From owner-svn-doc-all@freebsd.org  Sun Nov 29 01:57:07 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 681C1472D99;
 Sun, 29 Nov 2020 01:57:07 +0000 (UTC)
 (envelope-from ryusuke@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CkBLq1llYz3K4d;
 Sun, 29 Nov 2020 01:57:07 +0000 (UTC)
 (envelope-from ryusuke@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 24096151F;
 Sun, 29 Nov 2020 01:57:07 +0000 (UTC)
 (envelope-from ryusuke@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0AT1v7FM018540;
 Sun, 29 Nov 2020 01:57:07 GMT (envelope-from ryusuke@FreeBSD.org)
Received: (from ryusuke@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0AT1v73O018539;
 Sun, 29 Nov 2020 01:57:07 GMT (envelope-from ryusuke@FreeBSD.org)
Message-Id: <202011290157.0AT1v73O018539@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ryusuke set sender to
 ryusuke@FreeBSD.org using -f
From: Ryusuke SUZUKI <ryusuke@FreeBSD.org>
Date: Sun, 29 Nov 2020 01:57:07 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54718 - head/ja_JP.eucJP/books/handbook/security
X-SVN-Group: doc-head
X-SVN-Commit-Author: ryusuke
X-SVN-Commit-Paths: head/ja_JP.eucJP/books/handbook/security
X-SVN-Commit-Revision: 54718
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2020 01:57:07 -0000

Author: ryusuke
Date: Sun Nov 29 01:57:06 2020
New Revision: 54718
URL: https://svnweb.freebsd.org/changeset/doc/54718

Log:
  - Merge the following from the English version:
  
  	r43278 -> r43744	head/ja_JP.eucJP/books/handbook/security/chapter.xml

Modified:
  head/ja_JP.eucJP/books/handbook/security/chapter.xml

Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml	Sat Nov 28 06:38:37 2020	(r54717)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml	Sun Nov 29 01:57:06 2020	(r54718)
@@ -3,7 +3,7 @@
      The FreeBSD Documentation Project
      The FreeBSD Japanese Documentation Project
 
-     Original revision: r43278
+     Original revision: r43744
      $FreeBSD$
 -->
 <chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -14,33 +14,33 @@
     <authorgroup>
       <author>
 	<personname>
-	  <firstname>Matthew</firstname>
-	  <surname>Dillon</surname>
+	  <firstname>Tom</firstname>
+	  <surname>Rhodes</surname>
 	</personname>
 
-	<contrib>ËܾϤδð¤Ë¤·¤¿ security(7) ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤Î¼¹É®: </contrib>
+	<contrib>´ó¹Æ: </contrib>
       </author>
     </authorgroup>
   </info>
 
   <indexterm><primary>¥»¥­¥å¥ê¥Æ¥£</primary></indexterm>
 
-  <para><emphasis>Ìõ: &a.jp.hino;¡¢(jpman
-    ¥×¥í¥¸¥§¥¯¥È¤ÎÀ®²Ì¤òÍøÍѤµ¤»¤Æ¤¤¤¿¤À¤­¤Þ¤·¤¿)¡£</emphasis></para>
+<!--  <para><emphasis>Ìõ: &a.jp.hino;¡¢(jpman
+    ¥×¥í¥¸¥§¥¯¥È¤ÎÀ®²Ì¤òÍøÍѤµ¤»¤Æ¤¤¤¿¤À¤­¤Þ¤·¤¿)¡£</emphasis></para> -->
 
   <sect1 xml:id="security-synopsis">
     <title>¤³¤Î¾Ï¤Ç¤Ï</title>
 
-    <para>¤³¤Î¾Ï¤Ç¤Ï¡¢´ðËÜŪ¤Ê¥·¥¹¥Æ¥à¥»¥­¥å¥ê¥Æ¥£¤Î¹Í¤¨Êý¡¢
-      ³Ð¤¨¤Æ¤ª¤¯¤Ù¤­°ìÈÌŪ¤Ê¥ë¡¼¥ë¤ò¾Ò²ð¤·¡¢
-      &os; ¤Ë¤ª¤±¤ë¹âÅÙ¤ÊÏÃÂê¤Ë¤Ä¤¤¤Æ´Êñ¤ËÀâÌÀ¤·¤Þ¤¹¡£
-      ¤³¤³¤Ç°·¤¦ÏÃÂê¤Î¿¤¯¤Ï¡¢
-      °ìÈÌŪ¤Ê¥·¥¹¥Æ¥à¤ä¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥»¥­¥å¥ê¥Æ¥£¤Ë¤â¤¢¤Æ¤Ï¤Þ¤ê¤Þ¤¹¡£
-      ¥·¥¹¥Æ¥à¤ò°ÂÁ´¤ËÊݤĤ³¤È¤Ï¡¢¥Ç¡¼¥¿¡¢ÃÎŪºâ»º¡¢»þ´Ö¡¢¤½¤Î¾¤ò¡¢
-      ¥Ï¥Ã¥«¡¼¤ä¤½¤ÎƱÎफ¤é¼é¤ë¤¿¤á¤Ë¤Ï·ç¤«¤»¤Þ¤»¤ó¡£</para>
+    <para>ʪÍýŪ¤â¤·¤¯¤Ï²¾ÁÛŪ¤Ë´Ø¤ï¤é¤º¡¢
+      ¥»¥­¥å¥ê¥Æ¥£¤ÏÉý¹­¤¤¥È¥Ô¥Ã¥¯¤Ç¤¢¤ê¡¢
+      ¶È³¦Á´ÂΤ¬¥»¥­¥å¥ê¥Æ¥£¤È¤È¤â¤ËÀ®Ä¹¤·¤Æ¤¤¤Þ¤¹¡£
+      ¥·¥¹¥Æ¥à¤ª¤è¤Ó¥Í¥Ã¥È¥ï¡¼¥¯¤ò°ÂÁ´¤Ë¤¹¤ëɸ½àŪ¤ÊÊýË¡¤Ï¿ô¿¤¯Ê¸½ñ²½¤µ¤ì¤Æ¤ª¤ê¡¢
+      &os; ¤Î¥æ¡¼¥¶¤â¡¢
+      ¹¶·â¤ä¿¯Æþ¼Ô¤«¤é¼é¤ëÊýË¡¤òÍý²ò¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£</para>
 
-    <para>&os; ¤Ï¡¢
-      ¥·¥¹¥Æ¥à¤È¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÀ°¹çÀ­¤ª¤è¤Ó°ÂÁ´À­¤òÊݸ¤ë»ÅÁȤߤȰìÏ¢¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤òÄ󶡤·¤Æ¤¤¤Þ¤¹¡£</para>
+    <para>¤³¤Î¾Ï¤Ç¤Ï¡¢¥»¥­¥å¥ê¥Æ¥£¤Î´ðÁä䵻½Ñ¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£
+      &os; ¥·¥¹¥Æ¥à¤Ï¡¢Ê£¿ô¤Î¥ì¥¤¥ä¤Ë´ØÏ¢¤¹¤ë¥»¥­¥å¥ê¥Æ¥£¤òÄ󶡤·¤Þ¤¹¡£
+      ¤½¤·¤Æ¡¢°ÂÁ´À­¤ò¹â¤á¤ë¤¿¤á¤Ë¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤òÍøÍѤ¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£</para>
 
     <para>¤³¤Î¾Ï¤òÆɤà¤È¡¢°Ê²¼¤Î¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£</para>
 
@@ -123,391 +123,381 @@
   <sect1 xml:id="security-intro">
     <title>¤Ï¤¸¤á¤Ë</title>
 
-    <para>¥»¥­¥å¥ê¥Æ¥£¤È¤Ï¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ò¤¤¤Ä¤âǺ¤Þ¤»¤ë»Å»ö¤Î°ì¤Ä¤Ç¤¹¡£
-      &os; ¤Ï¡¢¸ÇÍ­¤Î¥»¥­¥å¥ê¥Æ¥£µ¡¹½¤òÈ÷¤¨¤Æ¤¤¤Þ¤¹¤¬¡¢
-      ÄɲäΥ»¥­¥å¥ê¥Æ¥£µ¡¹½¤òÀßÄꤷÊݼ餹¤ë»Å»ö¤Ï¤ª¤½¤é¤¯¡¢
-      ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤È¤·¤Æ¤â¤Ã¤È¤âÂ礭¤ÊÀÕ̳¤Î°ì¤Ä¤Ç¤·¤ç¤¦¡£</para>
+    <para>¥»¥­¥å¥ê¥Æ¥£¤ò¹â¤á¤ë¤³¤È¤Ï¤¹¤Ù¤Æ¤Î¿Í¤ÎÀÕǤ¤Ç¤¹¡£
+      ¥·¥¹¥Æ¥à¤Ë¼å¤¤¿¯Æþ¥Ý¥¤¥ó¥È¤¬Â¸ºß¤¹¤ë¤È¡¢¿¯Æþ¼Ô¤Ï½ÅÍפʾðÊó¤òÆÀ¤¿¤ê¡¢
+      ¥Í¥Ã¥È¥ï¡¼¥¯Á´ÂΤËÈï³²¤òµÚ¤Ü¤¹¤³¤È¤¬¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
+      ¿¤¯¤Î¥»¥­¥å¥ê¥Æ¥£¤Î¥È¥ì¡¼¥Ë¥ó¥°¤Ç¤Ï¡¢
+      ¾ðÊó¥·¥¹¥Æ¥à¤Îµ¡Ì©À­ (confidentiality)¡¢
+      ´°Á´À­ (integrity) ¤ª¤è¤Ó²ÄÍÑÀ­ (availability)
+      ¤ò°ÕÌ£¤¹¤ë¥»¥­¥å¥ê¥Æ¥£¤Î 3 Í×ÁǤǤ¢¤ë
+      <acronym>CIA</acronym> ¤¬¼è¤ê°·¤ï¤ì¤Þ¤¹¡£</para>
 
-    <para>¤Þ¤¿¡¢¥·¥¹¥Æ¥à¥»¥­¥å¥ê¥Æ¥£¤Ë¤Ï¡¢
-      ¤µ¤Þ¤¶¤Þ¤Ê·Á¤Ç¤Î¹¶·â¤ËÂн褹¤ë¤³¤È¤È¤â´Ø·¸¤·¤Æ¤¤¤Þ¤¹¡£
-      ¹¶·â¤ÎÃæ¤Ë¤Ï <systemitem class="username">root</systemitem>
-      ¸¢¸Â¤òÃ¥¤ª¤¦¤È¤Ï¤·¤Ê¤¤¤±¤ì¤É¤â¡¢
-      ¥¯¥é¥Ã¥·¥å¤ä¥·¥¹¥Æ¥à¤ÎÉÔ°ÂÄê¾õÂÖ¤ò°ú¤­µ¯¤³¤½¤¦¤È¤¹¤ë¤â¤Î¤â¤¢¤ê¤Þ¤¹¡£
-      ¤³¤Î¥»¥­¥å¥ê¥Æ¥£ÌäÂê¤Ï¡¢¤¤¤¯¤Ä¤«¤ËʬÎह¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£</para>
+    <para><acronym>CIA</acronym> ¤Î 3 Í×ÁǤϡ¢
+      ¥³¥ó¥Ô¥å¡¼¥¿¥»¥­¥å¥ê¥Æ¥£¤Î´ðËܤȤʤë¹Í¤¨¤Ç¤¹¡£
+      ¸ÜµÒ¤ä¥¨¥ó¥É¥æ¡¼¥¶¤Ï¡¢¥Ç¡¼¥¿¤Î¥×¥é¥¤¥Ð¥·¡¼¤ò´üÂÔ¤·¤Þ¤¹¡£
+      Èà¤é¤Ï¡¢¥Ç¡¼¥¿¤¬Êѹ¹¤µ¤ì¤Ê¤¤¤³¤È¤ä¡¢
+      ¾ðÊ󤬱£¤µ¤ì¤Æ¤¤¤ë¤³¤È¤ò´üÂÔ¤·¤Þ¤¹¡£
+      Èà¤é¤Ï¤Þ¤¿¡¢¤¤¤Ä¤Ç¤â¾ðÊó¤Ë¥¢¥¯¥»¥¹¤Ç¤­¤ë¤³¤È¤ò´üÂÔ¤·¤Þ¤¹¡£
+      ¤³¤ì¤é¤Ï¡¢¥·¥¹¥Æ¥à¤Îµ¡Ì©À­¡¢´°Á´À­¡¢²ÄÍÑÀ­¤ò¹½À®¤·¤Þ¤¹¡£</para>
 
-    <orderedlist>
-      <listitem>
-	<para>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â (denial of service attack)</para>
-      </listitem>
+    <para>¥»¥­¥å¥ê¥Æ¥£¤Î¥×¥í¥Õ¥§¥Ã¥·¥ç¥Ê¥ë¤Ï¡¢<acronym>CIA</acronym>
+      ¤ò¼é¤ë¤¿¤á¤Ë¡¢Â¿ÁØËɱҤÎÀïά¤òºÎÍѤ·¤Þ¤¹¡£
+      ¤³¤Î¿ÁØËɱÒÀïά¤Ç¤Ï¥»¥­¥å¥ê¥Æ¥£¤Î¥ì¥¤¥¢¤òÊ£¿ôÍÑ°Õ¤¹¤ë¤³¤È¤Ç¡¢
+      °ì¤Ä¤Î¥ì¥¤¥ä¤¬Çˤé¤ì¤Æ¤â¡¢
+      ¥»¥­¥å¥ê¥Æ¥£¥·¥¹¥Æ¥àÁ´ÂΤ¬Çˤé¤ì¤ë¤³¤È¤òËɤ®¤Þ¤¹¡£
+      ¥·¥¹¥Æ¥à¤Î´ÉÍý¼Ô¤Ï¡¢¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤òñ¤ËÍ­¸ú¤Ë¤¹¤ë¤À¤±¤Ç¤Ï¤Ê¤¯¡¢
+      ¥Í¥Ã¥È¥ï¡¼¥¯¤â¤·¤¯¤Ï¥·¥¹¥Æ¥à¤ò°ÂÁ´¤ËÊݤÄɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+      ¥¢¥«¥¦¥ó¥È¤ò´Æºº¤·¡¢¥Ð¥¤¥Ê¥ê¤Î´°Á´À­¡¢
+      °­°Õ¤Î¤¢¤ë¥Ä¡¼¥ë¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò³Îǧ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+      ¤³¤Î¤¿¤á¤Ë¡¢
+      ´ÉÍý¼Ô¤Ï¶¼°Ò¤¬¤É¤Î¤è¤¦¤Ê¤â¤Î¤«¤òÍý²ò¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
 
-      <listitem>
-	<para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ÎÉÔÀµÍøÍÑ (user account compromise)</para>
-      </listitem>
+    <sect2 xml:id="security-threats">
+      <title>¶¼°Ò</title>
 
-      <listitem>
-	<para>¥¢¥¯¥»¥¹²Äǽ¤Ê¥µ¡¼¥Ó¥¹¤ò»È¤Ã¤¿ root ¸¢¸Â¤ÎÉÔÀµÍøÍÑ</para>
-      </listitem>
+      <para>¥³¥ó¥Ô¥å¡¼¥¿¥»¥­¥å¥ê¥Æ¥£¤ª¤±¤ë¶¼°Ò¤È¤Ï²¿¤Ç¤·¤ç¤¦¤«¡©
+        Ĺǯ¡¢¶¼°Ò¤Ï¥ê¥â¡¼¥È¤Î¹¶·â¼Ô¡¢
+	¤¹¤Ê¤ï¤Á±ó³Ö¤«¤é¤Îµö²Ä¤Î¤Ê¤¤¥·¥¹¥Æ¥à¤Ø¤Î¥¢¥¯¥»¥¹¤ò´ë¤Æ¤ë¿Í¡¹¤È¹Í¤¨¤é¤ì¤Æ¤¤¤Þ¤·¤¿¡£
+	º£Æü¤Ç¤Ï¡¢¤³¤ÎÄêµÁ¤Ï½¾¶È°÷¡¢°­°Õ¤Î¤¢¤ë¥½¥Õ¥È¥¦¥§¥¢¡¢
+	ÉÔÀµ¤Ê¥Í¥Ã¥È¥ï¡¼¥¯¥Ç¥Ð¥¤¥¹¡¢¼«Á³ºÒ³²¡¢¥»¥­¥å¥ê¥Æ¥£¤ÎÀȼåÀ­¡¢
+	¤½¤·¤Æ¶¥¹ç¤¹¤ë²ñ¼Ò¤Ç¤µ¤¨¤â´Þ¤á¤ë¤è¤¦¤Ë³ÈÄ¥¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
 
