Include proper changelog entries and a patch from Uwe Hermann fixing

many typos.
parent d050f6f8
This diff is collapsed.
<!-- CVS revision of this document "$Revision: 1.7 $" -->
<!-- CVS revision of this document "$Revision: 1.8 $" -->
<chapt>Before you begin
......@@ -9,7 +9,7 @@
system; in order to do it properly, you must first decide what you
intend to do with it. After this, you will have to consider that the
following tasks need to be taken care of if you want a really secure
system.
system.
<p>You will find that this manual is written from the bottom
up, that is, you will read some information on tasks to do before,
......@@ -20,13 +20,13 @@ tasks can also be thought of as:
<item>Decide which services you need and limit your system to those.
This includes deactivating/uninstalling unneeded services, and adding
firewall-like filters, or tcpwrappers.
firewall-like filters, or tcpwrappers.
<item>Limit users and permissions in your system.
<item>Harden offered services so that, in
the event of a service compromise, the impact to your system is
minimized.
minimized.
<item>Use appropriate tools to guarantee that unauthorized
use is detected so that you can take appropriate measures.
......@@ -52,7 +52,7 @@ tools used, or the programs available, differ).
<item>The <url name="Linux Security HOWTO"
id="http://www.tldp.org/HOWTO/Security-HOWTO/">
(also available at <url id="http://www.linuxsecurity.com/docs/LDP/Security-HOWTO.html" name="LinuxSecurity">) is one of the
best references regarding general Linux Security.
best references regarding general Linux security.
<item>The <url name="Security Quick-Start HOWTO for Linux"
id="http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/">
......@@ -86,7 +86,7 @@ Guide for Red Hat Enterprise"
id="http://ltp.sourceforge.net/docs/RHEL-EAL3-Configuration-Guide.pdf">.
<item>IntersectAlliance has published some documents that can be used
as reference cards on how to harden linux servers (and their
as reference cards on how to harden Linux servers (and their
services), the documents are available at <url
id="http://www.intersectalliance.com/projects/index.html" name="their
site">.
......@@ -103,7 +103,7 @@ is available at
<url id="http://www.dwheeler.com/secure-programs/">, it includes slides
and talks from the author, David Wheeler)
<item>If you are considering installing Firewall capabilities, you
<item>If you are considering installing firewall capabilities, you
should read the <url name="Firewall HOWTO"
id="http://www.tldp.org/HOWTO/Firewall-HOWTO.html"> and the <url
name="IPCHAINS HOWTO"
......@@ -112,7 +112,7 @@ previous to 2.4).
<item>Finally, a good card to keep handy is the
<url name="Linux Security ReferenceCard"
id="http://www.linuxsecurity.com/docs/QuickRefCard.pdf">
id="http://www.linuxsecurity.com/docs/QuickRefCard.pdf">.
</list>
......@@ -125,7 +125,7 @@ take a look there too.
<p>The HOWTO documents from the Linux Documentation Project are
available in Debian GNU/Linux through the installation of the
<package>doc-linux-text</package> (text version) or
<package>doc-linux-html</package> (html version). After installation
<package>doc-linux-html</package> (HTML version). After installation
these documents will be available at the
<file>/usr/share/doc/HOWTO/en-txt</file> and
<file>/usr/share/doc/HOWTO/en-html</file> directories, respectively.
......@@ -135,11 +135,11 @@ these documents will be available at the
<list>
<item>Maximum Linux Security : A Hacker's Guide to Protecting Your Linux
Server and Network. Anonymous. Paperback - 829 pages. Sams Publishing.
ISBN: 0672313413. July 1999.
Server and Network. Anonymous. Paperback - 829 pages. Sams Publishing.
ISBN: 0672313413. July 1999.
<item>Linux Security By John S. Flowers. New Riders; ISBN: 0735700354.
March 1999
March 1999.
<item><url id="http://www.linux.org/books/ISBN_0072127732.html"
name="Hacking Linux Exposed"> By Brian Hatch. McGraw-Hill Higher Education.
