers, SMTP (e-mail) servers and DNS servers.
Index: sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html 22 Dec 2008
19:28:44 -0000 1.1
+++ sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html 24 Dec 2008
01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
the Tools</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Vulnerability_Assessment.html"
title="1.2. Vulnerability Assessment"/><link rel="prev"
href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"
title="1.2.2. Defining Assessment and Testing"/><link rel="next"
href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"
title="1.2.3.2. Nessus"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.2.3. Evaluating
the Tools</h3></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
the Tools</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-Vulnerability_Assessment.html"
title="1.2. Vulnerability Assessment"/><link rel="prev"
href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"
title="1.2.2. Defining Assessment and Testing"/><link rel="next"
href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"
title="1.2.3.2. Nessus"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h3 class="title"
id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.2.3. Evaluating
the Tools</h3></div></div></div><div
class="para">
An assessment can start by using some form of an information gathering tool. When
assessing the entire network, map the layout first to find the hosts that are running.
Once located, examine each host individually. Focusing on these hosts requires another set
of tools. Knowing which tools to use may be the most crucial step in finding
vulnerabilities.
</div><div class="para">
Just as in any aspect of everyday life, there are many different tools that perform
the same job. This concept applies to performing vulnerability assessments as well. There
are tools specific to operating systems, applications, and even networks (based on the
protocols used). Some tools are free; others are not. Some tools are intuitive and easy to
use, while others are cryptic and poorly documented but have features that other tools do
not.
Index: sect-Security_Guide-Vulnerability_Assessment.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Vulnerability_Assessment.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-Vulnerability_Assessment.html 22 Dec 2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-Vulnerability_Assessment.html 24 Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Assessment</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Security_Overview.html"
title="Chapter 1. Security Overview"/><link rel="prev"
href="chap-Security_Guide-Security_Overview.html"
title="Chapter 1. Security Overview"/><link rel="next"
href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"
title="1.2.2. Defining Assessment and
Testing"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Docume
ntation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="chap-Security_Guide-Security_Overview.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Vulnerability_Assessment">1.2. Vulnerability
Assessment</h2></div></div></div><a id="d0e646"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
Assessment</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="chap-Security_Guide-Security_Overview.html"
title="Chapter 1. Security Overview"/><link rel="prev"
href="chap-Security_Guide-Security_Overview.html"
title="Chapter 1. Security Overview"/><link rel="next"
href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"
title="1.2.2. Defining Assessment and
Testing"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Docume
ntation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="chap-Security_Guide-Security_Overview.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h2 class="title"
id="sect-Security_Guide-Vulnerability_Assessment">1.2. Vulnerability
Assessment</h2></div></div></div><a id="d0e646"
class="indexterm"/><div class="para">
Given time, resources, and motivation, a cracker can break into nearly any system. At
the end of the day, all of the security procedures and technologies currently available
cannot guarantee that any systems are safe from intrusion. Routers help secure gateways to
the Internet. Firewalls help secure the edge of the network. Virtual Private Networks
safely pass data in an encrypted stream. Intrusion detection systems warn you of malicious
activity. However, the success of each of these technologies is dependent upon a number of
variables, including:
</div><div class="itemizedlist"><ul><li><div
class="para">
The expertise of the staff responsible for configuring, monitoring, and maintaining
the technologies.
Index:
sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
---
sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html 22
Dec 2008 19:28:44 -0000 1.1
+++
sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html 24
Dec 2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
xinetd Configuration Files</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"
title="2.5.4. xinetd Configuration Files"/><link rel="prev"
href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"
title="2.5.4.2. The /etc/xinetd.d/ Directory"/><link rel="next"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"
title="2.5.4.3.2. Access Control Options"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href=
"http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files">2.5.4.3. Altering
xinetd Configuration Files</h4></div></div></div><div
class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
xinetd Configuration Files</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"
title="2.5.4. xinetd Configuration Files"/><link rel="prev"
href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"
title="2.5.4.2. The /etc/xinetd.d/ Directory"/><link rel="next"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"
title="2.5.4.3.2. Access Control Options"/></head><body><p
id="title"><a class="left"
href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href=
"http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files">2.5.4.3. Altering
xinetd Configuration Files</h4></div></div></div><div
class="para">
A range of directives is available for services protected by <code
class="systemitem">xinetd</code>. This section highlights some of the
more commonly used options.
</div><div class="section" lang="en-US"><div
class="titlepage"><div><div><h5 class="title"
id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">2.5.4.3.1. Logging
Options</h5></div></div></div><a id="d0e8561"
class="indexterm"/><div class="para">
The following logging options are available for both <code
class="filename">/etc/xinetd.conf</code> and the service-specific
configuration files within the <code
class="filename">/etc/xinetd.d/</code> directory.
Index: sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html
===================================================================
RCS file:
/cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html 22 Dec
2008 19:28:44 -0000 1.1
+++ sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html 24 Dec
2008 01:24:53 -0000 1.2
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
/etc/xinetd.d/ Directory</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-3"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"
title="2.5.4. xinetd Configuration Files"/><link rel="prev"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"
title="2.5.4. xinetd Configuration Files"/><link rel="next"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"
title="2.5.4.3. Altering xinetd Configuration
Files"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" hre
f="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">2.5.4.2. The
/etc/xinetd.d/ Directory</h4></div></div></div><a
id="d0e8400" class="indexterm"/><a id="d0e8410"
class="indexterm"/><div class="para">
+<html
xmlns="http://www.w3.org/1999/xhtml"><head><title&g...
/etc/xinetd.d/ Directory</title><link rel="stylesheet"
href="./Common_Content/css/default.css" type="text/css"/><meta
name="generator" content="publican"/><meta
name="package"
content="fedora-Linux_Security_Guide-10-en-US-1.0-4"/><link
rel="home" href="index.html" title="Linux Security
Guide"/><link rel="up"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"
title="2.5.4. xinetd Configuration Files"/><link rel="prev"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"
title="2.5.4. xinetd Configuration Files"/><link rel="next"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"
title="2.5.4.3. Altering xinetd Configuration
Files"/></head><body><p id="title"><a
class="left" href="http://www.fedoraproject.org"><img
src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" hre
f="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p"
href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n"
href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div
class="section" lang="en-US"><div
class="titlepage"><div><div><h4 class="title"
id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">2.5.4.2. The
/etc/xinetd.d/ Directory</h4></div></div></div><a
id="d0e8400" class="indexterm"/><a id="d0e8410"
class="indexterm"/><div class="para">
The <code class="filename">/etc/xinetd.d/</code> directory
contains the configuration files for each service managed by <code
class="systemitem">xinetd</code> and the names of the files correlate
to the service. As with <code class="filename">xinetd.conf</code>,
this directory is read only when the <code
class="systemitem">xinetd</code> service is started. For any changes to
take effect, the administrator must restart the <code
class="systemitem">xinetd</code> service.
</div><div class="para">
The format of files in the <code
class="filename">/etc/xinetd.d/</code> directory use the same
conventions as <code class="filename">/etc/xinetd.conf</code>. The
primary reason the configuration for each service is stored in a separate file is to make
customization easier and less likely to affect other services.