-      <listitem>
-	<para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ò·Ðͳ¤·¤¿ root ¸¢¸Â¤ÎÉÔÀµ»ÈÍÑ</para>
-      </listitem>
+      <para>ËèÆü¡¢¿ôÀé¤â¤Î¥·¥¹¥Æ¥à¤ª¤è¤Ó¥Í¥Ã¥È¥ï¡¼¥¯¤¬¹¶·â¤µ¤ì¡¢
+	¿ôÉ´¤â¤Î¥·¥¹¥Æ¥à¤¬µö²Ä¤Ê¤¯¥¢¥¯¥»¥¹¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
+	´Êñ¤Ê¥¢¥¯¥·¥Ç¥ó¥È¤È¤¤¤Ã¤¿¤â¤Î¤«¤é¡¢¥ê¥â¡¼¥È¤«¤é¤Î¹¶·â¡¢
+	»º¶È¥¹¥Ñ¥¤¤Ç¤¢¤Ã¤¿¤ê¡¢°ÊÁ°Æ¯¤¤¤Æ¤¤¤¿½¾¶È°÷¤«¤é¤Î¹¶·â¤È¤¤¤Ã¤¿¥±¡¼¥¹¤â¤¢¤ê¤Þ¤¹¡£
+	¥·¥¹¥Æ¥à¤Î¥æ¡¼¥¶¤È¤·¤Æ¤Ï¡¢
+	´Ö°ã¤¤¤¬¥»¥­¥å¥ê¥Æ¥£°ãÈ¿¤Ë·Ò¤¬¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢
+	²ÄǽÀ­¤Î¤¢¤ëÌäÂê¤ò¥»¥­¥å¥ê¥Æ¥£¥Á¡¼¥à¤ËÊó¹ð¤¹¤ë¤³¤È¤¬½ÅÍפǤ¹¡£
+	´ÉÍý¼Ô¤È¤·¤Æ¤Ï¡¢¶¼°Ò¤òÇÄ°®¤·¡¢
+	¤½¤Î¶¼°Ò¤Î±Æ¶Á¤ò¾®¤µ¤¯¤¹¤ë¤è¤¦¤Ë½àÈ÷¤ò¤·¤Æ¤ª¤¯¤³¤È¤¬½ÅÍפǤ¹¡£</para>
+      </sect2>
 
-      <listitem>
-	<para>¥Ð¥Ã¥¯¥É¥¢¤ÎÀßÃÖ</para>
-      </listitem>
-    </orderedlist>
+    <sect2 xml:id="security-groundup">
+      <title>¥Ü¥È¥à¥¢¥Ã¥×¥¢¥×¥í¡¼¥Á</title>
 
-    <indexterm>
-      <primary>DoS ¹¶·â</primary>
-      <see>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</see>
-    </indexterm>
+      <para>¥»¥­¥å¥ê¥Æ¥£¤ò¹Í¤¨¤ë¾å¤Ç¡¢
+	¤·¤Ð¤·¤Ð¥Ü¥È¥à¥¢¥Ã¥×¥¢¥×¥í¡¼¥Á¤¬°ìÈÖÎɤ¤ÊýË¡¤È¤Ê¤ê¤Þ¤¹¡£
+	¤³¤Î¹Í¤¨¤Ç¤Ï¡¢´ÉÍý¼Ô¤¬´ðËÜŪ¤Ê¥¢¥«¥¦¥ó¥È¡¢¥·¥¹¥Æ¥àÀßÄê¤ò¹Ô¤Ã¤Æ¤«¤é¡¢
+	¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤ÎÀßÄê¡¢
+	¤½¤·¤Æ¥Í¥Ã¥È¥ï¡¼¥¯¥ì¥¤¥ä¤ËÀßÄê¤ò¹­¤²¤Æ¤¤¤­¤Þ¤¹¡£
+	¥·¥¹¥Æ¥à¥Ý¥ê¥·¡¼¤ª¤è¤Ó¼ê³¤­¤ò¹Ô¤¦¾å¤Ç¤Ï¡¢
+	¤³¤Î¤è¤¦¤ÊÀßÄê¤Î¦Ì̤¬¤¢¤ê¤Þ¤¹¡£</para>
 
-    <indexterm>
-      <primary>¥»¥­¥å¥ê¥Æ¥£</primary>
-      <secondary>DoS ¹¶·â</secondary>
-      <see>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</see>
-    </indexterm>
+      <para>¥Ó¥¸¥Í¥¹¤Î¿¤¯¤Î´Ä¶­¤Ç¤Ï¡¢
+	»ÈÍѤ¹¤ë¥Ç¥Ð¥¤¥¹¤ÎÀßÄê¤ËÂФ¹¤ë¥»¥­¥å¥ê¥Æ¥£¥Ý¥ê¥·¤¬¤¹¤Ç¤ËºöÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
+	¤³¤Î¥Ý¥ê¥·¤Ë¤Ï¡¢ºÇÄã¸Â¥¨¥ó¥É¥æ¡¼¥¶¤Î¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¡¢
+	¥Ç¥¹¥¯¥È¥Ã¥×¡¢·ÈÂÓÅÅÏää¥é¥Ã¥×¥È¥Ã¥×¤È¤¤¤Ã¤¿¥â¥Ð¥¤¥ë¥Ç¥Ð¥¤¥¹¡¢¤ª¤è¤Ó
+	À½Éʤª¤è¤Ó³«È¯¥µ¡¼¥Ð¤ÎξÊý¤ËÂФ¹¤ë¥»¥­¥å¥ê¥Æ¥£¤ÎÀßÄ꤬´Þ¤Þ¤ì¤Æ¤¤¤ë¤Ù¤­¤Ç¤¹¡£
+	¿¤¯¤Î¾ì¹ç¤Ë¤Ï¡¢¥³¥ó¥Ô¥å¡¼¥¿¤Î¥»¥­¥å¥ê¥Æ¥£¤ò¹Í¤¨¤ëºÝ¤Ë¡¢
+	ɸ½àºî¶È¼ê³½ñ (<acronym>SOP</acronym>)
+	¤¬¤¹¤Ç¤Ë¸ºß¤·¤Þ¤¹¡£
+	¤ï¤«¤é¤Ê¤±¤ì¤Ð¡¢¥»¥­¥å¥ê¥Æ¥£¥Á¡¼¥à¤Ë¿Ò¤Í¤Æ¤¯¤À¤µ¤¤¡£</para>
+    </sect2>
 
-    <indexterm><primary>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</primary></indexterm>
+    <sect2 xml:id="security-accounts">
+      <title>¥·¥¹¥Æ¥à¤ª¤è¤Ó¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È</title>
 
-    <para>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â (<acronym>DoS</acronym> ¹¶·â) ¤È¤Ï¡¢
-      ¥Þ¥·¥ó¤«¤éɬÍפʻñ¸»¤òÃ¥¤¦¹Ô°Ù¤Ç¤¹¡£
-      Ä̾¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â¤Ï¤½¤Î¥Þ¥·¥ó¤Ç¼Â¹Ô¤µ¤ì¤ë¥µ¡¼¥Ð¤ä¥Í¥Ã¥È¥ï¡¼¥¯¥¹¥¿¥Ã¥¯¤ò²áÉé²Ù¾õÂ֤ˤ·¤Æ¡¢
-      ¥Þ¥·¥ó¤ò¥¯¥é¥Ã¥·¥å¤µ¤»¤¿¤ê¡¢
-      ¥Þ¥·¥ó¤ò»È¤¨¤Ê¤¯¤·¤¿¤ê¤¹¤ë¤è¤¦¤ÊÎÏǤ¤»¤ÎÊýË¡¤Ç¤¹¡£
-      ¥µ¡¼¥Ð¥×¥í¥»¥¹¤ËÂФ¹¤ë¹¶·â¤Ï¡¢¥ª¥×¥·¥ç¥ó¤òŬÀڤ˻ØÄꤹ¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢
-      ¹¶·â¤µ¤ì¤Æ¤¤¤ë¾õ¶·¤Ç¥µ¡¼¥Ð¥×¥í¥»¥¹¤ÎÉé²Ù¾å¾º¤Ë¸Â³¦¤òÀßÄꤹ¤ë¤³¤È¤ÇÂбþ¤Ç¤­¤ë¾ì¹ç¤¬Â¿¤¤¤Ç¤¹¡£¤³¤ì¤é¤ËÈæ¤Ù¤ë¤È¡¢
-      ¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤ÎÎÏǤ¤»¤Î¹¶·â¤Ø¤ÎÂбþ¤Ï¤º¤Ã¤ÈÆñ¤·¤¯¤Ê¤ê¤Þ¤¹¡£
-      ¤³¤Î¹¶·â¤Ë¤è¤Ã¤Æ¡¢¥Þ¥·¥ó¤òÍî¤È¤·¤Æ¤·¤Þ¤¦¤³¤È¤Ï¤Ç¤­¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢
-      Àܳ¤·¤Æ¤¤¤ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È²óÀþ¤ò˰Ϥµ¤»¤Æ¤·¤Þ¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤¹¡£</para>
+      <para>¥·¥¹¥Æ¥à¤ò°ÂÁ´¤Ë¤¹¤ë¤Ë¤¢¤¿¤ê¡¢ºÇ¤âŬÀڤʽÐȯÅÀ¤Ï¡¢
+	¥¢¥«¥¦¥ó¥È¤Î´Æºº¤Ç¤¹¡£
+	¥ë¡¼¥È¥¢¥«¥¦¥ó¥È¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¶¯ÎϤǤ¢¤ë¤³¤È¡¢
+	¥·¥§¥ë¥¢¥¯¥»¥¹¤òɬÍפȤ·¤Ê¤¤¥¢¥«¥¦¥ó¥È¤Ï̵¸ú¤Ë¤¹¤ë¤³¤È¤ò³Î¼Â¤Ë¤ª¤³¤Ê¤Ã¤Æ¤¯¤À¤µ¤¤¡£
+	¤Þ¤¿¡¢¸¢¸Â¤òɬÍפȤ¹¤ë¥æ¡¼¥¶¤ËÂФ·¤Æ¤Ï¡¢
+	<package>security/sudo</package> ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¡¢
+	¥¢¥¯¥»¥¹¤¬É¬ÍפȤʤ륢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¤ß¤Ë¥¢¥¯¥»¥¹¤òµö²Ä¤¹¤ë¤è¤¦¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£
+	root ¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢·è¤·¤Æ¶¦Í­¤¹¤Ù¤­¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£</para>
 
-    <indexterm>
-      <primary>¥»¥­¥å¥ê¥Æ¥£</primary>
-      <secondary>¥¢¥«¥¦¥ó¥ÈÉÔÀµÍøÍÑ</secondary>
-    </indexterm>
+      <para>¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤ò̵¸ú¤Ë¤¹¤ëÊýË¡¤ÏÆóÄ̤ꤢ¤ê¤Þ¤¹¡£
+	°ì¤ÄÌܤÎÊýË¡¤Ï¡¢¥¢¥«¥¦¥ó¥È¤ò¥í¥Ã¥¯¤¹¤ëÊýË¡¤Ç¤¹¡£Îã¤È¤·¤Æ¡¢
+	toor ¥¢¥«¥¦¥ó¥È¤ò¥í¥Ã¥¯¤¹¤ëÊýË¡¤ò°Ê²¼¤Ë¼¨¤·¤Þ¤¹¡£</para>
 
-    <para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ÎÉÔÀµÍøÍѤϡ¢
-      <acronym>DoS</acronym> ¹¶·â¤è¤ê¤â¤º¤Ã¤È¤è¤¯¤¢¤ëÌäÂê¤Ç¤¹¡£
-      ¤³¤Î¤´»þÀª¤Ç¤â¡¢
-      °Å¹æ²½¤µ¤ì¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¿¤¯¡¢
-      ¤½¤Î¤¿¤á¡¢¥ê¥â¡¼¥È¤«¤é¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤Ï¡¢
-      ¥Ñ¥¹¥ï¡¼¥É¤òÇÁ¤­¸«¤é¤ì¤Æ¤·¤Þ¤¦´í¸±À­¤¬¤¢¤ê¤Þ¤¹¡£
-      ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬Ãí°Õ¿¼¤¤¿Í¤Ê¤é¤Ð¡¢
-      ¥ê¥â¡¼¥È¥¢¥¯¥»¥¹¥í¥°¤ò²òÀϤ·¤Æ¡¢
-      µ¿¤ï¤·¤¤Á÷¿®¸µ¥¢¥É¥ì¥¹¤äµ¿¤ï¤·¤¤¥í¥°¥¤¥ó¤òõ¤¹¤â¤Î¤Ç¤¹¡£</para>
+      <screen>&prompt.root; <userinput>pw lock toor</userinput></screen>
 
-    <para>¥»¥­¥å¥ê¥Æ¥£¤ò½½Ê¬°Ý»ý¤·¡¢
-      ¼êÆþ¤ì¤Î¹Ô¤­ÆϤ¤¤¿¥·¥¹¥Æ¥à¤Ë¤ª¤¤¤Æ¤Ï¡¢
-      ¤¢¤ë¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤¬²Äǽ¤È¤Ê¤Ã¤Æ¤â¡¢
-      ɬ¤º¤·¤â¹¶·â¼Ô¤Ë <systemitem class="username">root</systemitem>
-      ¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤òÍ¿¤¨¤ë¤È¤Ï¸Â¤ê¤Þ¤»¤ó¡£
-      <systemitem class="username">root</systemitem>
-      ¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤¬¤Ê¤±¤ì¤Ð¡¢
-      ¹¶·â¼Ô¤Ï¼«Ê¬¤Î¿¯Æþ¤Îº¯Àפò±£Ê乤뤳¤È¤¬¤Ç¤­¤Þ¤»¤ó¤·¡¢
-      ¤½¤Î¥æ¡¼¥¶¤Î¥Õ¥¡¥¤¥ë¤ò°ú¤Ã¤«¤­²ó¤·¤¿¤ê¡¢
-      ¥Þ¥·¥ó¤ò¥¯¥é¥Ã¥·¥å¤µ¤»¤¿¤ê¤¹¤ë¤Î¤¬¤»¤¤¤¼¤¤¤Ç¤¹¡£
-      ¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ÎÉÔÀµÍøÍѤϤ᤺¤é¤·¤¤¤³¤È¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
-      ¤Ê¤¼¤Ê¤é°ìÈ̥桼¥¶¤Ï¡¢
-      ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Û¤ÉÃí°Õ¤òʧ¤ï¤Ê¤¤·¹¸þ¤¬¤¢¤ë¤«¤é¤Ç¤¹¡£</para>
+      <para>¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥¢¥«¥¦¥ó¥È¤ÎÀßÄê¤ò
+	<quote>toor:*:0:0::0:0:Bourne-again Superuser:/root:</quote>
+	¤«¤é <quote>toor:*LOCKED**:0:0::0:0:Bourne-again
+	Superuser:/root:</quote> ¤Ø¤ÈÊѹ¹¤·¤Þ¤¹¡£</para>
 
-    <indexterm>
-      <primary>¥»¥­¥å¥ê¥Æ¥£</primary>
-      <secondary>΢¸ý (¥Ð¥Ã¥¯¥É¥¢)</secondary>
-    </indexterm>
+      <para>¤È¤­¤Ë¤Ï (¤ª¤½¤é¤¯ÄɲäΥµ¡¼¥Ó¥¹¤Î¤¿¤á¤Ë)¡¢
+	¤³¤ÎÊýË¡¤¬»È¤¨¤Ê¤¤¾ì¹ç¤¬¤¢¤ê¤Þ¤¹¡£
+	¤½¤Î¤è¤¦¤Ê¾ì¹ç¤Ë¤Ï¡¢°Ê²¼¤ÎÎã¤Î¤è¤¦¤Ë¡¢
+	¥·¥§¥ë¤ò /sbin/nologin ¤ËÊѹ¹¤¹¤ë¤³¤È¤Ç¡¢
+	¥í¥°¥¤¥ó¥¢¥¯¥»¥¹¤òµñÈݤǤ­¤Þ¤¹¡£</para>
 