......@@ -153,16 +153,16 @@ regarding UNIX and security and not Linux specific):
<list>
<item><url id="http://www.ora.com/catalog/puis/noframes.html"
name="Practical Unix and Internet Security (2nd Edition)">
Garfinkel, Simpson, and Spafford, Gene; O'Reilly Associates;
ISBN 0-56592-148-8; 1004pp; 1996.
name="Practical Unix and Internet Security (2nd Edition)">
Garfinkel, Simpson, and Spafford, Gene; O'Reilly Associates;
ISBN 0-56592-148-8; 1004pp; 1996.
<item>Firewalls and Internet Security Cheswick, William R. and Bellovin,
Steven M.; Addison-Wesley; 1994; ISBN 0-201-63357-4; 320pp.
Steven M.; Addison-Wesley; 1994; ISBN 0-201-63357-4; 320pp.
</list>
<p>Some useful Web sites to keep up to date regarding security:
<p>Some useful web sites to keep up to date regarding security:
<list>
......@@ -197,7 +197,7 @@ order to provide an overall secure system:
<item>Debian problems are always handled openly, even security
related. Security issues are discussed openly on the debian-security
mailing list. Debian Security Advisories are sent to public mailing
mailing list. Debian Security Advisories (DSAs) are sent to public mailing
lists (both internal and external) and are published on the public
server. As the <url name="Debian Social Contract"
id="http://www.debian.org/social_contract"> states:
......@@ -240,13 +240,13 @@ to many "secure by default" service installations which could
impose certain restrictions on their normal use. Debian does, however, try to
balance security and ease of administration - the programs are not de-activated
when you install them (as it is the case with say, the BSD family of
distributions). In any case, prominent security issues (such as
operating systems). In any case, prominent security issues (such as
<tt>setuid</tt> programs) are part of the
<url id="http://www.debian.org/doc/debian-policy/" name="Debian Policy">.
</list>
<p>By publishing security information specific to Debian and complementing
other information-security documents related to Debian GNU (see
other information-security documents related to Debian (see
<ref id="references">), this document aims to produce better system
installations security-wise.
This diff is collapsed.
<!-- CVS revision of this document "$Revision: 1.5 $" -->
<!-- CVS revision of this document "$Revision: 1.6 $" -->
<copyright>
<copyrightsummary>Copyright &copy; 2002, 2003, 2004, 2005, 2006 Javier Fernández-Sanguino Peña
</copyrightsummary>
<p>Copyright &copy; 2001 Alexander Reelsen, Javier Fernández-Sanguino Peña
<p>Copyright &copy; 2000 Alexander
Reelsen
<p>Copyright &copy; 2000 Alexander Reelsen
<p>Some sections are copyright &copy; their respective authors, for details please
refer to <ref id="credits">
refer to <ref id="credits">.
<p>Permission is granted to copy, distribute and/or modify this document
under the terms of the <url id="&gplhome;"
......
This diff is collapsed.
<!-- CVS revision of this document "$Revision: 1.24 $" -->
<!-- CVS revision of this document "$Revision: 1.25 $" -->
<chapt id="sec-services">Securing services running on your system
......@@ -1445,7 +1445,12 @@ however, <ref id="limit-bindaddr">).
<sect id="firewall-setup">Adding firewall capabilities
<p>The Debian GNU/Linux operating system has the built-in capabilities
provided by the Linux kernel. This means that if you install a potato
provided by the Linux kernel
<footnote><p>
Old Debian distributions needed the appropriate kernel patch, for
example, Debian 2.1 used the 2.0.34 kernel which did not include these
functionality.</p>
</footnote>. This means that if you install a potato
(Debian 2.2 release) system (default kernel is 2.2) you will have
<prgn>ipchains</prgn> firewalling available in the kernel, you need to
have the <package>ipchains</package> package, which should, due to
......
<!-- CVS revision of this document "$Revision: 1.4 $" -->
<!-- CVS revision of this document "$Revision: 1.5 $" -->
<title>&bookname;</title>
<author>
......@@ -16,8 +16,8 @@
This document describes security in the Debian project and in the
Debian operating system.
Starting with the process of securing and hardening the
default Debian GNU/Linux distribution installation.
It also covers some of the common tasks to set up a secure
default Debian GNU/Linux distribution installation,
it also covers some of the common tasks to set up a secure
network environment using Debian GNU/Linux,
gives additional information on the security tools available
and talks about how security is enforced in Debian by
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment