------------------------------------------------------------ revno: 3652 committer: Jim Campbell <[EMAIL PROTECTED]> branch nick: ubuntu-hardy timestamp: Wed 2008-01-23 18:30:59 -0600 message: update from several other contributors modified: generic/server/C/security.xml ubuntu/config-desktop/C/config-desktop.xml ubuntu/desktop-effects/C/desktop-effects.xml ubuntu/hardware/C/hardware.xml ubuntu/libs/gnome-menus-C.ent ------------------------------------------------------------ revno: 3651.1.3 committer: Adam Sommer <[EMAIL PROTECTED]> branch nick: ubuntu-hardy timestamp: Mon 2008-01-21 12:38:35 -0500 message: Patch by Gilbert Mendoza. modified: generic/server/C/security.xml ------------------------------------------------------------ revno: 3651.3.2 committer: Gilbert Mendoza <[EMAIL PROTECTED]> branch nick: ubuntu-hardy timestamp: Sun 2008-01-20 21:00:30 -0800 message: Updated new sections with a status of review modified: generic/server/C/security.xml ------------------------------------------------------------ revno: 3651.3.1 committer: Gilbert Mendoza <[EMAIL PROTECTED]> branch nick: ubuntu-hardy timestamp: Sun 2008-01-20 20:54:49 -0800 message: Added Console Security section, and corrected minor typo modified: generic/server/C/security.xml ------------------------------------------------------------ revno: 3651.1.2 committer: Adam Sommer <[EMAIL PROTECTED]> branch nick: ubuntu-hardy timestamp: Sun 2008-01-20 17:49:51 -0500 message: Patch by Gilbert Mendoza. modified: generic/server/C/security.xml ------------------------------------------------------------ revno: 3651.2.2 committer: Gilbert Mendoza <[EMAIL PROTECTED]> branch nick: ubuntu-hardy timestamp: Sun 2008-01-20 09:38:16 -0800 message: Added Security narrative and user management section modified: generic/server/C/security.xml ------------------------------------------------------------ revno: 3651.2.1 committer: Gilbert Mendoza <[EMAIL PROTECTED]> branch nick: ubuntu-hardy timestamp: Sun 2008-01-20 09:04:56 -0800 message: Added Security narrative and user management section modified: generic/server/C/security.xml ------------------------------------------------------------ revno: 3651.1.1 committer: Phil Bull <[EMAIL PROTECTED]> branch nick: ubuntu-hardy timestamp: Sun 2008-01-20 13:22:51 +0000 message: Applied patch from Joel Goguen (closes #150641). Made other small improvements to visual effects docs modified: ubuntu/config-desktop/C/config-desktop.xml ubuntu/desktop-effects/C/desktop-effects.xml ubuntu/hardware/C/hardware.xml ubuntu/libs/gnome-menus-C.ent
=== modified file 'generic/server/C/security.xml' --- a/generic/server/C/security.xml 2007-12-20 19:34:16 +0000 +++ b/generic/server/C/security.xml 2008-01-21 05:00:30 +0000 @@ -13,17 +13,322 @@ %xinclude; <!ENTITY language "&EnglishAmerican;"> ]> - <chapter id="security" status="complete"> - <title>Security</title> +<chapter id="security" status="review"> + <title>Security</title> + <para> + Security should always be considered when installing, deploying, and using any type of computer system. Although a fresh installation of Ubuntu is relatively safe for immediate use on the Internet, it is important to have a balanced understanding of your systems security posture based on how it will be used after deployment. + </para> + <para> + This chapter provides an overview of security related topics as they pertain to Ubuntu 8.04 Server Edition, and outlines simple measures you may use to protect your server and network from any number of potential security threats. + </para> + <sect1 id="user-management" status="review"> + <title>User Management</title> + <para> + User management is a critical part of maintaining a secure system. Ineffective user and privilege management often lead many systems into being compromised. Therefore, it is important that you understand how you can protect your server through simple and effective user account management techniques. + </para> + <sect2 id="where-is-root" status="review"> + <title>Where is root?