-    <para><systemitem class="username">root</systemitem>
-      ¸¢¸Â¤òÃ¥¼è¤¹¤ëÊýË¡¤Ï¡¢ÀøºßŪ¤Ë²¿Ä̤ê¤â¤¢¤ê¤Þ¤¹¡£
-      ¹¶·â¼Ô¤Ï <systemitem class="username">root</systemitem>
-      ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÃΤäƤ¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¤·¡¢
-      ¹¶·â¼Ô¤¬ <systemitem class="username">root</systemitem>
-      ¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ó¥¹¤Î¥Ð¥°¤ÎÀȼåÀ­¤òÍøÍѤǤ­¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
-      ¤Þ¤¿¡¢¹¶·â¼Ô¤Ï SUID-root
-      ¥×¥í¥°¥é¥à¤Ë¸ºß¤¹¤ë¥Ð¥°¤òÃΤäƤ¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
-      ¹¶·â¼Ô¤Ï¡¢
-      ¥Ð¥Ã¥¯¥É¥¢¤È¤·¤ÆÃΤé¤ì¤Æ¤¤¤ë¥×¥í¥°¥é¥à¤ò»È¤Ã¤ÆÀȼåÀ­¤Ê¥·¥¹¥Æ¥à¤òõ¤·¤¿¤ê¡¢
-      ½¤Àµ¤µ¤ì¤Æ¤¤¤Ê¤¤ÀȼåÀ­¤òÍøÍѤ·¤Æ¥¢¥¯¥»¥¹¤·¤¿¤ê¡¢
-      ¹¶·â¼Ô¤Ë¤è¤ë°ãË¡¹Ô°Ù¤Îº¯Àפò¾Ã¤½¤¦¤È¤·¤¿¤ê¤¹¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
+      <screen>&prompt.root; <userinput>chsh -s /usr/sbin/nologin toor</userinput></screen>
 
-    <para>¥»¥­¥å¥ê¥Æ¥£¤ò²þÁ±¤¹¤ëÊýË¡¤Ï¡¢¾ï¤Ë¡¢
-      ¥¿¥Þ¥Í¥®¤ÎÈé¤Î¤è¤¦¤Ë³¬Áز½¤¹¤ë¼êË¡
-      (a multi-layered <quote>onion peel</quote> approach)
-      ¤Ç¼ÂÁõ¤µ¤ì¤ë¤Ù¤­¤Ç¤¹¡£¤³¤ì¤é¤Ï¼¡¤Î¤è¤¦¤ËʬÎà¤Ç¤­¤Þ¤¹¡£</para>
+      <note>
+        <para>¾¤Î¥æ¡¼¥¶¤Î¥·¥§¥ë¤Ï¡¢¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¤Î¤ß¤¬Êѹ¹¤Ç¤­¤Þ¤¹¡£
+	  Ä̾ï¤Î¥æ¡¼¥¶¤¬¹Ô¤ª¤¦¤È¤¹¤ë¤È¼ºÇÔ¤·¤Þ¤¹¡£</para>
+      </note>
 
-    <orderedlist>
-      <listitem>
-	<para><systemitem class="username">root</systemitem>
-	  ¤È¥¹¥¿¥Ã¥Õ¤Î¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À­¤ò¹â¤á¤ë¡£</para>
-      </listitem>
+      <para>¥¢¥«¥¦¥ó¥È¾ðÊó¤Ï¡¢°Ê²¼¤Î¤è¤¦¤ËºÇ¸å¤Î¥¨¥ó¥È¥ê¤¬
+	<quote>nologin</quote> ¥·¥§¥ë¤È¤Ê¤ê¤Þ¤¹¡£</para>
 
-      <listitem>
-	<para><systemitem class="username">root</systemitem>
-	  ¤Î°ÂÁ´À­¤ò¹â¤á¤ë &ndash; <systemitem
-	    class="username">root</systemitem> ¸¢¸Â¤ÇÆ°ºî¤¹¤ë¥µ¡¼¥Ð¤È
-	  SUID/SGID ¥Ð¥¤¥Ê¥ê¡£</para>
-      </listitem>
+      <programlisting>toor:*:0:0::0:0:Bourne-again Superuser:/root:/usr/sbin/nologin</programlisting>
 
-      <listitem>
-	<para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À­¤ò¹â¤á¤ë¡£</para>
-      </listitem>
+      <para><filename>/usr/sbin/nologin</filename> ¥·¥§¥ë¤Ï¡¢
+	&man.login.1;
+	¥³¥Þ¥ó¥É¤¬¤³¤Î¥æ¡¼¥¶¤Ë¥·¥§¥ë¤ò³ä¤êÅö¤Æ¤ë¤³¤È¤ò¥Ö¥í¥Ã¥¯¤·¤Þ¤¹¡£</para>
+      </sect2>
 
-      <listitem>
-	<para>¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤Î°ÂÁ´À­¤ò¹â¤á¤ë¡£</para>
-      </listitem>
+    <sect2 xml:id="security-sudo">
+      <title>¥¢¥«¥¦¥ó¥È¤Î¸¢¸Â¤ò³ÈÂ礹¤ë</title>
 
-      <listitem>
-	<para>¥«¡¼¥Í¥ë¤Î¥³¥¢¡¢raw ¥Ç¥Ð¥¤¥¹¡¢
-	  ¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î°ÂÁ´À­¤ò¹â¤á¤ë¡£</para>
-      </listitem>
+      <para>¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢
+	¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ø¤Î¥¢¥¯¥»¥¹¤ò¾¤Î¥æ¡¼¥¶¤È¶¦Í­¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+	&os; ¤Ï¤³¤Î¤¿¤á¤ËÆó¤Ä¤ÎÊýË¡¤òÍÑ°Õ¤·¤Æ¤¤¤Þ¤¹¡£
+	Âè°ì¤ÎÊýË¡¤Ï¿ä¾©¤µ¤ì¤Þ¤»¤ó¤¬¡¢
+	¥ë¡¼¥È¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¶¦Í­¤·¡¢¥æ¡¼¥¶¤ò
+	<systemitem class="groupname">wheel</systemitem>
+	¥°¥ë¡¼¥×¤Ë²Ã¤¨¤ëÊýË¡¤Ç¤¹¡£
+	¤³¤ì¤ò¹Ô¤¦¤Ë¤Ë¤Ï¡¢<filename>/etc/group</filename> ¤òÊÔ½¸¤·¡¢
+	ºÇ½é¤Î¥°¥ë¡¼¥×¤ÎºÇ¸å¤Ë¥æ¡¼¥¶¤òÄɲ䷤Ƥ¯¤À¤µ¤¤¡£
+	¥æ¡¼¥¶¤Ï¥«¥ó¥Þ¶èÀÚ¤ê¤Ç´ÉÍý¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
 
-      <listitem>
-	<para>¥·¥¹¥Æ¥à¤ËÂФ·¤Æ¹Ô¤Ê¤ï¤ì¤¿¡¢
-	  ÉÔŬÀÚ¤ÊÊѹ¹¤ò¤¹¤Ð¤ä¤¯¸¡½Ð¤¹¤ë¡£</para>
-      </listitem>
+      <para>¸¢¸Â¤Î³ÈÂç¤ò¤¹¤ëŬÀÚ¤ÊÊýË¡¤Ï¡¢
+	<package>security/sudo</package> port ¤ò»È¤¦ÊýË¡¤Ç¤¹¡£
+	¤³¤Î port ¤Ï¡¢Äɲäδƺº¡¢¤è¤ê¤­¤áºÙ¤«¤¤¥æ¡¼¥¶´ÉÍý¡¢¤ª¤è¤Ó
+	¥æ¡¼¥¶¤ò &man.service.8;
+	¤Î¤è¤¦¤Ê¸¢¸Â¤¬Í¿¤¨¤é¤ì¤¿¥³¥Þ¥ó¤Î¤ß¤Î¼Â¹Ô¤ËÀ©¸Â¤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£</para>
 
-      <listitem>
-	<para>ɬÍפȻפï¤ì¤ë°Ê¾å¤ÎÂбþ¤ò¤È¤ë (paranoia)¡£</para>
-      </listitem>
-    </orderedlist>
+      <para>¥¤¥ó¥¹¥È¡¼¥ë¤¬½ª¤ï¤Ã¤¿¤é¡¢
+	<command>visudo</command> ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ò»È¤Ã¤Æ
+	<filename>/usr/local/etc/sudoers</filename>
+	¥Õ¥¡¥¤¥ë¤òÊÔ½¸¤·¤Æ¤¯¤À¤µ¤¤¡£
+	°Ê²¼¤ÎÎã¤Ç¤Ï¡¢¿·¤·¤¯ webadmin ¥°¥ë¡¼¥×¤¬ºîÀ®¤µ¤ì¡¢
+	<systemitem class="username">trhodes</systemitem>
+	¥æ¡¼¥¶¤¬¤³¤Î¥°¥ë¡¼¥×¤ËÄɲ䵤ì¤Þ¤¹¡£
+	¤½¤Î¸å¡¢¥æ¡¼¥¶¤Ë <package>apache24</package>
+	¤òºÆµ¯Æ°¤¹¤ë¥¢¥¯¥»¥¹¸¢¸Â¤òÍ¿¤¨¤Þ¤¹¡£
+	¤³¤Î¼ê³¤­¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
 
-    <para>¼¡¤ÎÀá¤Ç¤Ï¡¢¾åµ­¤Î¹àÌܤˤĤ¤¤Æ¤è¤ê¿¼¤¯·¡¤ê²¼¤²¤Æ¤¤¤­¤Þ¤¹¡£</para>
-  </sect1>
+      <screen>&prompt.root; <userinput>pw groupadd webadmin -M trhodes -g 6000</userinput></screen>
 
-  <sect1 xml:id="securing-freebsd">
-    <title>&os; ¤Î°ÂÁ´À­¤ò¹â¤á¤ë</title>
+      <screen>&prompt.root; <userinput>visudo</userinput></screen>
 
-    <indexterm>
-      <primary>¥»¥­¥å¥ê¥Æ¥£</primary>
-      <secondary>&os; ¤Î°ÂÁ´À­¤ò¹â¤á¤ë</secondary>
-    </indexterm>
+      <programlisting>%webadmin ALL=(ALL) /usr/sbin/service apache24 *</programlisting>
 
-    <para>¤³¤ÎÀá¤Ç¤Ï¡¢<link
-	linkend="security-intro">Á°Àá</link> ¤Ç¤È¤ê¤¢¤²¤¿ &os;
-      ¥·¥¹¥Æ¥à¤Î°ÂÁ´À­¤ò¹â¤á¤ëÊýË¡¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£</para>
+      <para>¥í¡¼¥«¥ë¤Î¥æ¡¼¥¶´ÉÍý¤Ë¤ª¤¤¤Æ¡¢
+	<package>security/sudo</package> ¤Ï¡¢
+	Èó¾ï¤Ëµ®½Å¤Ê¥ê¥½¡¼¥¹¤òÄ󶡤·¤Þ¤¹¡£
+	¤Þ¤¿¡¢¥Ñ¥¹¥ï¡¼¥É¤òÉÔɬÍפˤ·¤Æ¡¢¥Ç¥Õ¥©¥ë¥È¤ò &man.ssh.1;
+	¸°¤ÎÊýË¡¤À¤±¤Ë¤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£
+	&man.sshd.8; ·Ðͳ¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤ë¥í¥°¥¤¥ó¤ò̵¸ú¤Ë¤·¡¢
+	<command>sudo</command>
+	¤Ø¤Î¥í¡¼¥«¥ë¥Ñ¥¹¥ï¡¼¥É¤Î¤ß¤ò»È¤¦¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
+	<xref linkend="openssh"/> ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
+    </sect2>
 
-    <sect2 xml:id="securing-root-and-staff">
-      <title><systemitem class="username">root</systemitem>
-	¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À­¤ò¹â¤á¤ë</title>
+    <sect2 xml:id="security-passwords">
+      <title>¥Ñ¥¹¥ï¡¼¥É</title>
 
-      <indexterm>
-	<primary>&man.su.1;</primary>
-      </indexterm>
+      <para>¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥Æ¥¯¥Î¥í¥¸¡¼¤Ë¤ª¤±¤ëɬÍ×°­¤Ç¤¹¡£
+	¥Ñ¥¹¥ï¡¼¥É¤Ï¶Ë¤á¤ÆÊ£»¨¤Ç¤¢¤ë¤À¤±¤Ç¤Ï¤Ê¤¯¡¢
+	¥Ñ¥¹¥ï¡¼¥É¤òÊݸ¤ë¶¯ÎϤʥϥå·¥å¥á¥«¥Ë¥º¥à¤â¤Þ¤¿É¬ÍפȤʤê¤Þ¤¹¡£
+	¤³¤Îʸ½ñ¤ò½ñ¤¤¤Æ¤¤¤ë»þÅÀ¤Ç¤Ï¡¢
+	&os; ¤Ï <function>crypt()</function> ¥é¥¤¥Ö¥é¥ê¤Ç
+	<acronym>DES</acronym>, <acronym>MD</acronym>5, Blowfish,
+	<acronym>SHA</acronym>256 ¤ª¤è¤Ó <acronym>SHA</acronym>512
+	¤ËÂбþ¤·¤Æ¤¤¤Þ¤¹¡£
+	¥Ç¥Õ¥©¥ë¥È¤Ï <acronym>SHA</acronym>512 ¤Ç¤¢¤ê¡¢
+	¶¯Å٤μ夤°Å¹æ¤Ø¤ÏÊѹ¹¤¹¤Ù¤­¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+	¤·¤«¤·¤Ê¤¬¤é¡¢Blowfish ¤ò¹¥¤à¥æ¡¼¥¶¤â¤ª¤ê¤Þ¤¹¡£
+	<acronym>DES</acronym> ¤ò½ü¤¯³Æ¥á¥«¥Ë¥º¥à¤Ç¤Ï¡¢
+	³«»Ï¤Îʸ»ú¡¢»ÈÍѤ·¤Æ¤¤¤ë¥Ï¥Ã¥·¥å¥á¥«¥Ë¥º¥à¤ò¼±Ê̲Äǽ¤ÊÆÃħ¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£
+	<acronym>MD</acronym>5 ¥á¥«¥Ë¥º¥à¤Ç¤Ï¡¢¥·¥ó¥Ü¥ë¤Ï
+	<quote>$</quote> ¤ÎÉä¹æ¤Ç¤¹¡£
+	<acronym>SHA</acronym>256 ¤Þ¤¿¤Ï¡¢
+	<acronym>SHA</acronym>512 ¤Ç¤Ï¡¢¥·¥ó¥Ü¥ë¤Ï <quote>$6$</quote>¡¢
+	¤½¤·¤Æ Blowfish ¤Ï <quote>$2a$</quote> ¤Ç¤¹¡£
+	°Å¹æ¶¯Å٤μ夤¥Ñ¥¹¥ï¡¼¥É¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¡¢
+	¼¡²ó¤Î¥í¥°¥¤¥ó»þ¤Ë¥æ¡¼¥¶¤¬
+	&man.passwd.1; ¤ò¼Â¹Ô¤·¤ÆºÆ¥Ï¥Ã¥·¥å²½¤¹¤ë¤³¤È¤òÂ¥¤¹¤Ù¤­¤Ç¤¹¡£</para>
 
