neysx 05/06/01 15:43:47
Modified: xml/htdocs/doc/en diskless-howto.xml gentoo-security.xml
metadoc.xml
Log:
#71211 gentoo-security.xml is now a handbook thanks to curtis119.
Revision Changes Path
1.17 +8 -7 xml/htdocs/doc/en/diskless-howto.xml
file :
http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/diskless-howto.xml?rev=1.17&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain:
http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/diskless-howto.xml?rev=1.17&content-type=text/plain&cvsroot=gentoo
diff :
http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/diskless-howto.xml.diff?r1=1.16&r2=1.17&cvsroot=gentoo
Index: diskless-howto.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/diskless-howto.xml,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- diskless-howto.xml 23 May 2005 15:46:16 -0000 1.16
+++ diskless-howto.xml 1 Jun 2005 15:43:47 -0000 1.17
@@ -1,5 +1,5 @@
<?xml version='1.0' encoding="UTF-8"?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/diskless-howto.xml,v 1.16
2005/05/23 15:46:16 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/diskless-howto.xml,v 1.17
2005/06/01 15:43:47 neysx Exp $ -->
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
<guide link="/doc/en/diskless-howto.xml">
@@ -25,8 +25,8 @@
<license/>
-<version>1.12</version>
-<date>2005-05-23</date>
+<version>1.13</version>
+<date>2005-06-01</date>
<chapter>
<title>Introduction</title>
@@ -171,10 +171,11 @@
</pre>
<p>
-If you want to use packet filtering, you can add the rest as modules later.
-Make sure to read the <uri
-link="http://www.gentoo.org/doc/en/gentoo-security.xml#doc_chap12";>Gentoo
-security guide Chapter 12 Firewall</uri> on how to set this up properly.
+If you want to use packet filtering, you can add the rest as modules later.
+Make sure to read the <uri
+link="/doc/en/security/security-handbook.xml?part=1&chap=12">Gentoo
+Security Handbook Chapter about Firewalls</uri> on how to set this up
+properly.
</p>
<note>
1.82 +10 -3937 xml/htdocs/doc/en/gentoo-security.xml
file :
http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/gentoo-security.xml?rev=1.82&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain:
http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/gentoo-security.xml?rev=1.82&content-type=text/plain&cvsroot=gentoo
diff :
http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/gentoo-security.xml.diff?r1=1.81&r2=1.82&cvsroot=gentoo
Index: gentoo-security.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/gentoo-security.xml,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- gentoo-security.xml 23 May 2005 19:34:03 -0000 1.81
+++ gentoo-security.xml 1 Jun 2005 15:43:47 -0000 1.82
@@ -1,3955 +1,28 @@
<?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/gentoo-security.xml,v 1.81
2005/05/23 19:34:03 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/gentoo-security.xml,v 1.82
2005/06/01 15:43:47 neysx Exp $ -->
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<guide link = "/doc/en/gentoo-security.xml">
-<title>Gentoo Linux Security Guide</title>
+<guide link="/doc/en/gentoo-security.xml">
+<title>Obsolete Gentoo Linux Security Guide</title>
<author title="Author">
- <mail link="[EMAIL PROTECTED]">Kim Nielsen</mail>
-</author>
-<author title="Editor"><!-- [EMAIL PROTECTED] -->
- John P. Davis
-</author>
-<author title="Editor">
- <mail link="[EMAIL PROTECTED]">Eric R. Stockbridge</mail>
-</author>
-<author title="Editor">
- <mail link="[EMAIL PROTECTED]">Carl Anderson</mail>
-</author>
-<author title="Editor">
- <mail link="[EMAIL PROTECTED]">Jorge Paulo</mail>
-</author>
-<author title="Editor">
- <mail link="[EMAIL PROTECTED]">Sven Vermeulen</mail>
-</author>
-<author title="Editor">
- <mail link="[EMAIL PROTECTED]">Benny Chuang</mail>
-</author>
-<author title="Editor">
- <mail link="[EMAIL PROTECTED]">Sune Jeppesen</mail>
-</author>
-<author title="Editor">
- <mail link="[EMAIL PROTECTED]">Tiemo Kieft</mail>
-</author>
-<author title="Editor">
- <mail link="[EMAIL PROTECTED]">Zack Gilburd</mail>
-</author>
-<author title="Editor">
- <mail link="[EMAIL PROTECTED]">Dan Margolis</mail>
+ <mail link="[EMAIL PROTECTED]">Xavier Neys</mail>
</author>
<abstract>
-This is a step-by-step guide for hardening Gentoo Linux.