</title> + <para> + Ubuntu developers made a conscientious decision to disable the administrative root account by default in all Ubuntu installations. This does not mean that the root account has been deleted or that it may not be accessed. It merely has been given a password which matches no possible encrypted value, therefore may not log in directly by itself. + </para> + <para> + Instead, users are encouraged to make use of a tool by the name of <application>sudo</application> to carry out system administrative duties. <application>Sudo</application> allows an authorized user to temporarily elevate their privileges using their own password instead of having to know the password belonging to the root account. This simple yet effective methodology provides accountability for all user actions, and gives the administrator granular control over which actions a user can perform with said privileges. + </para> + <itemizedlist> + <listitem> + <para> + If for some reason you wish to enable the root account, simply give it a password: + </para> +<screen><command>$ sudo passwd +[sudo] password for username: (enter your own password) +Enter new UNIX password: (enter a new password for root) +Retype new UNIX password: (repeat new password for root) +passwd: password updated successfully</command></screen> + </listitem> + <listitem> + <para> + To disable the root account, use the following passwd syntax: + </para> +<screen><command>$ sudo passwd -l root +Password changed.</command></screen> + </listitem> + <listitem> + <para> + You should read more on <application>Sudo</application> by checking out it's man page: + </para> +<screen><command>$ man sudo</command></screen> + </listitem> + </itemizedlist> + <para> + By default, the initial user created by the Ubuntu installer is a member of the group "admin" which is added to /etc/sudoers as an authorized sudo user. If you wish to give any other account full root access through sudo, simply add them to the admin group. + </para> + </sect2> + + <sect2 id="adding-deleting-users" status="review"> + <title>Adding and Deleting Users</title> + <para> + The process for managing local users and groups is straight forward and differs very little from most other GNU/Linux operating systems. Ubuntu and other Debian based distributions, encourage the use of the "adduser" package for account management. + </para> + <itemizedlist> + <listitem> + <para> + To add a user account, use the following syntax, and follow the prompts to give the account a password and identifiable characteristics such as a full name, phone number, etc. + </para> +<screen><command>$ sudo adduser username</command></screen> + </listitem> + <listitem> + <para> + To delete a user account and its primary group, use the following syntax: + </para> +<screen><command>$ sudo deluser username</command></screen> + <para> + Deleting an account does not remove their respective home folder. It is up to you whether or not you wish to delete the folder manually or keep it according to your desired retention policies. + </para> + <para> + Remember, any user added later on with the same UID/GID as the previous owner will now have access to this folder if you have not taken the necessary precautions. + </para> + <para> + You may want to change these UID/GID values to something more appropriate, such as the root account, and perhaps even relocate the folder to avoid future conflicts: + </para> +<screen><command>$ sudo chown -R root:root /home/username/ +$ sudo mkdir /home/archived_users/ +$ sudo mv /home/username /home/archived_users/</command></screen> + </listitem> + <listitem> + <para> + To temporarily lock or unlock a user account, use the following syntax, respectively: + </para> +<screen><command>$ sudo passwd -l username +$ sudo passwd -u username</command></screen> + </listitem> + <listitem> + <para> + To add or delete a personalized group, use the following syntax, respectively: + </para> +<screen><command>$ sudo addgroup groupname +$ sudo delgroup groupname</command></screen> + </listitem> + <listitem> + <para> + To add a user to a group, use the following syntax: + </para> +<screen><command>$ sudo usermod -a -G groupname username</command></screen> + </listitem> + </itemizedlist> + </sect2> + + <sect2 id="user-profile-security" status="review"> + <title>User Profile Security</title> + <para> + When a new user is created, the adduser utility creates a brand new home directory named <emphasis>/home/username</emphasis>, respectively. The default profile is modeled after the contents found in <emphasis>/etc/skel</emphasis>, which includes all profile basics. + </para> + <para> + If your server will be home to multiple users, you should pay close attention to the user home directory permissions to ensure confidentiality. By default, user home directories in Ubuntu are created with world