-      <para>¤Û¤È¤ó¤É¤Î¥·¥¹¥Æ¥à¤Ç¤Ï¡¢
-	<systemitem class="username">root</systemitem>
-	¥¢¥«¥¦¥ó¥È¤Ë³ä¤êÅö¤Æ¤¿¥Ñ¥¹¥ï¡¼¥É¤¬ 1 ¤Ä¤¢¤ê¤Þ¤¹¡£
-	¤³¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï<emphasis>¤¤¤Ä¤Ç¤â</emphasis>ÉÔÀµÍøÍÑ¤Î´í¸±¤Ë»¯¤µ¤ì¤Æ¤¤¤ë¤È¹Í¤¨¤Æ¤¯¤À¤µ¤¤¡£
-	¤³¤ì¤Ï¥Ñ¥¹¥ï¡¼¥É¤ò̵¸ú¤Ë¤¹¤Ù¤­¤À¤È¸À¤Ã¤Æ¤¤¤ë¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
-	¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥Þ¥·¥ó¤Ë¥³¥ó¥½¡¼¥ë¤«¤é¥¢¥¯¥»¥¹¤¹¤ë¤Î¤Ë¤Ï¡¢
-	¤Û¤È¤ó¤É¤¤¤Ä¤Ç¤âɬÍפʤâ¤Î¤Ç¤¹¡£
-	¤·¤«¤·¤Ê¤¬¤é¡¢¥³¥ó¥½¡¼¥ë°Ê³°¤«¤é¤Ï¡¢
-	¤½¤·¤Æ²Äǽ¤Ê¤é &man.su.1;
-	¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¤â¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¨¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Ù¤­¤Ç¤¹¡£
-	¤¿¤È¤¨¤Ð¡¢<filename>/etc/ttys</filename> ¤Î¥¨¥ó¥È¥ê¤Ë¤ª¤¤¤Æ¡¢
-	ÆÃÄê¤Î¥¿¡¼¥ß¥Ê¥ë¤ËÂФ·
-	<systemitem class="username">root</systemitem>
-	¤Ç¥í¥°¥¤¥ó¤Ç¤­¤Ê¤¤¤è¤¦¤Ë
-	<literal>insecure</literal> ¤ÈÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£
-	&os; ¤Ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¡¢
-	<filename>/etc/ssh/sshd_config</filename> ¤Ë¤ª¤¤¤Æ
-	<literal>PermitRootLogin</literal> ¤¬ <literal>no</literal>
-	¤ÈÀßÄꤵ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢&man.ssh.1; ¤ò»È¤Ã¤¿
-	<systemitem class="username">root</systemitem>
-	¤Ø¥í¥°¥¤¥ó¤Ï̵¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
-	¤¹¤Ù¤Æ¤Î¥¢¥¯¥»¥¹¼êÃÊ¡¢¤¿¤È¤¨¤Ð FTP
-	¤è¤¦¤Ê¥µ¡¼¥Ó¥¹¤Ï¡¢Îɤ¯¥¯¥é¥Ã¥¯¤ÎÂоݤȤʤ뤳¤È¤òÍý²ò¤·¤Æ¤¯¤À¤µ¤¤¡£
-	<systemitem class="username">root</systemitem> ¤Ø¤ÎľÀÜ¥í¥°¥¤¥ó¤Ï¡¢
-	¥·¥¹¥Æ¥à¥³¥ó¥½¡¼¥ë·Ðͳ¤Ç¤Î¤ß²Äǽ¤Ç¤¢¤ë¤Ù¤­¤Ê¤Î¤Ç¤¹¡£</para>
+      <note>
+	<para>¤³¤Îʸ½ñ¤ò½ñ¤¤¤Æ¤¤¤ë»þÅÀ¤Ç¡¢Blowfish ¤Ï
+	  <acronym>AES</acronym> ¤Ç¤Ê¤±¤ì¤Ð¡¢
+	  <acronym>FIPS</acronym> (Federal Information
+	  Processing Standards) ¤Ë½àµò¤â¤·¤Æ¤¤¤Þ¤»¤ó¡£
+	  ¤½¤Î¤¿¤á¡¢»ÈÍѤǤ­¤Ê¤¤´Ä¶­¤¬¤¢¤ê¤Þ¤¹¡£</para>
+      </note>
 
-      <indexterm>
-	<primary><systemitem class="groupname">wheel</systemitem></primary>
-      </indexterm>
+      <para>¥Í¥Ã¥È¥ï¡¼¥¯¤ËÀܳ¤·¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+	ÆóÍ×ÁÇǧ¾Ú¤ò»ÈÍѤ¹¤Ù¤­¤Ç¤¹¡£
+	¤³¤Îǧ¾Ú¤Ç¤Ï¡¢Ä̾濫¤Ê¤¿¤¬½êÍ­¤¹¤ëÍ×ÁǤÈÃΤäƤ¤¤ëÍ×ÁǤ¬ÍѤ¤¤é¤ì¤Þ¤¹¡£
+	&os; ¤Î¥Ù¡¼¥¹¥·¥¹¥Æ¥à¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë
+	<application>OpenSSH</application> ¤ª¤è¤Ó ssh-keys ¤Ç¤Ï¡¢
+	¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤Î¤¹¤Ù¤Æ¤Î¥í¥°¥¤¥ó¤Ë¤ª¤±¤ëÆóÍ×ÁÇǧ¾Ú¤Î¸ò´¹¤Ç¡¢
+	¥Ñ¥¹¥ï¡¼¥É¤ò»ÈÍѤ¹¤Ù¤­¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+	¤è¤ê¾ÜºÙ¤Ê¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥Ï¥ó¥É¥Ö¥Ã¥¯¤Î
+	<xref linkend="openssh"/> Àá¤ò¤´Í÷¤¯¤À¤µ¤¤¡£
+	Kerberose ¤Î¥æ¡¼¥¶¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯¤Ç
+	<application>OpenSSH</application>
+	¤ò¼ÂÁõ¤¹¤ë¤¿¤á¤ËÄɲäÎÊѹ¹¤¬É¬Íפˤʤë¤Ç¤·¤ç¤¦¡£</para>
+    </sect2>
 
-      <para>¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï
-	<systemitem class="username">root</systemitem>
-	¤Ë¤Ê¤ì¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯É¬Íפ¬¤¢¤ë¤Î¤Ç¡¢
-	ÄɲäΥѥ¹¥ï¡¼¥Éǧ¾Ú¤ÎÀßÄ꤬ɬÍפȤʤê¤Þ¤¹¡£
-	¤Ò¤È¤Ä¤Ï¡¢Å¬Àڤʥ桼¥¶¥¢¥«¥¦¥ó¥È¤ò
-	<filename>/etc/group</filename> Ãæ¤Î
-	<systemitem class="groupname">wheel</systemitem> ¤Ë²Ã¤¨¤ëÊýË¡¤Ç¤¹¡£
-	<systemitem class="groupname">wheel</systemitem>
-	¤Î¥á¥ó¥Ð¤Ï¡¢&man.su.1; ¤ò»È¤Ã¤Æ
-	<systemitem class="username">root</systemitem> ¤Ë¤Ê¤ë¤³¤È¤¬µö¤µ¤ì¤Þ¤¹¡£
-	¼ÂºÝ¤Ë
-	<systemitem class="username">root</systemitem>
-	¥¢¥¯¥»¥¹¤ÎɬÍפʥ桼¥¶¤Î¤ß
-	<systemitem class="groupname">wheel</systemitem>
-	¤ËÃÖ¤¯¤è¤¦¤Ë¤¹¤Ù¤­¤Ç¤¹¡£
-	Kerberos ¤ò»ÈÍѤ·¤Æǧ¾Ú¹Ô¤¦¾ì¹ç¤Ë¤Ï¡¢
-	<systemitem class="username">root</systemitem>
-	¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤Ë <filename>.k5login</filename>
-	¤òºîÀ®¤¹¤ë¤³¤È¤Ç¡¢
-	ï¤â <systemitem class="groupname">wheel</systemitem> ¤ËÃÖ¤¯É¬Íפʤ¯
-	&man.ksu.1; ¤¹¤ë¤³¤È¤òµö²Ä¤Ç¤­¤Þ¤¹¡£</para>
+    <sect2 xml:id="security-rkhunter">
+      <title>¥Ð¥Ã¥¯¥É¥¢¤ª¤è¤Ó¥ë¡¼¥È¥­¥Ã¥È</title>
 
-      <para>¥¢¥«¥¦¥ó¥È¤ò´°Á´¤Ë¥í¥Ã¥¯¤¹¤ë¤Ë¤Ï¡¢
-	&man.pw.8; ¤ò»È¤Ã¤Æ¤¯¤À¤µ¤¤¡£</para>
+      <para>¥Ð¥Ã¥¯¥É¥¢¤ª¤è¤Ó¥ë¡¼¥È¥­¥Ã¥È¤Ï¡¢
+	¤½¤ì¤é¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿¸å¤Ë¶¼°Ò¤È¤Ê¤ê¤Þ¤¹¡£
+	¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤È¡¢¤³¤Î°­°Õ¤Î¤¢¤ë¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¢
+	¹¶·â¼Ô¤Î¤¿¤á¤Ë¿¯Æþ¸ý¤òÀßÃÖ¤·¤Þ¤¹¡£
+	¼ÂºÝŪ¤Ë¤Ï¡¢¥·¥¹¥Æ¥à¤¬°ìÅÙ±øÀ÷¤µ¤ì¤¿¸å¤Ë¡¢Ä´ºº¤¬¹Ô¤ï¤ì¡¢
+	¾Ãµî¤µ¤ì¤Þ¤¹¡£
+	¿µ½Å¤Ê¥»¥­¥å¥ê¥Æ¥£¤ä¥·¥¹¥Æ¥à¥¨¥ó¥¸¥Ë¥¢¤Ç¤µ¤¨¤â¡¢
+	¹¶·â¼Ô¤¬»Ä¤·¤¿¥½¥Õ¥È¥¦¥§¥¢¤ò¸«Æ¨¤·¤Æ¤·¤Þ¤¦¤È¤¤¤¦¶²¤í¤·¤¤¥ê¥¹¥¯¤¬Â¸ºß¤·¤Æ¤¤¤Þ¤¹¡£</para>
 
-      <screen>&prompt.root; <userinput>pw lock staff</userinput></screen>
+      <para>¥Ð¥Ã¥¯¥É¥¢¤Þ¤¿¤Ï¥ë¡¼¥È¥­¥Ã¥È¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¢
+	´ÉÍý¼Ô¤Ë¤È¤Ã¤ÆÌò¤ËΩ¤Ä¤³¤È¤¬°ì¤Ä¤¢¤ê¤Þ¤¹¡£
+	¤½¤ì¤Ï¡¢°ìÅÙ¸¡½Ð¤¹¤ë¤È¡¢
+	¥·¥¹¥Æ¥à¤Î¤É¤³¤«¤¬´í¸±¤ËËÁ¤µ¤ì¤Æ¤¤¤ë¤³¤È¤Îº¯ÀפȤʤê¤Þ¤¹¡£
+	¤·¤«¤·¡¢Ä̾盧¤Î¼ï¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¡¢¤È¤Æ¤â¤¦¤Þ¤¯±£¤ì¤Æ¤¤¤Þ¤¹¡£
+	¥Ð¥Ã¥¯¥É¥¢¤ª¤è¤Ó¥ë¡¼¥È¥­¥Ã¥È¤ò¸¡½Ð¤¹¤ë¥Ä¡¼¥ë¤¬Â¸ºß¤·¤Æ¤ª¤ê¡¢
+	¤½¤ì¤¦¤Á¤Î°ì¤Ä¤¬¡¢
+	<package>security/rkhunter</package> ¤Ç¤¹¡£</para>
 
-      <para>¤³¤ì¤Ë¤è¤ê¡¢»ØÄꤵ¤ì¤¿¥æ¡¼¥¶¤Ï¡¢&man.ssh.1;
-	¤ò´Þ¤à¤¤¤«¤Ê¤ëÊýË¡¤Ç¤â¥í¥°¥¤¥ó¤Ç¤­¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£</para>
+      <para>¥¤¥ó¥¹¥È¡¼¥ë¸å¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤Ç¥·¥¹¥Æ¥à¤ò¥Á¥§¥Ã¥¯¤Ç¤­¤Þ¤¹¡£
+	¼Â¹Ô¤¹¤ë¤È¿¤¯¤Î¾ðÊ󤬽ÐÎϤµ¤ì¤Þ¤¹¡£</para>
 
-      <para>¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤ò¥Ö¥í¥Ã¥¯¤¹¤ë¤â¤¦°ì¤Ä¤ÎÊýË¡¤Ï¡¢
-	°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤ò
-	<quote><literal>*</literal></quote> 1 ʸ»ú¤ËÃÖ¤­´¹¤¨¤ë¤³¤È¤Ç¤¹¡£
-	¤³¤Îʸ»ú¤Ï¡¢°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤Ë¥Þ¥Ã¥Á¤¹¤ë¤³¤È¤Ï¤Ê¤¤¤Î¤Ç¡¢
-	¥æ¡¼¥¶¥¢¥¯¥»¥¹¤ò¥Ö¥í¥Ã¥¯¤·¤Þ¤¹¡£
-	¤¿¤È¤¨¤Ð¡¢¼¡¤Î¥¢¥«¥¦¥ó¥È¤Î¥¨¥ó¥È¥ê¤ò¡¢</para>
+      <screen>&prompt.root; <userinput>rkhunter -c</userinput></screen>
 
-      <programlisting>foobar:R9DT/Fa1/LV9U:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcsh</programlisting>
+      <para>¤³¤Î¥×¥í¥»¥¹¤ò¼Â¹ÔÃæ¤Ë <keycap>ENTER</keycap>
+	¥­¡¼¤ò²¿ÅÙ¤«²¡¤¹É¬Íפ¬¤¢¤ê¤Þ¤¹¡£
+	´°Î»¤¹¤ë¤È¡¢¥¹¥Æ¡¼¥¿¥¹¥á¥Ã¥»¡¼¥¸¤¬²èÌ̤Ëɽ¼¨¤µ¤ì¤Þ¤¹¡£
+	¤³¤Î¥á¥Ã¥»¡¼¥¸¤Ï¡¢¥Á¥§¥Ã¥¯¤·¤¿¥Õ¥¡¥¤¥ë¤ÎÎÌ¡¢µ¿¤ï¤·¤¤¥Õ¥¡¥¤¥ë¤Î¿ô¡¢
+	²ÄǽÀ­¤Î¤¢¤ë¥ë¡¼¥È¥­¥Ã¥ÈÅù¤Î¾ðÊó¤ò´Þ¤ß¤Þ¤¹¡£
+	¥Á¥§¥Ã¥¯¤ÎºÇÃæ¡¢±£¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¡¢
+	<application>OpenSSH</application> ¥×¥í¥È¥³¥ë¤ÎÁªÂò¡¢¤½¤·¤Æ¡¢
+	»þ¤Ë¤Ï¡¢¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¥½¥Õ¥È¥¦¥§¥¢¤ÎÁ²¼åÀ­¤Î¥Ð¡¼¥¸¥ç¥ó¤Ë´Ø¤¹¤ë°ìÈÌŪ¤Ê¥»¥­¥å¥ê¥Æ¥£¤Î·Ù¹ð¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£
+	¤¹¤°¤Ë¡¢¤â¤·¤¯¤Ï¤è¤ê¾ÜºÙ¤Ê²òÀϤ¬¹Ô¤ï¤ì¤¿¸å¤Ë¡¢Âбþ¤¬²Äǽ¤Ç¤¹¡£</para>
 
-      <para>&man.vipw.8; ¤ò»È¤Ã¤Æ°Ê²¼¤Î¤è¤¦¤ËÊѹ¹¤·¤Þ¤¹¡£</para>
+      <para>´ÉÍý¼Ô¤Ï³§¡¢
+	ôÅö¤·¤Æ¤¤¤ë¥·¥¹¥Æ¥à¾å¤Ç²¿¤¬¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¤«¤òÇÄ°®¤·¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+	<application>rkhunter</application>,
+	<application>lsof</application> ¤ä
+	&man.netstat.1; ¤ª¤è¤Ó &man.ps.1; ¤È¤¤¤Ã¤¿¥Í¥¤¥Æ¥£¥Ö¤Î¥Ä¡¼¥ë¤Ï¡¢
+	¥·¥¹¥Æ¥à¤Ë´Ø¤¹¤ë¤«¤Ê¤ê¿¤¯¤Î¾ðÊó¤òÍ¿¤¨¤Æ¤¯¤ì¤Þ¤¹¡£
+	Àµ¾ï¤Ê¾õÂÖ¤¬¤É¤Î¤è¤¦¤Ê¾õÂ֤Ǥ¢¤ë¤«¤òÇÄ°®¤·¤Æ¤ª¤­¡¢
+	ËÜÍè¤È°ã¤¦¾õ¶·¤Ë¤Ê¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢¼ÁÌä¤ò¤·¤¿¤ê¡¢
+	µ¿¤¤¿¼¤¯¤Ê¤Ã¤Æ¤¯¤À¤µ¤¤¡£
+	¥»¥­¥å¥ê¥Æ¥£¤¬Çˤé¤ì¤ë¤³¤È¤òÈò¤±¤ë¤³¤È¤ÏÍýÁۤǤ¹¤¬¡¢
+	Çˤé¤ì¤¿¤³¤È¤òÇÄ°®¤¹¤ë¤³¤È¤Ïɬ¿Ü¤Ç¤¹¡£</para>
+    </sect2>
 
