mirror of https://github.com/tLDP/LDP
DocBook SGML markup fix (<bf/> to <emphasis/>)
Replacing the Linuxdoc tag <bf/> with the SGML tag <emphasis/> solved the validation problem for this document.
This commit is contained in:
parent
4df140ef1b
commit
e15c9bc3b4
|
@ -4568,21 +4568,21 @@ are necessary for moving to 2.2.x is available at <ULink
|
||||||
URL="http://www-stu.calvin.edu/~clug/users/jnieho38/goto22.html">
|
URL="http://www-stu.calvin.edu/~clug/users/jnieho38/goto22.html">
|
||||||
http://www-stu.calvin.edu/~clug/users/jnieho38/goto22.html</ULink>; I will
|
http://www-stu.calvin.edu/~clug/users/jnieho38/goto22.html</ULink>; I will
|
||||||
attempt to summarize the information below (items marked with a leading
|
attempt to summarize the information below (items marked with a leading
|
||||||
``<bf>**</bf>'' indicate you will most likely need to
|
``✶'' indicate you will most likely need to
|
||||||
upgrade the item for Red Hat 5.2; items not indicated as such are
|
upgrade the item for Red Hat 5.2; items not indicated as such are
|
||||||
<Emphasis>probably</Emphasis> okay but probably worth checking).</Para>
|
<Emphasis>probably</Emphasis> okay but probably worth checking).</Para>
|
||||||
|
|
||||||
<ItemizedList Mark="Bullet" Spacing="Compact">
|
<ItemizedList Mark="Bullet" Spacing="Compact">
|
||||||
|
|
||||||
<ListItem><para><bf>**</bf> <Emphasis>initscripts-3.78-2.4 or
|
<ListItem><para>✶ <Emphasis>initscripts-3.78-2.4 or
|
||||||
better</Emphasis> (Type ``<Literal>rpm -q initscripts</Literal>'' to check
|
better</Emphasis> (Type ``<Literal>rpm -q initscripts</Literal>'' to check
|
||||||
your version)</Para></ListItem>
|
your version)</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><bf>**</bf> <Emphasis>modutils-2.1.121 or
|
<ListItem><Para>✶ <Emphasis>modutils-2.1.121 or
|
||||||
better</Emphasis> (Type ``<Literal>rpm -q modutils</Literal>'' to check your
|
better</Emphasis> (Type ``<Literal>rpm -q modutils</Literal>'' to check your
|
||||||
version)</Para></ListItem>
|
version)</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><bf>**</bf> <Emphasis>mount-2.9-0 or better</Emphasis>
|
<ListItem><Para>✶ <Emphasis>mount-2.9-0 or better</Emphasis>
|
||||||
(Type ``<Literal>rpm -q mount</Literal>'' to check your
|
(Type ``<Literal>rpm -q mount</Literal>'' to check your
|
||||||
version)</Para></ListItem>
|
version)</Para></ListItem>
|
||||||
|
|
||||||
|
@ -4607,13 +4607,13 @@ glibc</Literal>'')</Para></ListItem>
|
||||||
<ListItem><Para><Emphasis>procps-1.2.9 or better</Emphasis> (``<Literal>rpm -q
|
<ListItem><Para><Emphasis>procps-1.2.9 or better</Emphasis> (``<Literal>rpm -q
|
||||||
procps</Literal>'')</Para></ListItem>
|
procps</Literal>'')</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><bf>**</bf> <Emphasis>procinfo-15 or better</Emphasis>
|
<ListItem><Para>✶ <Emphasis>procinfo-15 or better</Emphasis>
|
||||||
(``<Literal>rpm -q procinfo</Literal>'')</Para></ListItem>
|
(``<Literal>rpm -q procinfo</Literal>'')</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><Emphasis>psmisc-17 or better</Emphasis> (``<Literal>rpm -q
|
<ListItem><Para><Emphasis>psmisc-17 or better</Emphasis> (``<Literal>rpm -q
|
||||||
psmisc</Literal>'')</Para></ListItem>
|
psmisc</Literal>'')</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><bf>**</bf> <Emphasis>net-tools-1.50 or
|
<ListItem><Para>✶ <Emphasis>net-tools-1.50 or
|
||||||
better</Emphasis> (``<Literal>rpm -q net-tools</Literal>'')</Para></ListItem>
|
better</Emphasis> (``<Literal>rpm -q net-tools</Literal>'')</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><Emphasis>loadlin-1.6 or better</Emphasis> (Needed only if
|
<ListItem><Para><Emphasis>loadlin-1.6 or better</Emphasis> (Needed only if
|
||||||
|
@ -4651,7 +4651,7 @@ with a modem and PPP.)</Para></ListItem>
|
||||||
client to connect to the Internet, such as with a cable
|
client to connect to the Internet, such as with a cable
|
||||||
modem).</Para></ListItem>
|
modem).</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><bf>**</bf> <Emphasis>util-linux-2.9.0</Emphasis>