read/execute permissions. This means that all users can browse and access the contents of other users home directories. This may not be suitable for your environment. + </para> + <itemizedlist> + <listitem> + <para> + To verify your current users home directory permissions, use the following syntax: + </para> +<screen><command>$ ls -ld /home/username +drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username</command></screen> + </listitem> + <listitem> + <para> + To properly correct the above permissions, remove world readable permissions from the users parent directory using the following syntax: + </para> +<screen><command>$ sudo chmod 0750 /home/username</command></screen> + <note> + <para> + Some people tend to use the recursive option (-R) indiscriminately which modifies all child folders and files, but this is not necessary, and may yield other undesirable results. The parent directory alone is sufficient for preventing unauthorized access to anything below the parent. + </para> + </note> + <para> + A much more efficient approach to the matter would be to modify the <application>adduser</application> global default permissions when creating user home folders. Simply edit the file /etc/adduser.conf and modify the DIR_MODE variable to something appropriate, so that all new home directories will receive the correct permissions. + </para> +<screen><command>DIR_MODE=0750</command></screen> + </listitem> + <listitem> + <para> + After correcting the directory permissions using any of the previously mentioned techniques, verify the permissions using the following syntax: + </para> +<screen><command>$ ls -ld /home/username +drwxr-x--- 2 username username 4096 2007-10-02 20:03 username</command></screen> + </listitem> + </itemizedlist> + </sect2> + + <sect2 id="password-policy" status="review"> + <title>Password Policy</title> + <para> + A strong password policy is one of the most important aspects of your security posture. Many successful security breaches involve simple brute force and dictionary attacks against weak passwords. If you intend to offer any form of remote access involving your local password system, make sure you adequately address minimum password complexity requirements, maximum password lifetimes, and frequent audits of your authentication systems. + </para> + <sect3 id="minimum-password-length" status="review"> + <title>Minimum Password Length</title> + <para> + By default, Ubuntu requires a minimum password length of 4 characters, as well as some basic entropy checks. These values are controlled in the file /etc/pam.d/common-password, which is outlined below. + </para> +<screen><command>password required pam_unix.so nullok obscure min=4 max=8 md5</command></screen> + <para> +If you would like to adjust the minimum length to 6 characters, change the appropriate variable to min=6. The modification is outlined below. + </para> +<screen><command>password required pam_unix.so nullok obscure min=6 max=8 md5</command></screen> + <note> + <para> + The max=8 variable does not represent the maximum length of a password. It only means that complexity requirements will not be checked on passwords over 8 characters. You may want to look at the <application>libpam-cracklib</application> package for additional password entropy assistance. + </para> + </note> + </sect3> + <sect3 id="password-expiration" status="review"> + <title>Password Expiration</title> + <para> + When creating user accounts, you should make it a policy to have a minimum and maximum password age forcing users to change their passwords when they expire. + </para> + <itemizedlist> + <listitem> + <para> + To easily view the current status of a user account, use the following syntax: + </para> +<screen><command>$ sudo chage -l username +Last password change : Jan 20, 2008 +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7</command></screen> + </listitem> + <listitem> + <para> + To set any of these values, simply use the following syntax, and follow the interactive prompts: + </para> +<screen><command>$ sudo chage username</command></screen> + <para> + The following is an example of how you can change an accounts explicit expiration date (-E) to 01/31/2008, minimum passsword age (-m) of 5 days, maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after password expiration, and a warning time period (-W) of 14 days before password expiration. + </para> +<screen><command>$ sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username</command></screen> + </listitem> + <listitem> + <para> + To verify changes, use the same syntax as mentioned previously: + </para> +<screen><command>$ sudo chage -l username +Last password change : Jan 20, 2008 +Password expires : Apr 19, 2008 +Password inactive : May 19, 2008 +Account expires : Jan 31, 2008 +Minimum number of days between password change : 5 +Maximum number of days between password change : 90 +Number of days of warning before password expires : 14</command></screen> + </listitem> + </itemizedlist> + </sect3> + + </sect2> + + + <sect2 id="other-security-considerations" status="review"> + <title>Other Security Considerations</title> + <para> + Many applications use alternate authentication mechanisms that can be easily overlooked by even experienced system administrators. Therefore, it is important to understand and control how users authenticate and gain access to services and applications on your server. + </para> + + <sect3 id="ssh-access-by-disabled-users" status="review"> + <title>SSH Access by Disabled Users</title> + <para> + Simply disabling/locking a user account will not prevent a user from logging into your server remotely if they have previously set up RSA public key authentication. They will still be able to gain shell access to the server, without the need for any password. Remember to check the users home directory for files that will allow for this type of authenticated SSH access. e.g. /home/username/.ssh/authorized_keys. + </para> + <para> + Remove or rename the .ssh directory of the user to prevent further SSH authentication. + </para> + <para> + Be sure to check for any established SSH connections by the disabled user, as it is possible they may have existing inbound or outbound connections. Kill any that are found. + </para> + <para> + Restrict SSH access to only user accounts that should have it. You might want to create a group called "sshlogin" and add it to the value associated with the "AllowGroups" variable in /etc/ssh/sshd_config. Then add your permitted SSH users to this group using the steps outlined earlier in this document. + </para> + </sect3> + <sect3 id="external-db-auth" status="review"> + <title>External User Database Authentication</title> + <para> + Most enterprise networks require centralized authentication and access controls for all system resources. If you have configured your server to authenticate users against external databases, be sure to disable the user accounts both externally and locally, this way you ensure that local fallback authentication is not possible. + </para> + </sect3> + </sect2> + </sect1> + + + <sect1 id="console-security" status="review"> + <title>Console Security</title> + <para> + As with any other security barrier you put in place to protect your server, it is pretty tough to defend against untold damage caused by someone with physical access to your environment. e.g. Theft of hard drives, power or service disruption, etc. Therefore, console security should be addressed merely as one component of your overall physical security strategy. A locked "screen door" may deter a casual criminal, or at the very least slow down a determined one, so it is still advisable to perform basic precautions with regard to console security. + </para> + <para> + The following sections will limit a persons ability to perform some fairly simple attacks against your server that could yield very serious consequences. + </para> + + <sect2 id="disable-ctrl-alt-delete" status="review"> + <title>Disable CTRL+ALT+Delete</title> + <para> + First and foremost, anyone that has physical access to the keyboard can simply use the Ctrl+Alt+Delete key combination to reboot the server without having to log on. Sure, someone could simply unplug the power source, but you should still prevent the use of this key combination on a production server. This forces an attacker to take more drastic measures to reboot the server, and will prevent accidental reboots at the same time. + </para> + <itemizedlist> + <listitem> + <para> + To disable the reboot action taken by pressing the Ctrl+Alt+Delete key combination, comment out the following line in the file <emphasis>/etc/event.d/control-alt-delete</emphasis>. + </para> +<screen><command>#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"</command></screen> + </listitem> + </itemizedlist> + </sect2> + <sect2 