-      <programlisting>foobar:*:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcsh</programlisting>
+    <sect2 xml:id="security-ids">
+      <title>¥Ð¥¤¥Ê¥ê¸¡¾Ú</title>
 
-      <para>¤³¤ÎÊѹ¹¤Ë¤è¤Ã¤Æ
-	<systemitem class="username">foobar</systemitem> ¤Ï¡¢
-	Ä̾ï¤Î¥í¥°¥¤¥ó¤Ï¤Ç¤­¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
-	¤³¤Î¤è¤¦¤Ê¥¢¥¯¥»¥¹À©¸Â¤ò¤·¤¿¸å¤Ï¡¢
-	¥µ¥¤¥È¤Ç <application>Kerberos</application> ¤ò¥»¥Ã¥È¥¢¥Ã¥×¤·¤¿¤ê¡¢
-	¥æ¡¼¥¶¤¬ &man.ssh.1;
-	¤Î¸°¤òÀßÄꤹ¤ë¤Ê¤É¤È¤¤¤Ã¤¿Ç§¾Ú¼êÃʤòÍøÍѤ·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£</para>
+      <para>¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë¤ª¤è¤Ó¥Ð¥¤¥Ê¥ê¤Î¸¡¾Ú¤Ï¡¢
+	¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ª¤è¤Ó¥»¥­¥å¥ê¥Æ¥£¥Á¡¼¥à¤ËÂФ·¤Æ¡¢
+	¥·¥¹¥Æ¥à¤ÎÊѹ¹¤Ë´Ø¤¹¤ë¾ðÊó¤òÄ󶡤·¤Æ¤¯¤ì¤ë¤¿¤á½ÅÍפǤ¹¡£
+	¤¤¤«¤Ê¤ë¥·¥¹¥Æ¥à¤Ë¤ª¤¤¤Æ¤â¡¢¥·¥¹¥Æ¥à´ÉÍý¥Á¡¼¥à¤ÎÃΤé¤Ê¤¤¤È¤³¤í¤Ç¡¢
+	ÆâÉô¤Î¥³¥Þ¥ó¥É¤ä¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÏÊѹ¹¤¹¤Ù¤­¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+	¥·¥¹¥Æ¥à¤ÎÊѹ¹¤ò¤ò¥â¥Ë¥¿¥ê¥ó¥°¤¹¤ë¥½¥Õ¥È¥¦¥§¥¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¡¢
+	¿¯Æþ¸¡ÃÎ¥·¥¹¥Æ¥à (Intrusion Detection System)
+	¤Þ¤¿¤Ï <acronym>IDS</acronym> ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£</para>
 
-      <para>¤³¤ì¤é¤Î¥»¥­¥å¥ê¥Æ¥£¤Î»ÅÁȤߤǤϡ¢
-	À©¸Â¤Î¶¯¤¤¥µ¡¼¥Ð¤«¤éÀ©¸Â¤Î¼å¤¤¥µ¡¼¥Ð¤Ø¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤òÁ°Äó¤È¤·¤Æ¤¤¤Þ¤¹¡£
-	¤¿¤È¤¨¤Ð¡¢¥µ¡¼¥Ð¤¬¥Í¥Ã¥È¥ï¡¼¥¯¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¾ì¹ç¡¢
-	¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤Ç¤Ï¤½¤ì¤é¤Î¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤µ¤»¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
-	¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤ò½½Ê¬¤Ë°ÂÁ´¤Ë¤·¤Æ¤ª¤¯¤¿¤á¤Ë¤Ï¡¢
-	¼Â¹Ô¤¹¤ë¥µ¡¼¥Ó¥¹¤ò¥¼¥í¤Ë¤¹¤ë¤«¡¢²Äǽ¤Ê¸Â¤ê¸º¤é¤·¡¢
-	¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤¿¥¹¥¯¥ê¡¼¥ó¥»¡¼¥Ð¤òÁö¤é¤»¤Æ¤ª¤¯¤Ù¤­¤Ç¤¹¡£
-	¥·¥¹¥Æ¥à¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¤¬Í¿¤¨¤é¤ì¤¿¤È¤¹¤ë¤È¡¢
-	¤â¤Á¤í¤ó¸À¤¦¤Þ¤Ç¤â¤Ê¤¯¡¢
-	¹¶·â¼Ô¤Ï¤¤¤«¤Ê¤ë¼ïÎà¤Î¥»¥­¥å¥ê¥Æ¥£¤ò¤â¤¦¤ÁÇˤ뤳¤È¤¬¤Ç¤­¤ë¤Î¤Ç¤¹¡£
-	¹¬¤¤¤Ë¤â¡¢¥·¥¹¥Æ¥àÇˤê¤ÎÂç¿¿ô¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯·Ðͳ¤Ç¥ê¥â¡¼¥È¤«¤é¡¢
-	¥·¥¹¥Æ¥à¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¼êÃʤò»ý¤¿¤Ê¤¤¿Í¡¹¤Ë¤è¤Ã¤Æ¹Ô¤ï¤ì¤Æ¤¤¤Þ¤¹¡£</para>
+      <para>&os; ¤Ï¡¢´ðËÜŪ¤Ê
+	<acronym>IDS</acronym> ¥·¥¹¥Æ¥à¤ò¥Í¥¤¥Æ¥£¥Ö¤ÇÄ󶡤·¤Æ¤¤¤Þ¤¹¡£
+	¼ÂºÝ¤Ë¡¢ËèÈդΠ&man.periodic.8; ¥»¥­¥å¥ê¥Æ¥£¤Ë´Ø¤¹¤ë¥á¡¼¥ë¤ÎÃæ¤Ç¤Ï¡¢
+	´ÉÍý¼Ô¤ËÊѹ¹ÅÀ¤òÄÌÃΤ·¤Þ¤¹¡£
+	¾ðÊó¤Ï¥í¡¼¥«¥ë¤ËÊݸ¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢
+	°­°Õ¤Î¤¢¤ë¥æ¡¼¥¶¤¬Êѹ¹¤·¡¢¾ðÊó¤ò
+	<quote>µ½¤¯</quote> ²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£
+	¤½¤Î¤¿¤á¡¢¥Ð¥¤¥Ê¥ê¤Î½ð̾¤ÎÊ̤Υ»¥Ã¥È¤òºîÀ®¤·¤Æ¡¢
+	Æɤ߼è¤êÀìÍѤΠroot ½êÍ­¤Î¥Ç¥£¥ì¥¯¥È¥ê¡¢¤Ç¤­¤ì¤Ð¡¢
+	<acronym>USB</acronym> ¥Ç¥£¥¹¥¯¤Þ¤¿¤Ï
+	<application>rsync</application>
+	¥µ¡¼¥Ð¤È¤¤¤Ã¤¿¥·¥¹¥Æ¥à¤È¤ÏÊ̤Υ·¥¹¥Æ¥à¤ËÊݸ¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
 
-      <para>Kerberos ¤ò»È¤¦¤³¤È¤Ç¡¢
-	¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÊѹ¹¤â¤·¤¯¤ÏÄä»ß¤ò°ì²Õ½ê¤Ç¹Ô¤Ê¤¦¤³¤È¤È¡¢
-	¥æ¡¼¥¶¤¬¥¢¥«¥¦¥ó¥È¤ò»ý¤Ä¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¤Ë¨»þ¤Ë¤½¤Î¸ú²Ì¤òµÚ¤Ü¤¹¤³¤È¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£
-	¥¢¥«¥¦¥ó¥È¤¬´í¸±¤Ë»¯¤µ¤ì¤¿¤È¤­¤Ë¡¢
-	¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¾å¤Î´ØÏ¢¤¹¤ë¥Ñ¥¹¥ï¡¼¥É¤ò¨ºÂ¤ËÊѹ¹¤¹¤ëǽÎϤò²á¾®É¾²Á¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
-	Kerberos ¤Ç¤Ï¡¢Kerberos ¥Á¥±¥Ã¥È¤Ë¥¿¥¤¥à¥¢¥¦¥È¤òÀßÄê¤Ç¤­¡¢
-	ÀßÄꤷ¤¿´ü´Ö¤¬·Ð²á¤¹¤ë¤È¥æ¡¼¥¶¤Ë¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤òÁª¤Ö¤è¤¦¤ËÍ׵᤹¤ë¤È¤¤¤Ã¤¿ÄɲäÎÀ©¸Â¤ò²Ý¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£</para>
-    </sect2>
+      <para>¤Þ¤ººÇ½é¤Ë¡¢¥·¡¼¥É¤òÀ¸À®¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+	¤³¤ì¤Ï¡¢¿ôÃÍÄê¿ô¤Ç¡¢¥Ï¥Ã¥·¥åÃͤÎÀ¸À®¤ä¥Ï¥Ã¥·¥åÃͤθ¡¾Ú¤Ç»È¤ï¤ì¤Þ¤¹¡£
+	¤³¤Î¥·¡¼¥É¤¬¤Ê¤¤¤È¡¢
+	¥Õ¥¡¥¤¥ë¤Î¥Á¥§¥Ã¥¯¥µ¥à¤ÎÃͤòµ¶¤Ã¤¿¤ê¸¡¾Ú¤¬²Äǽ¤Ë¤Ê¤ê¤Þ¤¹¡£
+	°Ê²¼¤ÎÎã¤Ç¤Ï¡¢¥·¡¼¥É¤Ï <option>-s</option>
+	¥Õ¥é¥°¤Ç»ØÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
+	ºÇ½é¤Ë°Ê²¼¤Î¥³¥Þ¥ó¥É¤òÍѤ¤¤Æ <filename>/bin</filename>
+	¤Î¥Ï¥Ã¥·¥åÃͤª¤è¤Ó¥Á¥§¥Ã¥¯¥µ¥à¤òÀ¸À®¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
 
-    <sect2>
-      <title>root ¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ð¤È
-	SUID/SGID ¥Ð¥¤¥Ê¥ê¤Î°ÂÁ´À­¤ò¹â¤á¤ë</title>
+      <screen>&prompt.root; <userinput>mtree -s 3483151339707503 -c -K cksum,sha256digest -p /bin &gt; bin_chksum_mtree</userinput></screen>
 
-      <indexterm>
-	<primary>º½¾ì (sandbox)</primary>
-      </indexterm>
-      <indexterm>
-	<primary>&man.sshd.8;</primary>
-      </indexterm>
+      <para>¤³¤Î¥³¥Þ¥ó¥É¤Î½ÐÎϤϰʲ¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
 
-      <para>ÍÑ¿´¿¼¤¤¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢É¬Íפʥµ¡¼¥Ó¥¹¤À¤±¤òÍ­¸ú¤Ë¤·¡¢
-	¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¤Î¥µ¡¼¥Ð¤Ï¡¢
-	¤è¤¯¥Ð¥°¤ò»ý¤Ã¤Æ¤¤¤¬¤Á¤À¤È¤¤¤¦¤³¤È¤ËÃí°Õ¤·¤Æ¤¤¤ë¤â¤Î¤Ç¤¹¡£
-	Ãí°Õ¿¼¤¯¥Á¥§¥Ã¥¯¤·¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ð¤Ï¡¢·è¤·¤Æ¼Â¹Ô¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
-	¿¤¯¤Î¥Ç¡¼¥â¥ó¤Ï¡¢¥µ¡¼¥Ó¥¹ÀìÍѤΥ¢¥«¥¦¥ó¥È¡¢¤â¤·¤¯¤Ï
-	<firstterm>º½¾ì (sandbox)</firstterm> ¤Çµ¯Æ°¤µ¤»¤ë¤³¤È¤¬¤Ç¤­¤ë¤Î¤Ç¡¢
-	<systemitem class="username">root</systemitem>
-	¸¢¸Â¤Ç¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤¹¤ëÁ°¤Ë¤Ï¡¢¤è¤¯¹Í¤¨¤Æ¤¯¤À¤µ¤¤¡£
-	&man.telnetd.8; ¤Þ¤¿¤Ï &man.rlogind.8;
-	¤Î¤è¤¦¤Ê°ÂÁ´¤Ç¤Ï¤Ê¤¤¥µ¡¼¥Ó¥¹¤ÏÍ­¸ú¤Ë¤·¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£</para>
+      <screen>&prompt.root; mtree: /bin checksum: 3427012225</screen>
 
-      <para>¾¤Î¥·¥¹¥Æ¥à¤ÎÀøºßŪ¤Ê¥»¥­¥å¥ê¥Æ¥£¥Û¡¼¥ë¤Ë¤Ï¡¢
-	SUID-root ¤ª¤è¤Ó SGID ¥Ð¥¤¥Ê¥ê¤¬¤¢¤ê¤Þ¤¹¡£
-	¤³¤ì¤é¤Î¥Ð¥¤¥Ê¥ê¤Ï¡¢
-	&man.rlogin.1; ¤Î¤è¤¦¤Ë¡¢<filename>/bin</filename>,
-	<filename>/sbin</filename>, <filename>/usr/bin</filename>
-	¤Þ¤¿¤Ï <filename>/usr/sbin</filename>
-	¤Ë¸ºß¤¹¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£
-	100% °ÂÁ´¤Ê¤â¤Î¤Ï¸ºß¤·¤Ê¤¤¤È¤Ï¤¤¤¨¡¢
-	¥·¥¹¥Æ¥à¥Ç¥Õ¥©¥ë¥È¤Î SUID/SGID ¥Ð¥¤¥Ê¥ê¤ÏÈæ³ÓŪ°ÂÁ´¤È¤¤¤¨¤Þ¤¹¡£
-	SUID ¥Ð¥¤¥Ê¥ê¤Ï¡¢
-	¥¹¥¿¥Ã¥Õ¤Î¤ß¤¬¥¢¥¯¥»¥¹²Äǽ¤ÊÆÃÊ̤ʥ°¥ë¡¼¥×¤ËÀ©¸Â¤·¡¢
-	»È¤ï¤Ê¤¤ SUID ¥Ð¥¤¥Ê¥ê¤Ïºï½ü¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Þ¤¹¡£
-	SGID ¥Ð¥¤¥Ê¥ê¤â¤Û¤È¤ó¤ÉƱÍÍ¤Î´í¸±¤Ê¸ºß¤Ë¤Ê¤êÆÀ¤Þ¤¹¡£
-	¿¯Æþ¼Ô¤¬ kmem ¤Ë SGID ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤òÇˤ뤳¤È¤¬¤Ç¤­¤¿¾ì¹ç¡¢
-	¤½¤Î¿¯Æþ¼Ô¤Ï <filename>/dev/kmem</filename>
-	¤òÆɤ߽Ф¹¤³¤È¤¬¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¡£¤Ä¤Þ¤ê¡¢
-	°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤òÆɤ߽Ф¹¤³¤È¤¬¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ë¤Î¤Ç¡¢
-	¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ò¡¢ÀøºßŪ¤Ê´í¸±¤Ë»¯¤¹¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£Â¾¤Ë¤â¡¢
-	<literal>kmem</literal> ¥°¥ë¡¼¥×¤òÇˤä¿¿¯Æþ¼Ô¤¬ pty
-	¤òÄ̤·¤ÆÁ÷¤é¤ì¤¿¥­¡¼¥¹¥È¥í¡¼¥¯¤ò´Æ»ë¤Ç¤­¤ë¤È¤¤¤¦´í¸±¤¬¤¢¤ê¤Þ¤¹¡£
-	¥­¡¼¥¹¥È¥í¡¼¥¯¤Ë¤Ï¡¢°ÂÁ´¤ÊÊýË¡¤Ç¥í¥°¥¤¥ó¤¹¤ë¥æ¡¼¥¶¤¬»È¤Ã¤Æ¤¤¤ë pty
-	¤â´Þ¤Þ¤ì¤Þ¤¹¡£
-	<systemitem class="groupname">tty</systemitem>
-	¥°¥ë¡¼¥×¤òÇˤä¿¿¯Æþ¼Ô¤Ï¡¢¤Û¤ÜǤ°Õ¤Î¥æ¡¼¥¶¤Î
-	tty ¤Ø½ñ¤­¹þ¤ß¤¬¤Ç¤­¤Þ¤¹¡£
-	¥æ¡¼¥¶¤¬Ã¼Ëö¥×¥í¥°¥é¥à¤ä¥­¡¼¥Ü¡¼¥É¤ò¥·¥ß¥å¥ì¡¼¥·¥ç¥ó¤¹¤ëµ¡Ç½¤ò»ý¤Ã¤¿¥¨¥ß¥å¥ì¡¼¥¿¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¡¢
-	¿¯Æþ¼Ô¤ÏÀøºßŪ¤Ë¡¢
-	·ë¶É¤½¤Î¥æ¡¼¥¶¤È¤·¤Æ¼Â¹Ô¤µ¤ì¤ë¥³¥Þ¥ó¥É¤ò¥æ¡¼¥¶¤ÎüËö¤Ë¥¨¥³¡¼¤µ¤»¤ë¥Ç¡¼¥¿¥¹¥È¥ê¡¼¥à¤òÀ¸À®¤Ç¤­¤ë²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£</para>
-    </sect2>
+      <para><filename>bin_cksum_mtree</filename> ¥Õ¥¡¥¤¥ë¤ò¸«¤ë¤È¡¢
+	°Ê²¼¤Î¤è¤¦¤Ê½ÐÎϤȤʤê¤Þ¤¹¡£</para>
 