|
<ListItem><Para>✶ <Emphasis>util-linux-2.9.0</Emphasis>
|
||||||
(``<Literal>rpm -q util-linux</Literal>'')</Para></ListItem>
|
(``<Literal>rpm -q util-linux</Literal>'')</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><Emphasis>setserial-2.1 or better</Emphasis>
|
<ListItem><Para><Emphasis>setserial-2.1 or better</Emphasis>
|
||||||
|
@ -4796,11 +4796,11 @@ the scope of this document.</Para>
|
||||||
the configuration file to thwart off spammers. These include:</Para>
|
the configuration file to thwart off spammers. These include:</Para>
|
||||||
|
|
||||||
<ProgramListing>
|
<ProgramListing>
|
||||||
<bf>O PrivacyOptions=authwarnings</bf>
|
<emphasis>O PrivacyOptions=authwarnings</emphasis>
|
||||||
<Emphasis>change to:</Emphasis>
|
<Emphasis>change to:</Emphasis>
|
||||||
O PrivacyOptions=authwarnings,noexpn,novrfy
|
O PrivacyOptions=authwarnings,noexpn,novrfy
|
||||||
|
|
||||||
<bf>O SmtpGreetingMessage=$j Sendmail $v/$Z; $b</bf>
|
<emphasis>O SmtpGreetingMessage=$j Sendmail $v/$Z; $b</emphasis>
|
||||||
<Emphasis>change to:</Emphasis>
|
<Emphasis>change to:</Emphasis>
|
||||||
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b NO UCE C=xx L=xx
|
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b NO UCE C=xx L=xx
|
||||||
</ProgramListing>
|
</ProgramListing>
|
||||||
|
@ -5211,7 +5211,7 @@ security:</Para>
|
||||||
|
|
||||||
<ItemizedList Mark="Bullet" Spacing="Normal">
|
<ItemizedList Mark="Bullet" Spacing="Normal">
|
||||||
|
|
||||||
<ListItem><Para><bf>Upgrade system tools, applications, and kernel:</bf>
|
<ListItem><Para><emphasis>Upgrade system tools, applications, and kernel:</emphasis>
|
||||||
By far the most common cause of system break-ins is by not exercising
|
By far the most common cause of system break-ins is by not exercising
|
||||||
diligence in keeping an up-to-date server. Performing regular upgrades of
|
diligence in keeping an up-to-date server. Performing regular upgrades of
|
||||||
the system kernel, tools and utilities will ensure that your system is not
|
the system kernel, tools and utilities will ensure that your system is not
|
||||||
|
@ -5220,19 +5220,19 @@ details on keeping an up-to-date server, see <XRef
|
||||||
LinkEnd="update-redhat">, as well as <XRef
|
LinkEnd="update-redhat">, as well as <XRef
|
||||||
LinkEnd="keeping-up-to-date">.</Para></ListItem>
|
LinkEnd="keeping-up-to-date">.</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><bf>Shadow passwords:</bf> You should definitely be using
|
<ListItem><Para><emphasis>Shadow passwords:</emphasis> You should definitely be using
|
||||||
Shadow passwords; switching to this password format is
|
Shadow passwords; switching to this password format is
|
||||||
<Emphasis>easy</Emphasis>! For details, see <XRef
|
<Emphasis>easy</Emphasis>! For details, see <XRef
|
||||||
LinkEnd="shadow-file-formats">.</Para></ListItem>
|
LinkEnd="shadow-file-formats">.</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><bf>Smart password management:</bf> Make sure passwords,
|
<ListItem><Para><emphasis>Smart password management:</emphasis> Make sure passwords,
|
||||||
<Emphasis>especially</Emphasis> for users you are providing with shell
|
<Emphasis>especially</Emphasis> for users you are providing with shell
|
||||||
access, are strong and changed often. Also, if you use multiple servers,
|
access, are strong and changed often. Also, if you use multiple servers,
|
||||||
resist the temptation to use the same password for all of them (otherwise,
|
resist the temptation to use the same password for all of them (otherwise,
|
||||||
if a cracker breaks into one server using a discovered password, he or she
|
if a cracker breaks into one server using a discovered password, he or she
|
||||||
can break into them all).</Para></ListItem>
|
can break into them all).</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><bf>Use secure shell (ssh):</bf> Switch to using ``ssh''
|
<ListItem><Para><emphasis>Use secure shell (ssh):</emphasis> Switch to using ``ssh''
|
||||||