+This was a step-by-step guide for hardening Gentoo Linux.
</abstract>
-<license/>
-
-<version>0.4.48</version>
-<date>2005-05-23</date>
-
-<chapter>
-<title>Introduction</title>
-<section>
-<body>
-
-<p>
-This guide is intended for people who are using Gentoo Linux in a server based
-environment or just feel the need for better security.
-</p>
-
-<note>
-If you are interested in even more Gentoo security stuff after reading this
-guide then have a look at the <uri
-link="http://www.gentoo.org/proj/en/hardened/";>Hardened Gentoo Project</uri>
-</note>
-
-</body>
-</section>
-
-<!--
-<section>
-<title>Enhancements for future releases of this Guide:</title>
-<body>
-
-<p>
-In version 0.6 (Backup)
-</p>
-<ul>
-<li>Arpwatch</li>
-<li>Full system backup using Systemimager</li>
-<li>Partial backup using tar</li>
-<li>Backing up postgres</li>
-</ul>
-
-
-<p>
-In version 0.8 (Penetration testing)
-</p>
-<ul>
-<li>Remote audits</li>
-<li>Network audits</li>
-<li>Host audits</li>
-<li>Software audits</li>
-</ul>
-
-<p>
-In version 1.0 (After a compromise)
-</p>
-<ul>
-<li>How to report an incident</li>
-<li>Forensics analysis</li>
-<li>Creating an image of the system without destroying evidence (Using dd)</li>
-<li>Trap and trace (Using tcpdump)</li>
-<li>.. More to come ..</li>
-<li>Restoring system</li>
-</ul>
-
-<note>
-Please note that each version concentrates on one subject at a time. This is
for
-quality assurance purposes.
-</note>
-
-</body>
-</section>
--->
-</chapter>
-
-<chapter>
-<title>Pre-Installation Concerns</title>
-<section>
-<title>Physical Security</title>
-<body>
-
-<p>
-No matter how many safeguards you implement, they can all be easily
circumvented
-by an attacker with physical access to your computer. Despite this, there are
-at least some measures that can be taken to provide a degree of security
against
-an attacker with physical access to your machine. Putting your hardware in a
-locked closet prevents an attacker from simply unplugging it and carting it
-off. Locking your computer's case is also a good idea, to make sure that an
-attacker cannot simply walk away with your hard drive. To prevent an attacker
-from booting from another disk, nicely circumventing your permissions and login
-restrictions, try setting the hard drive as the first boot device in your BIOS,
-and setting a BIOS password. It is also important to set a LILO or GRUB boot
-password, to prevent a malicious user from booting into single-user mode and
-gaining complete access to your system. This is covered in more detail in
-Chapter 3, under <uri link="#passwording_GRUB">Setting a GRUB password</uri>
-and <uri link="#passwording_LILO">Setting a LILO password</uri>.
-</p>
-
-</body>
-</section>
-<section>
-<title>Daemon/Service Planning</title>
-<body>
-<p>
-Start by documenting what services this machine should run. This will help you
-compose a better partition scheme for your system, and allow you to better plan
-your security measures. Of course, this is unnecessary if the machine serves a
-single simple purpose, such as a desktop, or a dedicated firewall. In those
-cases, you should not be running <e>any</e> services, except perhaps sshd.
-</p>
-<p>
-This list can also be used to aid system administration. By keeping a current
-list of version information, you will find it much easier to keep everything up
-to date if a remote vulnerability is discovered in one of your daemons.
-</p>
-
-</body>
-</section>
-<section>
-<title>Partitioning Schemes</title>
-<body>
-
-<p>
-Partitioning rules:
-</p>
-
-<ul>
-<li>
- Any directory tree a user should be able to write to (e.g.