-    <sect2 xml:id="secure-users">
-      <title>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À­¤ò¹â¤á¤ë</title>
+      <programlisting>#          user: root
+#       machine: dreadnaught
+#          tree: /bin
+#          date: Mon Feb  3 10:19:53 2014
+# .
+/set type=file uid=0 gid=0 mode=0555 nlink=1 flags=none
+.               type=dir mode=0755 nlink=2 size=1024 \
+                time=1380277977.000000000
+    \133        nlink=2 size=11704 time=1380277977.000000000 \
+                cksum=484492447 \
+                sha256digest=6207490fbdb5ed1904441fbfa941279055c3e24d3a4049aeb45094596400662a
+    cat         size=12096 time=1380277975.000000000 cksum=3909216944 \
+                sha256digest=65ea347b9418760b247ab10244f47a7ca2a569c9836d77f074e7a306900c1e69
+    chflags     size=8168 time=1380277975.000000000 cksum=3949425175 \
+                sha256digest=c99eb6fc1c92cac335c08be004a0a5b4c24a0c0ef3712017b12c89a978b2dac3
+    chio        size=18520 time=1380277975.000000000 cksum=2208263309 \
+                sha256digest=ddf7c8cb92a58750a675328345560d8cc7fe14fb3ccd3690c34954cbe69fc964
+    chmod       size=8640 time=1380277975.000000000 cksum=2214429708 \
+                sha256digest=a435972263bf814ad8df082c0752aa2a7bdd8b74ff01431ccbd52ed1e490bbe7</programlisting>
 
-      <para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ï¡¢ÉáÄÌ¡¢°ÂÁ´À­¤ò¹â¤á¤ë¤³¤È¤¬ºÇ¤âº¤Æñ¤Ç¤¹¡£
-	µ¤¤òÇۤäƥ桼¥¶¥¢¥«¥¦¥ó¥È¤ò´Æ»ë¤¹¤ë¤è¤ê¤Û¤«¤¢¤ê¤Þ¤»¤ó¡£
-	¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ËÂФ· &man.ssh.1; ¤ä Kerberos ¤òÍøÍѤ¹¤ë¤Ë¤Ï¡¢
-	¥·¥¹¥Æ¥à´ÉÍý¤¬¤µ¤é¤ËÁý¤¨¤¿¤ê¥Æ¥¯¥Ë¥«¥ë¥µ¥Ý¡¼¥È¤¬É¬Íפˤʤê¤Þ¤¹¤¬¡¢
-	°Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÈÈæ³Ó¤¹¤ë¤È¤Ï¤ë¤«¤ËÎɤ¤ÊýË¡¤òÄ󶡤·¤Þ¤¹¡£</para>
-    </sect2>
+      <para>¥³¥ó¥Ô¥å¡¼¥¿¤Î¥Û¥¹¥È̾¡¢¸½ºß¤ÎÆüÉդȻþ´Ö¡¢&man.mtree.8;
+	¤ò¼Â¹Ô¤·¤¿¥æ¡¼¥¶¤Î¾ðÊ󤹤٤Ƥ¬¤³¤Î¥ì¥Ý¡¼¥È¤Ë¤Ï´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
+	¤Þ¤¿¡¢³Æ¥Ð¥¤¥Ê¥ê¤ËÂФ¹¤ë¥Á¥§¥Ã¥¯¥µ¥à¡¢¥µ¥¤¥º¡¢¥¿¥¤¥à¥¹¥¿¥ó¥×¤ª¤è¤Ó
+	<acronym>SHA</acronym>256 ¥À¥¤¥¸¥§¥¹¥È¤â´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
 
-    <sect2>
-      <title>¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤Î°ÂÁ´À­¤ò¹â¤á¤ë</title>
+      <para>¥Ð¥¤¥Ê¥ê½ð̾¤Î¸¡¾Ú¤Î¤¿¤á¤Ë¡¢
+	°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¡¢¸½ºß¤Î½ð̾¤Î¥ê¥¹¥È¤òÆɤ߹þ¤ß¡¢
+	·ë²Ì¤ò½ÐÎϤ·¤Þ¤¹¡£</para>
 
-      <para>¤Ç¤­¤ë¤À¤±Â¿¤¯¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¥¢¥¹¥¿¥ê¥¹¥¯¤Ç³°¤·¡¢
-	¤½¤ì¤é¤Î¥¢¥«¥¦¥ó¥È¤Î¥¢¥¯¥»¥¹¤Ë¤Ï
-	&man.ssh.1; ¤ä Kerberos ¤ò»È¤¦¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬¡¢Í£°ì¤Î³Î¼Â¤ÊÊýË¡¤Ç¤¹¡£
-	°Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë
-	(<filename>/etc/spwd.db</filename>) ¤Ï
-	<systemitem class="username">root</systemitem>
-	¤Ç¤Î¤ßÆɤ߽Ф·²Äǽ¤À¤±¤ì¤É¤â¡¢
-	¤¿¤È¤¨¡¢¿¯Æþ¼Ô¤¬ root ¤Î½ñ¤­¹þ¤ß¸¢¸Â¤ÏÆÀ¤é¤ì¤Ê¤¯¤È¤â¡¢
-	Æɤ߽Ф·¥¢¥¯¥»¥¹¸¢¸Â¤òÆÀ¤ë¤³¤È¤Ï²Äǽ¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
+      <screen>&prompt.root; <userinput>mtree -s 3483151339707503 -p /bin &lt; bin_chksum_mtree &gt;&gt; bin_chksum_output</userinput></screen>
 
-      <para><link
-	  linkend="security-integrity">¥Õ¥¡¥¤¥ë¤Î´°Á´À­¤Î¥Á¥§¥Ã¥¯</link>
-	Àá¤ÇÀâÌÀ¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢
-	¥»¥­¥å¥ê¥Æ¥£¥¹¥¯¥ê¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤ò¥Á¥§¥Ã¥¯¤·¡¢
-	Êó¹ð¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤­¤Ç¤¹¡£</para>
-    </sect2>
+      <para>¤³¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¡¢¤¹¤Ç¤Ë¥Á¥§¥Ã¥¯¥µ¥à¤òÀ¸À®¤·¤Æ¤¤¤ë
+	<filename>/bin</filename> ¤ËÂФ·¤Æ¡¢Æ±ÍͤΥÁ¥§¥Ã¥¯¥µ¥à¤òÀ¸À®¤·¤Þ¤¹¡£
+	¤³¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¤«¤éÊѹ¹¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢
+	<filename>bin_chksum_output</filename> ¤Ø¤Î¼çÎϤ϶õ¤È¤Ê¤ê¤Þ¤¹¡£
+	Êѹ¹¤¬¹Ô¤ï¤ì¤¿¾ì¹ç¤ò¥·¥ß¥å¥ì¡¼¥È¤¹¤ë¤¿¤á¤Ë¡¢
+	<filename>/bin/cat</filename> ¥Õ¥¡¥¤¥ë¤ÎÆüÉÕ¤ò
+	&man.touch.1; ¤ò»È¤Ã¤ÆÊѹ¹¤·¤Æ¡¢
+	ºÆÅÙ¸¡¾Ú¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¤ß¤Þ¤¹¡£</para>
 
-    <sect2>
-      <title>¥«¡¼¥Í¥ë¤Î¥³¥¢¡¢raw ¥Ç¥Ð¥¤¥¹¡¢
-	¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î°ÂÁ´À­¤ò¹â¤á¤ë</title>
+      <screen>&prompt.root; <userinput>touch /bin/cat</userinput></screen>
+      <screen>&prompt.root; <userinput>mtree -s 3483151339707503 -p /bin &lt; bin_chksum_mtree &gt;&gt; bin_chksum_output</userinput></screen>
+      <screen>&prompt.root; <userinput>cat bin_chksum_output</userinput></screen>
+      <programlisting>cat changed
+	modification time expected Fri Sep 27 06:32:55 2013 found Mon Feb  3 10:28:43 2014</programlisting>
 
-      <para>ºÇ¶á¤Î¥«¡¼¥Í¥ë¤Ï¡¢ÁȤ߹þ¤ß¤Î¥Ñ¥±¥Ã¥ÈÇÁ¤­¸«¥Ç¥Ð¥¤¥¹
-	(packet sniffing device) ¥É¥é¥¤¥Ð¤òÈ÷¤¨¤Æ¤¤¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£
-	&os; ¤Ç¤Ï <filename>bpf</filename> ¤È¸Æ¤Ð¤ì¤Æ¤¤¤Þ¤¹¡£
-	¤³¤Î¥Ç¥Ð¥¤¥¹¤Ï DHCP ¤ÇɬÍפȤʤ뤿¤á¡¢
-	DHCP ¤òÄ󶡤·¤¿¤ê»È¤¦É¬ÍפΤʤ¤¥·¥¹¥Æ¥à¤Ç¤Ï¡¢
-	¥«¥¹¥¿¥à¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¥Õ¥¡¥¤¥ë¤«¤é³°¤¹¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£</para>
+      <para><package>security/aide</package> ¤Î¤è¤¦¤Ê¡¢
+	¤è¤ê¹âÅÙ¤Ê <acronym>IDS</acronym> ¥·¥¹¥Æ¥à¤â¤¢¤ê¤Þ¤¹¤¬¡¢
+	¤Û¤È¤ó¤É¤Î¥±¡¼¥¹¤Ë¤ª¤¤¤Æ¡¢
+	&man.mtree.8; ¤Ï´ÉÍý¼Ô¤¬É¬ÍפȤ¹¤ëµ¡Ç½¤òÄ󶡤·¤Þ¤¹¡£
+	°­°Õ¤Î¤¢¤ë¥æ¡¼¥¶¤¬¡¢
+	¥·¡¼¥ÉÃͤª¤è¤Ó¥Á¥§¥Ã¥¯¥µ¥à¤Î½ÐÎϤò¸«¤ì¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬½ÅÍפǤ¹¡£</para>
+    </sect2>
 
-      <indexterm>
-	<primary>&man.sysctl.8;</primary>
-      </indexterm>
+    <sect2 xml:id="security-tuning">
+      <title>¥»¥­¥å¥ê¥Æ¥£¤Î¤¿¤á¤Î¥·¥¹¥Æ¥à¤ÎÄ´À°</title>
+ 
+      <para>¥·¥¹¥Æ¥à¤Îµ¡Ç½¤Î¿¤¯¤Ï¡¢&man.sysctl.8; ¤ò»È¤Ã¤ÆÄ´À°¤Ç¤­¤Þ¤¹¡£
+	Denial of Service (<acronym>DOS</acronym>)
+	¥¹¥¿¥¤¥ë¤Î¹¶·â¤òÈò¤±¤ë¤¿¤á¤Î¥»¥­¥å¥ê¥Æ¥£µ¡Ç½¤ËÂФ·¤Æ¤âƱÍͤǤ¹¡£
+	¤³¤ÎÀá¤Ç¤Ï¡¢¤è¤ê½ÅÍפÊÄ´À°¤Ë¤Ä¤¤¤Æ¤â¿¨¤ì¤Æ¤¤¤Þ¤¹¡£
+	&man.sysctl.8; ¤Ë¤è¤ê¡¢ÀßÄ꤬Êѹ¹¤µ¤ì¤¿»þ¤Ï¤¤¤Ä¤Ç¤â¡¢
+	˾¤Þ¤Ê¤¤´í³²¤¬µ¯¤³¤ë²ÄǽÀ­¤Ï¹â¤Þ¤ê¡¢
+	¥·¥¹¥Æ¥à¤Î²ÄÍÑÀ­¤Ë±Æ¶Á¤·¤Þ¤¹¡£
+	¥·¥¹¥Æ¥àÁ´ÂΤÎÀßÄê¤òÊѹ¹¤¹¤ë»þ¤Ë¤Ï¡¢
+	¥·¥¹¥Æ¥à¤Î <acronym>CIA</acronym> ¤ò¹Í¤¨¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
 
-      <para><filename>bpf</filename> ¤ò³°¤·¤Æ¤â¡¢
-	<filename>/dev/mem</filename> ¤ª¤è¤Ó
-	<filename>/dev/kmem</filename> ¤È¤¤¤¦ÌäÂ꤬¤Þ¤À»Ä¤Ã¤Æ¤¤¤Þ¤¹¡£
-	¿¯Æþ¼Ô¤Ï raw ¥Ç¥£¥¹¥¯¥Ç¥Ð¥¤¥¹¤Ë½ñ¤­¹þ¤à¤³¤È¤â¤Ç¤­¤Þ¤¹¡£
-	¤ä¤ëµ¤¤Þ¤ó¤Þ¤ó¤Î¿¯Æþ¼Ô¤Ï¡¢&man.kldload.8;
-	¤ò»È¤Ã¤Æ¼«Ê¬Æȼ«¤Î <filename>bpf</filename>¡¢
-	¤â¤·¤¯¤Ï¾¤ÎÇÁ¤­¸«¥Ç¥Ð¥¤¥¹¤òÆ°ºîÃæ¤Î¥«¡¼¥Í¥ë¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤­¤Þ¤¹¡£
-	¤³¤ÎÌäÂê¤òÈò¤±¤ë¤¿¤á¡¢¥«¡¼¥Í¥ë¤ò¤è¤ê¹â¤¤¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¡¢
-	¾¯¤Ê¤¯¤È¤â¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë 1 ¤Ç¼Â¹Ô¤µ¤»¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+      <para>°Ê²¼¤Ç¤Ï¡¢&man.sysctl.8; ¤Î°ìÍ÷¡¢
+	¤ª¤è¤ÓÊѹ¹¤¬¥·¥¹¥Æ¥à¤Ë¤É¤Î¤è¤¦¤Ë±Æ¶Á¤¹¤ë¤«¤òÀâÌÀ¤·¤Þ¤¹¡£</para>
 
-      <para>¥«¡¼¥Í¥ë¤Î¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ï¤¤¤¯¤Ä¤«¤ÎÊýË¡¤ÇÀßÄê¤Ç¤­¤Þ¤¹¡£
-	¸½ºßÆ°¤¤¤Æ¤¤¤ë¥«¡¼¥Í¥ë¤Î¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò¹â¤á¤ëºÇ¤â´Êñ¤ÊÊýË¡¤Ï¡¢
-	<varname>kern.securelevel</varname> ¤òÀßÄꤹ¤ëÊýË¡¤Ç¤¹¡£</para>
-
-      <screen>&prompt.root; <userinput>sysctl kern.securelevel=1</userinput></screen>
-
       <para>¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢&os; ¤Î¥«¡¼¥Í¥ë¤Ï¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë
 	-1 ¤Çµ¯Æ°¤·¤Þ¤¹¡£
 	¤³¤Î¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ï¡¢
@@ -521,479 +511,65 @@
 	<literal>YES</literal> ¤È¤·¡¢
 	<varname>kern_securelevel</varname>
 	¤ËɬÍפȤ¹¤ëÃͤòÀßÄꤹ¤ë¤³¤È¤Ç¡¢
-	¥·¥¹¥Æ¥àµ¯Æ°»þ¤Ë¥»¥­¥å¥¢¥ì¥Ù¥ë¤ò¹â¤á¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£</para>
-
-      <para>¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤹ¤ë¤È¡¢
-	ÄɲÃÀìÍѤª¤è¤ÓÊѹ¹ÉԲĥե¡¥¤¥ë¤Î¥Õ¥é¥°¤ò³°¤¹¤³¤È¤Ï¤Ç¤­¤Ê¤¯¤Ê¤ê¡¢
-	¤Þ¤¿ raw ¥Ç¥Ð¥¤¥¹¤Ø¤Î¥¢¥¯¥»¥¹¤¬µñÈݤµ¤ì¤Þ¤¹¡£
-	¤è¤ê¹â¤¤¥ì¥Ù¥ë¤ËÀßÄꤹ¤ë¤È¡¢¤è¤ê¿¤¯¤ÎÁàºî¤ËÀ©¸Â¤¬¤«¤«¤ê¤Þ¤¹¡£
-	³Æ¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Î´°Á´¤ÊÀâÌÀ¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+	¥·¥¹¥Æ¥àµ¯Æ°»þ¤Ë¥»¥­¥å¥¢¥ì¥Ù¥ë¤ò¹â¤á¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
+	¤³¤ì¤é¤ÎÀßÄê¤Ë¤Ä¤¤¤Æ¤Î¤è¤ê¾ÜºÙ¤Ê¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï¡¢
 	&man.security.7; ¤ª¤è¤Ó &man.init.8; ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
 