id="grub-password-security" status="review"> + <title>GRUB Password Security</title> + <para> + Ubuntu installs GNU GRUB as its default boot loader, which allows for great flexibility and recovery options. For example, when you install additional kernel images, these are automatically added as available boot options in the grub menu. Also, by default, alternate boot options are available for each kernel entry that may be used for system recovery, aptly labeled (recovery mode). Recovery mode simply boots the corresponding kernel image into single user mode (init 1), which lands the administrator at a root prompt without the need for any password. + </para> + <para> + Therefore, it is important to control who may edit the grub menu items to, <emphasis>(a)</emphasis> pass kernel options at boot up, and <emphasis>(b)</emphasis> boot the server into single user mode. You can do this by simply adding a password to grubs configuration file <emphasis>/boot/grub/menu.lst</emphasis>, which will be required to unlock grubs more advanced features prior to use. + </para> + <itemizedlist> + <listitem> + <para> + To add a password for use with grub, first you must generate an md5 password hash using the <application>grub-md5-crypt</application> utility: + </para> +<screen><command>$ grub-md5-crypt +Password: (enter new password) +Retype password: (repeat password) +$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0</command></screen> + </listitem> + <listitem> + <para> + Add the resulting hash value to <emphasis>/etc/grub/menu.lst</emphasis> in the following format: + </para> +<screen><command>password --md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0</command></screen> + </listitem> + <listitem> + <para> + To require the use of the password for entering single user mode, change the <emphasis>"lockalterntive"</emphasis> value in <emphasis>/boot/grub/menu.lst</emphasis> to <emphasis>"true"</emphasis>. + </para> +<screen><command># lockalternative=true</command></screen> + </listitem> + </itemizedlist> + <note> + <para> + This does not prevent someone from booting the server from alternate media. A determined attacker would simply boot into an alternate environment, overwrite your master boot record, mount or copy your physical volumes, destroy your data, or anything else they can imagine. Please explore other countermeasures that may help you with these types of attacks. + </para> + </note> + </sect2> + </sect1> + + <sect1 id="firewall" status="review"> + <title>Firewall</title> + <sect2 id="firewall-introduction" status="review"> + <title>Firewall Introduction</title> <para> The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, which is used to manipulate or decide the fate of network traffic headed into or through your server. All modern Linux firewall solutions use this system for packet filtering. </para> - <sect1 id="firewall" status="review"> - <title>Firewall</title> - <sect2 id="firewall-introduction" status="complete"> - <title>Firewall Introduction</title> <para> The kernel's packet filtering system would be of little use to administrators without a userspace interface to manage it. This is the purpose of iptables. When a packet === modified file 'ubuntu/config-desktop/C/config-desktop.xml' --- a/ubuntu/config-desktop/C/config-desktop.xml 2007-08-17 22:47:28 +0000 +++ b/ubuntu/config-desktop/C/config-desktop.xml 2008-01-20 13:22:51 +0000 @@ -41,7 +41,7 @@ <listitem> <para> <ulink type="help" url="ghelp:desktop-effects"> - Desktop Effects + Visual Effects </ulink> </para> </listitem> === modified file 'ubuntu/desktop-effects/C/desktop-effects.xml' --- a/ubuntu/desktop-effects/C/desktop-effects.xml 2007-08-19 11:10:10 +0000 +++ b/ubuntu/desktop-effects/C/desktop-effects.xml 2008-01-20 13:22:51 +0000 @@ -14,12 +14,12 @@ ]> <article id="desktop-effects" status="complete"> <articleinfo> - <title>Desktop Effects</title> + <title>Visual Effects</title> &legalnotice; </articleinfo> <sect1 id="compiz-intro" status="review"> - <title>What are Desktop Effects?</title> - <para>Ubuntu includes special desktop effects, which are intended to make your desktop more fun and easier to use. These include:</para> + <title>What are visual effects?