instead of ``telnet''. Telnet is insecure for two reasons: One, sessions
|
instead of ``telnet''. Telnet is insecure for two reasons: One, sessions
|
||||||
are unencrypted, which means everything, including username and passwords,
|
are unencrypted, which means everything, including username and passwords,
|
||||||
are transmitted as clear text. Second, an open telnet port is one of the
|
are transmitted as clear text. Second, an open telnet port is one of the
|
||||||
|
@ -5310,7 +5310,7 @@ servers and one insecure one is a waste of time,
|
||||||
<Emphasis>especially</Emphasis> if you are foolish enough to use the same
|
<Emphasis>especially</Emphasis> if you are foolish enough to use the same
|
||||||
password for more than one server.</Para></Note></ListItem>
|
password for more than one server.</Para></Note></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><bf>Restrict access to external services:</bf> Next, you
|
<ListItem><Para><emphasis>Restrict access to external services:</emphasis> Next, you
|
||||||
should edit the ``<Literal>/etc/hosts.allow</Literal>'' as well as the
|
should edit the ``<Literal>/etc/hosts.allow</Literal>'' as well as the
|
||||||
``<Literal><Filename>/etc/hosts.deny</Filename></Literal>'' file to
|
``<Literal><Filename>/etc/hosts.deny</Filename></Literal>'' file to
|
||||||
restrict access to services to external hosts. Here is an example of how
|
restrict access to services to external hosts. Here is an example of how
|
||||||
|
@ -5339,7 +5339,7 @@ in.ftpd: ALL
|
||||||
|
|
||||||
</ListItem>
|
</ListItem>
|
||||||
|
|
||||||
<ListItem><Para><bf>Turn off and uninstall unneeded services:</bf> Edit
|
<ListItem><Para><emphasis>Turn off and uninstall unneeded services:</emphasis> Edit
|
||||||
your ``<Literal><Filename>/etc/inetd.conf</Filename></Literal>'' file,
|
your ``<Literal><Filename>/etc/inetd.conf</Filename></Literal>'' file,
|
||||||
and disable (ie. comment out using a ``<Literal>#</Literal>'' character)
|
and disable (ie. comment out using a ``<Literal>#</Literal>'' character)
|
||||||
any services that are not needed (if you're using ssh as recommended
|
any services that are not needed (if you're using ssh as recommended
|
||||||
|
@ -5348,7 +5348,7 @@ done so, as root type ``<Literal>/etc/rc.d/init.d/inet
|
||||||
restart</Literal>'' to restart the inetd daemon with the
|
restart</Literal>'' to restart the inetd daemon with the
|
||||||
changes.</Para></ListItem>
|
changes.</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><bf>Install a security detection system:</bf> Consider
|
<ListItem><Para><emphasis>Install a security detection system:</emphasis> Consider
|
||||||
installing security programs such as ``Tripwire'' (see <ULink
|
installing security programs such as ``Tripwire'' (see <ULink
|
||||||
URL="http://www.tripwiresecurity.com/">
|
URL="http://www.tripwiresecurity.com/">
|
||||||
http://www.tripwiresecurity.com/</ULink>) which can detect intrusions, and
|
http://www.tripwiresecurity.com/</ULink>) which can detect intrusions, and
|
||||||
|
@ -5356,7 +5356,7 @@ http://www.tripwiresecurity.com/</ULink>) which can detect intrusions, and
|
||||||
http://www.psionic.com/abacus/</ULink>) which can help prevent
|
http://www.psionic.com/abacus/</ULink>) which can help prevent
|
||||||
them.</Para></ListItem>
|
them.</Para></ListItem>
|
||||||
|
|
||||||
<ListItem><Para><bf>Due diligence:</bf> Keeping your eye on your system, performing
|
<ListItem><Para><emphasis>Due diligence:</emphasis> Keeping your eye on your system, performing
|
||||||
random security audits (which can be as simple as checking for suspicious
|
random security audits (which can be as simple as checking for suspicious
|
||||||
entries in the password files, examining your process list, and checking
|
entries in the password files, examining your process list, and checking
|
||||||
your log files for suspicious entries) can go a long way towards keeping
|
your log files for suspicious entries) can go a long way towards keeping
|
||||||
|
|
Loading…
Reference in New Issue