-      <note>
-	<para>¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤷ¤¿¾ì¹ç¤Ë¤Ï¡¢
-	  <filename>/dev/io</filename> ¤Ø¤Î¥¢¥¯¥»¥¹¤¬¥Ö¥í¥Ã¥¯¤µ¤ì¤ë¤¿¤á¡¢
-	  <application>&xorg;</application> ¤ä¡¢
-	  <buildtarget>installworld</buildtarget> ¤Î¥×¥í¥»¥¹¤Ç¤Ï¡¢
-	  ¤¤¤¯¤Ä¤«¤Î¥Õ¥¡¥¤¥ë¤ÎÄɲÃÀìÍѤª¤è¤ÓÊѹ¹ÉԲĤΥե饰¤Ï°ì»þŪ¤Ë¥ê¥»¥Ã¥È¤µ¤ì¤ë¤¿¤á¡¢
-	  ¥½¡¼¥¹¤«¤é &os;
-	  ¤ò¹½ÃÛ¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤È¤­¤Ê¤É¤ÇÌäÂ꤬°ú¤­µ¯¤³¤µ¤ì¤ë²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£
-	  <application>&xorg;</application> ¤ÎÌäÂê¤Ë¤Ä¤¤¤Æ¤Ï¡¢
-	  µ¯Æ°¥×¥í¥»¥¹½é´ü¤Î¥»¥­¥å¥¢¥ì¥Ù¥ë¤¬½½Ê¬Ä㤤¤È¤­¤Ë
-	  &man.xdm.1; ¤òµ¯Æ°¤¹¤ë¤³¤È¤Ç¡¢¤³¤ÎÌäÂê¤ËÂбþ¤Ç¤­¤Þ¤¹¡£
-	  ¤³¤Î¤è¤¦¤Ê±þµÞ½èÃ֤ϡ¢
-	  ¤¹¤Ù¤Æ¤Î¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ä¤½¤ì¤é¤¬²Ý¤¹ÀøºßŪ¤Ê¤¹¤Ù¤Æ¤ÎÀ©¸Â¤Ë¤ÏÂбþ¤Ç¤­¤Ê¤¤¤Ç¤·¤ç¤¦¡£
-	  ¾¯¤·Àè¤ò¸«±Û¤·¤¿·×²èŪ¤ÊÂбþ¤ò¤¹¤Ù¤­¤Ç¤¹¡£
-	  ³Æ¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ç²Ý¤µ¤ì¤ëÀ©¸Â¤Ï¡¢
-	  ¥·¥¹¥Æ¥à¤ò»ÈÍѤ¹¤ë¤³¤È¤Ë¤è¤ëÍøÊØÀ­¤òÃø¤·¤¯¸º¤é¤·¤Æ¤·¤Þ¤¦¤¿¤á¡¢
-	  ¤³¤ÎÀ©¸Â¤òÍý²ò¤¹¤ë¤³¤È¤Ï½ÅÍפǤ¹¡£
-	  ¤Þ¤¿¡¢³Æ¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ÎÀ©¸Â¤òÍý²ò¤¹¤ë¤³¤È¤Ç¡¢
-	  ¥Ç¥Õ¥©¥ë¥È¤ÎÀßÄê¤ò¤è¤ê¥·¥ó¥×¥ë¤Ë¤Ç¤­¡¢
-	  ÀßÄê¤Ë´Ø¤¹¤ë°Õ³°À­¤ò¾¯¤Ê¤¯¤Ç¤­¤ë¤Ç¤·¤ç¤¦¡£</para>
-      </note>
+      <warning>
+	<para><varname>securelevel</varname> ¤òÂ礭¤¯¤·¤¹¤®¤ë¤È¡¢
+	  <application>Xorg</application>
+	  ¤¬Æ°¤«¤Ê¤¯¤Ê¤Ã¤¿¤ê¡¢Â¾¤ÎÌäÂ꤬µ¯¤­¤ë²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£
+	  ¥Ç¥Ð¥Ã¥°¤Î¿´¤Å¤â¤ê¤ò¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+      </warning>
 
-      <para>¥«¡¼¥Í¥ë¤Î¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤷ¤¿¾ì¹ç¤Ë¤Ï¡¢
-	¥·¥¹¥Æ¥àµ¯Æ°¤Ë´Ø¤ï¤ë½ÅÍפʥХ¤¥Ê¥ê¤ä¥Ç¥£¥ì¥¯¥È¥ê¡¢
-	¥¹¥¯¥ê¥×¥È¥Õ¥¡¥¤¥ë¡¢¤½¤·¤Æ¡¢
-	¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤¬ÀßÄꤵ¤ì¤ë¤Þ¤Ç¤Î´Ö¤Ë¼Â¹Ô¤µ¤ì¤ë¤¹¤Ù¤Æ¤Î¤â¤Î¤ËÂФ·¤Æ¡¢
-	<literal>schg</literal> ¥Õ¥é¥°¤òÀßÄꤹ¤ë¤³¤È¤ÏÍ­ÍѤǤ·¤ç¤¦¡£
-	¥·¥¹¥Æ¥à¤ò¤è¤ê¹â¤¤¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ç¼Â¹Ô¤µ¤»¤ë¤è¤¦¤Ë¤¹¤ë¤¬¡¢
-	<literal>schg</literal>
-	¥Õ¥é¥°¤òÀßÄꤷ¤Ê¤¤¤È¤¤¤¦¤È¤³¤í¤ÇÂŶ¨¤¹¤ë¤È¤¤¤¦¼ê¤â¤¢¤ê¤Þ¤¹¡£
-	¤â¤¦°ì¤Ä¤Î²ÄǽÀ­¤È¤·¤Æ¤Ï¡¢Ã±½ã¤Ë
-	<filename>/</filename> ¤ª¤è¤Ó <filename>/usr</filename>
-	¤òÆɤ߹þ¤ßÀìÍѤǥޥ¦¥ó¥È¤¹¤ë¤³¤È¤Ç¤¹¡£
-	¤³¤³¤ÇÆÃÉ®¤¹¤Ù¤­¤³¤È¤Ï¡¢¥·¥¹¥Æ¥à¤ò¼é¤í¤¦¤È¤·¤Æ¸·¤·¤¯¤·¤¹¤®¤ë¤È¡¢
-	¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¦¤È¤¤¤¦¤³¤È¤Ç¤¹¡£</para>
-    </sect2>
+      <para>¤Ä¤®¤ËÊѹ¹¤ò¸¡Æ¤¤¹¤Ù¤­ &man.sysctl.8; ¤Ï¡¢
+	net.inet.tcp.blackhole ¤ª¤è¤Ó net.inet.udp.blackhole ¤Ç¤¹¡£
+	¤³¤ì¤é¤òÀßÄꤹ¤ë¤È¡¢ÊĤ¸¤¿¥Ý¡¼¥È¤ËÂФ·¤ÆÆϤ¯
+	<acronym>SYN</acronym> ¥Ñ¥±¥Ã¥È¤Ï¥É¥í¥Ã¥×¤µ¤ì¡¢
+	<acronym>RST</acronym> ¥ì¥¹¥Ý¥ó¥¹¤òÊÖ¤·¤Þ¤»¤ó¡£
+	Ä̾ï¤Ï¡¢<acronym>RST</acronym> ¤òÊÖ¤·¡¢
+	¤½¤Î¥Ý¡¼¥È¤¬ÊĤ¸¤é¤ì¤Æ¤¤¤ë¤³¤È¤òÅÁ¤¨¤Þ¤¹¡£
+	¤³¤ì¤Ë¤è¤ê¡¢¥·¥¹¥Æ¥à¤ËÂФ¹¤ë <quote>¥¹¥Æ¥ë¥¹</quote>
+	¥¹¥­¥ã¥ó¤ËÂФ·¡¢¤¢¤ëÄøÅÙ¤ÎËɸæ¤È¤Ê¤ê¤Þ¤¹¡£
+	net.inet.tcp.blackhole ¤ò <quote>2</quote>¡¢
+	net.inet.udp.blackhole ¤ò <quote>1</quote> ¤ËÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£ 
+	¾ÜºÙ¤Ê¾ðÊó¤Ë¤Ä¤¤¤Æ &man.blackhole.4; ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
 
-    <sect2 xml:id="security-integrity">
-      <title>¥Õ¥¡¥¤¥ë¤Î´°Á´À­¤Î¥Á¥§¥Ã¥¯</title>
+      <para>¤µ¤é¤Ë¡¢net.inet.icmp.drop_redirect ¤ª¤è¤Ó
+	net.inet.ip.redirect ¤âÀßÄꤹ¤Ù¤­¤Ç¤¹¡£
+	¤³¤ì¤é 2 ¤Ä¤Î
+	&man.sysctl.8; ¤Ï¡¢¥ê¥À¥¤¥ì¥¯¥È¹¶·â¤òËɤ°½õ¤±¤È¤Ê¤ë¤Ç¤·¤ç¤¦¡£
+	¥ê¥À¥¤¥ì¥¯¥È¹¶·â¤Ï¡¢
+	¸Î°Õ¤ËÄ̾ï¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ç¤ÏɬÍפȤ·¤Ê¤¤¤è¤¦¤ÊÂçÎ̤Î
+	<acronym>ICMP</acronym> ¥¿¥¤¥× 5 ¤Î¥Ñ¥±¥Ã¥È¤òȯÀ¸¤·¤Þ¤¹¡£
+	¤½¤Î¤¿¤á net.inet.icmp.drop_redirect ¤ò <quote>1</quote>¡¢
+	net.inet.ip.redirect ¤ò <quote>0</quote> ¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£</para>
 
-      <para>¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ë¤Ç¤­¤ë¤³¤È¤Ï¡¢
-	ÊØÍø¤µ¤È¤¤¤¦Í×ÁǤ¬¤½¤Î½¹¤¤Æ¬¤ò¾å¤²¤Ê¤¤ÄøÅ٤ˡ¢
-	¥³¥¢¥·¥¹¥Æ¥à¤ÎÀßÄê¤ÈÀ©¸æ¥Õ¥¡¥¤¥ë¤òËɸ椹¤ë¤³¤È¤À¤±¤Ç¤¹¡£
-	¤¿¤È¤¨¤Ð¡¢<filename>/</filename> ¤ª¤è¤Ó
-	<filename>/usr</filename>
-	¤Ë¤¢¤ëÂçÉôʬ¤Î¥Õ¥¡¥¤¥ë¤Ë <literal>schg</literal>
-	¥Ó¥Ã¥È¤òÀßÄꤹ¤ë¤¿¤á¤Ë &man.chflags.1;
-	¤ò»ÈÍѤ¹¤ë¤Î¤Ï¡¢¤ª¤½¤é¤¯µÕ¸ú²Ì¤Ç¤·¤ç¤¦¡£
-	¤Ê¤¼¤Ê¤é¡¢¤½¤¦¤¹¤ë¤³¤È¤Ç¥Õ¥¡¥¤¥ë¤ÏÊݸî¤Ç¤­¤Þ¤¹¤¬¡¢
-	¿¯Æþ¤ò¸¡½Ð¤¹¤ëÁë¤òÊĤ¶¤·¤Æ¤·¤Þ¤¦¤³¤È¤Ë¤â¤Ê¤ë¤«¤é¤Ç¤¹¡£
-	¥»¥­¥å¥ê¥Æ¥£Âкö¤Ï¡¢
-	¿¯Æþ¤Î²ÄǽÀ­¤ò¸¡½Ð¤Ç¤­¤Ê¤±¤ì¤Ð¡¢Í­ÍѤǤϤʤ¯¡¢
-	¤â¤Ã¤È°­¤±¤ì¤Ð¡¢°ÂÁ´À­¤ËÂФ¹¤ë´Ö°ã¤Ã¤¿´¶³Ð¤ò¿¢¤¨ÉÕ¤±¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
-	¥»¥­¥å¥ê¥Æ¥£¤ËÂФ¹¤ë»Å»ö¤ÎȾʬ¤Ï¡¢
-	¹¶·â¼Ô¤ò¹¶·â¤ÎºÇÃæ¤ËÊᤨ¤ë¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¡¢
-	¹¶·â¼Ô¤ò¿©¤¤»ß¤á¤ë¤Î¤Ç¤Ï¤Ê¤¯¿¯Æþ¤òÃ٤餻¤ë¤³¤È¤Ê¤Î¤Ç¤¹¡£</para>
+      <para>¥½¡¼¥¹¥ë¡¼¥Æ¥£¥ó¥°¤Ï¡¢
+	ÆâÉô¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Ç¥ë¡¼¥Æ¥£¥ó¥°¤Ç¤­¤Ê¤¤¥¢¥É¥ì¥¹¤ò¸¡½Ð¤·¤¿¤ê¥¢¥¯¥»¥¹¤¹¤ë¤¿¤á¤ÎÊýË¡¤Ç¤¹¡£
+	Ä̾ï¥ë¡¼¥Æ¥£¥ó¥°¤Ç¤­¤Ê¤¤¥¢¥É¥ì¥¹¤Ï¡¢
+	°Õ¿Þ¤·¤Æ¥ë¡¼¥Æ¥£¥ó¥°¤Ç¤­¤Ê¤¤¤è¤¦¤Ë¤·¤Æ¤¤¤ë¤Î¤Ç¡¢
+	¤³¤ÎÀßÄê¤Ï¤ª¤½¤é¤¯Ìµ¸ú¤Ë¤¹¤Ù¤­¤Ç¤¹¡£
+	¤³¤Îµ¡Ç½¤ò̵¸ú¤Ë¤¹¤ë¤Ë¤Ï¡¢
+	net.inet.ip.sourceroute ¤ª¤è¤Ó net.inet.ip.accept_sourceroute
+	¤ò <quote>0</quote> ¤ËÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£</para>
 