</title> + <para>Ubuntu includes special visual effects which are intended to make your desktop more fun and easier to use. These include:</para> <itemizedlist> <listitem> <para>Translucent windows</para> @@ -34,27 +34,27 @@ <para>Motion effects and animations</para> </listitem> </itemizedlist> - <para>Desktop effects are enabled by default, but it is not necessary to have them turned on. In addition, users of computers with certain graphics cards may find that desktop effects do not work well on their computer, or cause the computer to operate more slowly than it would with the effects turned off.</para> + <para>Visual effects are enabled by default, but it is not necessary to have them turned on. In addition, users of computers with certain graphics cards may find that visual effects do not work well on their computer, or cause the computer to operate more slowly than it would with the effects turned off.</para> </sect1> <sect1 id="compiz-configure" status="review"> - <title>Configuring Desktop Effects</title> - <para>Press &desktop-effects; to change basic options relating to desktop effects.</para> + <title>Configuring visual effects</title> + <para>Press &desktop-effects; to change basic options relating to visual effects.</para> <itemizedlist> <listitem> - <para>Select <guilabel>No effects</guilabel> to disable desktop effects.</para> - </listitem> - <listitem> - <para>Select <guilabel>Normal effects</guilabel> to enable basic desktop effects.</para> - </listitem> - <listitem> - <para>Select <guilabel>Extra effects</guilabel> to enable all desktop effects.</para> + <para>Select <guilabel>No effects</guilabel> to disable visual effects.</para> + </listitem> + <listitem> + <para>Select <guilabel>Normal effects</guilabel> to enable basic visual effects.</para> + </listitem> + <listitem> + <para>Select <guilabel>Extra effects</guilabel> to enable more advanced visual effects.</para> </listitem> </itemizedlist> <para>When you select a new option, it may take several seconds for the change to be applied automatically. During this time, your screen may flicker briefly.</para> </sect1> <sect1 id="compiz-configure-advanced" status="complete"> - <title>Enable extra Desktop Effects</title> - <para>As well as the desktop effects which are available by default, a large collection of additional effects is available. These range from effects intended to make it easier to use your computer, to ones which are just for fun.</para> + <title>Enabling extra effects</title> + <para>As well as the visual effects which are available by default, a large collection of additional effects is available. These range from effects intended to make it easier to use your computer, to ones which are just for fun.</para> <para>To enable additional effects:</para> <procedure> <step> @@ -73,16 +73,16 @@ </sect1> <sect1 id="compiz-problems" status="review"> - <title>Problems with Desktop Effects</title> - <para>If you experience problems when using desktop effects, it is advisable to disable them by pressing &desktop-effects; and selecting <guilabel>No effects</guilabel>.</para> + <title>Common problems</title> + <para>If you experience problems when using visual effects, it is advisable to disable them by opening &desktop-effects; and selecting <guilabel>No effects</guilabel>.</para> <itemizedlist> <listitem> - <para>If you receive the following error message, it is likely that your graphics card does not currently support desktop effects:</para> - <para><guilabel>Desktop effects could not be enabled</guilabel></para> - <para>In this case, you will not be able to use desktop effects.</para> + <para>If you receive the following error message, it is likely that your graphics driver does not currently support visual effects:</para> + <para><guilabel>Visual effects could not be enabled</guilabel></para> + <para>In this case, you will not be able to use visual effects with your default graphics driver. However, you may be able to use a <ulink type='help' url='ghelp:hardware#restricted-manager'>restricted driver</ulink> instead.</para> </listitem> <listitem> - <para>If your computer runs slowly, disabling desktop effects may improve performance. Desktop effects require more system resources, and so older or less powerful computers may not be able to cope with the extra load.</para> + <para>If your computer runs slowly, disabling visual effects may improve performance. Visual effects require more system resources, and so older or less powerful computers may not be able to cope with the extra load.</para> </listitem> </itemizedlist> </sect1> @@ -91,10 +91,10 @@ <title>Further information</title> <itemizedlist> <listitem> - <para>See the <ulink url='https://help.ubuntu.com/community/CompositeManager'>Ubuntu Community Support pages</ulink> for more information on desktop effects in Ubuntu. </para> + <para>See the <ulink url='https://help.ubuntu.com/community/CompositeManager'>Ubuntu Community Support pages</ulink> for more information on visual effects in Ubuntu. </para> </listitem> <listitem> - <para>See the <ulink url='http://compiz.org/Documentation/Documentation'>Compiz documentation website</ulink> for more information on advanced configuration of desktop effects.</para> + <para>See the <ulink url='http://compiz.org/Documentation/Documentation'>Compiz documentation website</ulink> for more information on advanced configuration of visual effects.</para> </listitem> </itemizedlist> </sect1> === modified file 'ubuntu/hardware/C/hardware.xml' --- a/ubuntu/hardware/C/hardware.xml 2007-11-06 19:49:00 +0000 +++ b/ubuntu/hardware/C/hardware.xml 2008-01-20 13:22:51 +0000 @@ -31,7 +31,7 @@ <title>Why are some drivers restricted?</title> <para>Most of the devices (hardware) attached to your computer should function properly in Ubuntu. These devices are likely to have <emphasis>unrestricted</emphasis> drivers, which means that the drivers can be modified by the Ubuntu developers and problems with them can be fixed.</para> <para>Some hardware does not have unrestricted drivers, usually because the hardware manufacturer has not released details of their hardware which would make it possible to create such a driver. These devices may have limited functionality or may not work at all.</para> - <para>If a <emphasis>restricted driver</emphasis> is available for a certain device, you can install it in order to allow your device to function properly, or to add new features. For example, installing a restricted driver for certain graphics cards may allow you to use more advanced <ulink type='help' url='ghelp:desktop-effects'>desktop effects</ulink>.</para> + <para>If a <emphasis>restricted driver</emphasis> is available for a certain device, you can install it in order to allow your device to function properly, or to add new features. For example, installing a restricted driver for certain graphics cards may allow you to use more advanced <ulink type='help' url='ghelp:desktop-effects'>visual effects</ulink>.</para> <para>Some computers may not have any devices which can use restricted drivers, either because all of the devices are fully supported by unrestricted drivers or because no restricted drivers are yet available for the device.</para> <caution> <para>Restricted drivers are often maintained by the hardware manufacturer, and so cannot be modified by Ubuntu developers if there is a problem.</para> === modified file 'ubuntu/libs/gnome-menus-C.ent' --- a/ubuntu/libs/gnome-menus-C.ent 2007-11-11 00:48:28 +0000 +++ b/ubuntu/libs/gnome-menus-C.ent 2008-01-20 13:22:51 +0000 @@ -24,7 +24,7 @@ <!ENTITY cowbell '<menuchoice><guimenu>Applications</guimenu><guisubmenu>Sound & Video</guisubmenu><guimenuitem>Cowbell Music Organizer</guimenuitem> </menuchoice>'> <!ENTITY chromium '<menuchoice><guimenu>Applications</guimenu><guisubmenu>Games</guisubmenu><guisubmenu>Chromium</guisubmenu></menuchoice>'> <!ENTITY desktop-background '<menuchoice><guimenu>System</guimenu><guimenuitem>Preferences</guimenuitem><guimenuitem>Desktop Background</guimenuitem></menuchoice>'> -<!ENTITY desktop-effects '<menuchoice><guimenu>System</guimenu><guimenuitem>Preferences</guimenuitem><guimenuitem>Appearance</guimenuitem><guimenuitem>Desktop Effects</guimenuitem></menuchoice>'> +<!ENTITY desktop-effects '<menuchoice><guimenu>System</guimenu><guimenuitem>Preferences</guimenuitem><guimenuitem>Appearance</guimenuitem><guimenuitem>Visual Effects</guimenuitem></menuchoice>'> <!ENTITY desktop-preferences '<menuchoice><guimenu>System</guimenu><guimenuitem>Preferences</guimenuitem></menuchoice>'> <!ENTITY devhelp '<menuchoice><guimenu>Applications</guimenu><guisubmenu>Programming</guisubmenu><guimenuitem>Devhelp</guimenuitem></menuchoice>'> <!ENTITY device-manager '<menuchoice><guimenu>System</guimenu><guimenuitem>Preferences</guimenuitem><guimenuitem>Hardware Information</guimenuitem></menuchoice>'> -- https://code.launchpad.net/~ubuntu-core-doc/ubuntu-doc/ubuntu-hardy You are receiving this branch notification because you are subscribed to it. -- ubuntu-doc-commits mailing list ubuntu-doc-commits@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc-commits