<path>/home</path>,
- <path>/tmp</path>) should be on a separate partition and use disk quotas.
This
- reduces the risk of a user filling up your whole filesystem. Portage
- uses <path>/var/tmp</path> to compile files, so that partition should be
large.
-</li>
-<li>
- Any directory tree where you plan to install non-distribution software on
should
- be on a separate partition. According to the <uri link =
- "http://www.pathname.com/fhs/";>File Hierarchy Standard</uri>, this
- is <path>/opt</path> or <path>/usr/local</path>. If these are separate
- partitions, they will not be erased if you have to reinstall the system.
-</li>
-<li>
- For extra security, static data can be put on a separate partition that is
- mounted read-only. For the truly paranoid, try using read-only media like
- CD-ROM.
<<Truncated>>
1.62 +20 -7 xml/htdocs/doc/en/metadoc.xml
file :
http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/metadoc.xml?rev=1.62&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain:
http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/metadoc.xml?rev=1.62&content-type=text/plain&cvsroot=gentoo
diff :
http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/metadoc.xml.diff?r1=1.61&r2=1.62&cvsroot=gentoo
Index: metadoc.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- metadoc.xml 2 May 2005 16:47:29 -0000 1.61
+++ metadoc.xml 1 Jun 2005 15:43:47 -0000 1.62
@@ -1,9 +1,9 @@
<?xml version='1.0' encoding="UTF-8"?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.61
2005/05/02 16:47:29 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.62
2005/06/01 15:43:47 neysx Exp $ -->
<!DOCTYPE metadoc SYSTEM "/dtd/metadoc.dtd">
<metadoc lang="en">
-<version>1.4</version>
+<version>1.5</version>
<members>
<lead>swift</lead>
<lead>neysx</lead>
@@ -307,6 +307,22 @@
<file id="grub-error-guide">/doc/en/grub-error-guide.xml</file>
<file id="usb-guide">/doc/en/usb-guide.xml</file>
<file id="fluxbox-config">/doc/en/fluxbox-config.xml</file>
+ <file id="security-handbook-index">/doc/en/security/index.xml</file>
+ <file id="security-handbook">/doc/en/security/security-handbook.xml</file>
+ <file id="shb-chroot">/doc/en/security/shb-chroot.xml</file>
+ <file id="shb-firewalls">/doc/en/security/shb-firewalls.xml</file>
+ <file id="shb-intrusion">/doc/en/security/shb-intrusion.xml</file>
+ <file id="shb-kernel">/doc/en/security/shb-kernel.xml</file>
+ <file id="shb-limits">/doc/en/security/shb-limits.xml</file>
+ <file id="shb-logging">/doc/en/security/shb-logging.xml</file>
+ <file id="shb-mounting">/doc/en/security/shb-mounting.xml</file>
+ <file id="shb-pam">/doc/en/security/shb-pam.xml</file>
+ <file id="shb-perms">/doc/en/security/shb-perms.xml</file>
+ <file id="shb-pre">/doc/en/security/shb-pre.xml</file>
+ <file id="shb-tcp">/doc/en/security/shb-tcp.xml</file>
+ <file id="shb-services">/doc/en/security/shb-services.xml</file>
+ <file id="shb-tight">/doc/en/security/shb-tight.xml</file>
+ <file id="shb-uptodate">/doc/en/security/shb-uptodate.xml</file>
</files>
<docs>
<doc id="name-logo">
@@ -432,12 +448,9 @@
<memberof>gentoo_choices</memberof>
<fileid>gentoo-kernel</fileid>
</doc>
- <doc id="gentoo-security">
+ <doc id="security-handbook-index">
<memberof>sysadmin_general</memberof>
- <fileid>gentoo-security</fileid>
- <bugs>
- <bug>71211</bug>
- </bugs>
+ <fileid>security-handbook-index</fileid>
</doc>
<doc id="prelink-howto">
<memberof>sysadmin_general</memberof>
--
[email protected] mailing list