-      <para>¿¯Æþ¤ò¸¡½Ð¤¹¤ëºÇ¤âÎɤ¤ÊýË¡¤Ï¡¢Êѹ¹¤µ¤ì¤Æ¤¤¤¿¤ê¡¢
-	¾Ã¤¨¤Æ¤¤¤¿¤ê¡¢Æþ¤ì¤¿³Ð¤¨¤¬¤Ê¤¤¤Î¤ËÆþ¤Ã¤Æ¤¤¤ë¥Õ¥¡¥¤¥ë¤òõ¤¹¤³¤È¤Ç¤¹¡£
-	Êѹ¹¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤òõ¤¹¤Î¤ËºÇ¤âÎɤ¤ÊýË¡¤Ï¡¢¤â¤¦°ì¤Ä¤Î
-	¤·¤Ð¤·¤ÐÃæ±û¤Ë½¸¤á¤é¤ì¤¿¡¢
-	¥¢¥¯¥»¥¹¤¬À©¸Â¤µ¤ì¤¿¥·¥¹¥Æ¥à¤«¤é¹Ô¤Ê¤¦¤â¤Î¤Ç¤¹¡£
-	¤µ¤é¤Ë°ÂÁ´¤Ç¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥·¥¹¥Æ¥à¾å¤Ç¥»¥­¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤ò½ñ¤±¤Ð¡¢
-	¥¹¥¯¥ê¥×¥È¤ÏÀøºßŪ¤Ê¹¶·â¼Ô¤«¤é¤Ï¤Û¤Ü¸«¤¨¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
-	¤³¤ÎÍ­¸úÀ­¤òºÇÂç¸Â¤Ë³èÍѤ¹¤ë¤¿¤á¤Ë¤Ï¡¢
-	¥¢¥¯¥»¥¹¤ÎÀ©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤«¤é¾¤Î¥Þ¥·¥ó¤Ø¤Î¤«¤Ê¤ê¤Î¥¢¥¯¥»¥¹¤òµö²Ä¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
-	ÉáÄ̤ϡ¢Æɤ߹þ¤ßÀìÍѤΠ<acronym>NFS</acronym> ¥¨¥¯¥¹¥Ý¡¼¥È¤ò¤·¤¿¤ê¡¢
-	&man.ssh.1; ¸°¤Î¥Ú¥¢¤òÀßÄꤷ¤¿¤ê¤·¤Þ¤¹¡£
-	¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥È¥é¥Õ¥£¥Ã¥¯¤òÊ̤ˤ·¤Æ¡¢
-	<acronym>NFS</acronym> ¤ÏºÇ¤â²Ä»ëÀ­¤Î¤Ê¤¤ÊýË¡¤Ç¤¹¡£
-	´ÉÍý¼Ô¤Ï¡¢³Æ¥¯¥é¥¤¥¢¥ó¥È¾å¤Î¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤ò¡¢
-	»ö¼Â¾å¸¡½Ð¤µ¤ì¤º¤Ë´Æ»ë¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
-	¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥µ¡¼¥Ð¤¬¥¹¥¤¥Ã¥Á¤òÄ̤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ËÀܳ¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢
-	¤¿¤¤¤Æ¤¤ <acronym>NFS</acronym> ¤¬¤è¤êÎɤ¤ÁªÂò»è¤Ç¤¹¡£
-	¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥µ¡¼¥Ð¤¬¡¢
-	¤¤¤¯¤Ä¤«¤Î¥ë¡¼¥Æ¥£¥ó¥°ÁؤòÄ̤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ËÀܳ¤·¤Æ¤¤¤ë¾ì¹ç¡¢
-	<acronym>NFS</acronym> ¤Ï¤¢¤Þ¤ê¤Ë¤â´í¸±¤Ê¤Î¤Ç¡¢
-	&man.ssh.1; ¤ÎÊý¤¬Îɤ¤ÊýË¡¤Ç¤·¤ç¤¦¡£</para>
+      <para>¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¥¢¥É¥ì¥¹¤ËÂФ¹¤ë¤¹¤Ù¤Æ¤Î
+	<acronym>ICMP</acronym> ¥¨¥³¡¼¥ê¥¯¥¨¥¹¥È¤Ï¡¢¥É¥í¥Ã¥×¤·¤Æ¤¯¤À¤µ¤¤¡£
+	¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¥³¥ó¥Ô¥å¡¼¥¿¤¬¥µ¥Ö¥Í¥Ã¥È¤Ë¤¢¤ë¤¹¤Ù¤Æ¤Î¥Û¥¹¥È¤Ë¥á¥Ã¥»¡¼¥¸¤òÁ÷¤ëɬÍפ¬¤¢¤ë¾ì¹ç¤Ë¤Ï¡¢
+	¥á¥Ã¥»¡¼¥¸¤Ï¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¥¢¥É¥ì¥¹¤ËÁ÷¤é¤ì¤Þ¤¹¡£
+	³°Éô¤Î¥Û¥¹¥È¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+	¤³¤Î¤è¤¦¤ÊÁ÷¿®¤ò¤¹¤ëɬÍפϤʤ¤¤Î¤Ç¡¢
+	³°Éô¤«¤é¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¤Ø¤Î¥ê¥¯¥¨¥¹¥È¤ò¤¹¤Ù¤ÆµñÈݤ¹¤ë¤è¤¦¤Ë¡¢
+	net.inet.icmp.bmcastecho ¤ò <quote>0</quote>
+	¤ËÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£</para>
 
-      <para>¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤Ë¡¢
-	´Æ»ë¤·¤è¤¦¤È¤¹¤ë¥¯¥é¥¤¥¢¥ó¥È¥·¥¹¥Æ¥à¤Ø¤Î¾¯¤Ê¤¯¤È¤âÆɤ߹þ¤ß¤Î¥¢¥¯¥»¥¹¸¢¤òÍ¿¤¨¤¿¤é¡¢
-	¼¡¤Ë´Æ»ë¤¹¤ë¤¿¤á¤Î¥¹¥¯¥ê¥×¥È¤ò½ñ¤«¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
-	<acronym>NFS</acronym> ¥Þ¥¦¥ó¥È¤ò¤¹¤ì¤Ð¡¢&man.find.1; ¤ä &man.md5.1;
-	¤Ê¤É¤Îñ½ã¤Ê¥·¥¹¥Æ¥à¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
-	¾¯¤Ê¤¯¤È¤â 1 Æü 1 ²ó¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë¤òľÀÜ
-	&man.md5.1; ¤Ë¤«¤±¡¢
-	¤µ¤é¤Ë¤â¤Ã¤ÈÉÑÈË¤Ë <filename>/etc</filename> ¤ª¤è¤Ó
-	<filename>/usr/local/etc</filename>
-	¤Ë¤¢¤ë¤è¤¦¤Ê¥³¥ó¥È¥í¡¼¥ëÍÑ¥Õ¥¡¥¤¥ë¤ò»î¸³¤¹¤ë¤Î¤¬°ìÈ֤Ǥ¹¡£
-	¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤¬Àµ¤·¤¤¤ÈÃΤäƤ¤¤ë¡¢
-	´ð¤È¤Ê¤ë md5 ¾ðÊó¤ÈÈæ¤Ù¤Æ°ã¤¤¤¬¸«¤Ä¤«¤Ã¤¿¾ì¹ç¡¢
-	¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ë·Ù¹ð¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤­¤Ç¤¹¡£
-	Í¥¤ì¤¿¥»¥­¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢
-	<filename>/</filename> ¤ª¤è¤Ó <filename>/usr</filename>
-	¤Ê¤É¤Î¥·¥¹¥Æ¥à¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¾å¤ÇÉÔŬÅö¤Ë
-	SUID ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤ä¡¢
-	¿·¤¿¤ËºîÀ®¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤äºï½ü¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤¬¤Ê¤¤¤«¤É¤¦¤«¤òÄ´¤Ù¤ë¤Ç¤·¤ç¤¦¡£</para>
-
-      <para><acronym>NFS</acronym> ¤Ç¤Ï¤Ê¤¯¡¢&man.ssh.1; ¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ï¡¢
-	¥»¥­¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤Î¤Ï¤è¤êÆñ¤·¤¤¤³¤È¤Ç¤¹¡£
-	¤¿¤È¤¨¤Ð¡¢¥¹¥¯¥ê¥×¥È¤òÆ°¤«¤¹¤¿¤á¤Ë¤Ï¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÂФ·¤Æ¥¹¥¯¥ê¥×¥È¤ò
-	&man.scp.1; ¤·¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¤·¡¢
-	¥¯¥é¥¤¥¢¥ó¥È¥Þ¥·¥ó¤Î &man.ssh.1;
-	¥¯¥é¥¤¥¢¥ó¥È¤Ï¤¹¤Ç¤Ë¹¶·â¤µ¤ì¤Æ¤·¤Þ¤Ã¤Æ¤¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
-	°ÂÁ´¤Ç¤Ê¤¤¥ê¥ó¥¯¾å¤Î¾ì¹ç¤Ï
-	&man.ssh.1; ¤ÏɬÍפ«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢
-	°·¤¤¤Ï¤È¤Æ¤âÂçÊѤˤʤê¤Þ¤¹¡£</para>
-
-      <para>Í¥¤ì¤¿¥»¥­¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢
-	<filename>.rhosts</filename>,
-	<filename>.ssh/authorized_keys</filename>
-	¤Ê¤É¤Î±£¤·ÀßÄê¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤â¥Á¥§¥Ã¥¯¤¹¤ë¤â¤Î¤Ç¤¹¡£
-	¤³¤ì¤é¤Ï <literal>MD5</literal>
-	¥Á¥§¥Ã¥¯¤ÎÈϰϳ°¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¦¤Ç¤¢¤í¤¦¥Õ¥¡¥¤¥ë·²¤Ç¤¹¡£</para>
-
-      <para>¥æ¡¼¥¶ÍѤΥǥ£¥¹¥¯ÍÆÎ̤¬Èó¾ï¤ËÂ礭¤¤¾ì¹ç¤Ï¡¢
-	¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¾å¤Î³Æ¥Õ¥¡¥¤¥ë¤ò¸«¤Æ²ó¤ë¤Î¤ËÂçÊѤʻþ´Ö¤¬¤«¤«¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
-	¤³¤Î¾ì¹ç¤Ï¡¢&man.mount.8; ¤Ë¤è¤ê <literal>nosuid</literal>
-	¤ò»È¤¦¤³¤È¤Ç¡¢¥Þ¥¦¥ó¥È¥Õ¥é¥°¤òÀßÄꤷ¤Æ¡¢
-	SUID ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤òÃÖ¤±¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Î¤¬Îɤ¤¹Í¤¨¤Ç¤¹¡£
-	¾¯¤Ê¤¯¤È¤â½µ¤Ë 1 Å٤ϥե¡¥¤¥ë¥·¥¹¥Æ¥à¤ò¥¹¥­¥ã¥ó¤¹¤ë¤Ù¤­¤Ç¤¹¡£
-	¤Ê¤¼¤Ê¤é¡¢ÌÜŪ¤Ï¡¢¿¯Æþ¤¬À®¸ù¤·¤¿¤«¤É¤¦¤«¤Ë´Ø¤ï¤é¤º¡¢
-	ÉÔÀµ¿¯Æþ¤Î»î¤ß¤¬¤¢¤Ã¤¿¤³¤È¤Î¸¡½Ð¤ò¤¹¤ë¤³¤È¤À¤«¤é¤Ç¤¹¡£</para>
-
-      <para>¥×¥í¥»¥¹¥¢¥«¥¦¥ó¥Æ¥£¥ó¥° (&man.accton.8; »²¾È) ¤Ï¡¢
-	¥Þ¥·¥ó¤Ø¤Î¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤¿¤á¤Î¥á¥«¥Ë¥º¥à¤È¤·¤Æ¿ä¾©¤Ç¤­¤ë¡¢
-	Èæ³ÓŪ¥ª¡¼¥Ð¥Ø¥Ã¥É¤Î¾¯¤Ê¤¤ &os; ¤Îµ¡Ç½¤Ç¤¹¡£
-	¿¯Æþ¤ò¼õ¤±¤¿¸å¤Ç¤âÅö³º¥Õ¥¡¥¤¥ë¤¬Ìµ½ý¤Ç¤¢¤ë¾ì¹ç¤Ë¡¢
-	¿¯Æþ¼Ô¤¬¤É¤Î¤è¤¦¤Ë¤·¤Æ¥·¥¹¥Æ¥à¤Ë¿¯Æþ¤·¤¿¤«¤òÄÉÀפ¹¤ë¤Î¤ËÆäËÌòΩ¤Á¤Þ¤¹¡£</para>
-
-      <para>ºÇ¸å¤Ë¡¢
-	¥»¥­¥å¥ê¥Æ¥£¥¹¥¯¥ê¥×¥È¤Ï¥í¥°¥Õ¥¡¥¤¥ë¤ò½èÍý¤¹¤ë¤è¤¦¤Ë¤·¡¢
-	¥í¥°¥Õ¥¡¥¤¥ë¼«ÂΤâ¤Ç¤­¤ë¤À¤±°ÂÁ´À­¤Î¹â¤¤ÊýË¡¤ÇÀ¸À®¤¹¤ë¤è¤¦¤Ë¤·¡¢
-	¥ê¥â¡¼¥È¤Î syslog ¥µ¡¼¥Ð¤ËÁ÷¿®¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤­¤Ç¤¹¡£
-	¿¯Æþ¼Ô¤Ï¼«Ê¬¤Î¿¯Æþ¤Îº¯Àפòʤ¤¤±£¤½¤¦¤È¤·¤Þ¤¹¤·¡¢¤Þ¤¿¡¢
-	¥í¥°¥Õ¥¡¥¤¥ë¤Ï¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬ºÇ½é¤Î¿¯Æþ¤Î»þ¹ï¤ÈÊýË¡¤òÄÉÀפ·¤Æ¤æ¤¯¤¿¤á¤Ë¶Ë¤á¤Æ½ÅÍפǤ¹¡£
-	¥í¥°¥Õ¥¡¥¤¥ë¤ò±Êµ×¤Ë»Ä¤·¤Æ¤ª¤¯¤¿¤á¤Î 1 ¤Ä¤ÎÊýË¡¤Ï¡¢
-	¥·¥¹¥Æ¥à¥³¥ó¥½¡¼¥ë¤ò¥·¥ê¥¢¥ë¥Ý¡¼¥È¤Ë¤Ä¤Ê¤¤¤ÇÁö¤é¤»¡¢
-	¥³¥ó¥½¡¼¥ë¤ò´Æ»ë¤·¤Æ¤¤¤ë°ÂÁ´¤Ê¥Þ¥·¥ó¤Ë¾ðÊó¤ò½¸¤á¤ë¤³¤È¤Ç¤¹¡£</para>
-    </sect2>
-
-    <sect2>
-      <title>Êм¹¶¸ÅªÊýË¡</title>
-
-      <para>¿¾¯Êм¹¶¸Åª¤Ë¤Ê¤Ã¤Æ¤â·è¤·¤Æ°­¤¤¤³¤È¤Ë¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
-	¸¶Â§Åª¤Ë¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢
-	ÊØÍø¤µ¤Ë±Æ¶Á¤òÍ¿¤¨¤Ê¤¤ÈϰϤǤ¤¤¯¤Ä¤Ç¤â¥»¥­¥å¥ê¥Æ¥£µ¡Ç½¤òÄɲ乤뤳¤È¤¬¤Ç¤­¤Þ¤¹¡£
-	¤Þ¤¿¡¢¤¤¤¯¤é¤«¹Íθ¤·¤¿·ë²Ì¡¢
-	ÊØÍø¤µ¤Ë<emphasis>±Æ¶Á¤òÍ¿¤¨¤ë</emphasis>¥»¥­¥å¥ê¥Æ¥£µ¡Ç½¤òÄɲ乤뤳¤È¤â¤Ç¤­¤Þ¤¹¡£
-	¤è¤ê½ÅÍפʤ³¤È¤Ï¡¢
-	¥»¥­¥å¥ê¥Æ¥£´ÉÍý¼Ô¤Ï¤³¤ì¤ò¿¾¯º®¤¼¤³¤¼¤Ë¤·¤Æ»È¤¦¤Ù¤­¤À¤È¤¤¤¦¤³¤È¤Ç¤¹¡£
-	¤â¤·¤³¤Î¾Ï¤Ç½ñ¤«¤ì¤Æ¤¤¤ë¿ä¾©¤µ¤ì¤ëÊýË¡¤ò¤½¤Î¤Þ¤Þ»ÈÍѤ·¤¿¾ì¹ç¤Ï¡¢
-	ͽÁÛ¤µ¤ì¤ë¹¶·â¼Ô¤Ï¤ä¤Ï¤ê¤³¤Îʸ½ñ¤òÆɤó¤Ç¤¤¤ë¤ï¤±¤Ç¤¹¤«¤é¡¢
-	Ëɸæºö¤ò¶µ¤¨¤Æ¤·¤Þ¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
-    </sect2>
-
-    <sect2>
-      <title>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â</title>
-
-      <indexterm>
-	<primary>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</primary>
-      </indexterm>
-
-      <para><acronym>DoS</acronym> ¹¶·â¤Ï¡¢ÉáÄ̤ϡ¢¥Ñ¥±¥Ã¥È¹¶·â¤Ç¤¹¡£
-	¥Í¥Ã¥È¥ï¡¼¥¯¤ò˰Ϥµ¤»¤ëºÇÀèü¤Îµ¶Â¤¥Ñ¥±¥Ã¥È (spoofed packet)
-	¹¶·â¤ËÂФ·¤Æ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬ÂǤƤë¼ê¤Ï¤½¤ì¤Û¤É¿¤¯¤¢¤ê¤Þ¤»¤ó¤¬¡¢
-	°ìÈÌŪ¤Ë¡¢°Ê²¼¤Î¤è¤¦¤ÊÊýË¡¤Ë¤è¤ê¡¢
-	¤½¤Î¼ï¤Î¹¶·â¤Ë¤è¤Ã¤Æ¥µ¡¼¥Ð¤¬¥À¥¦¥ó¤·¤Ê¤¤¤³¤È¤ò³Î¼Â¤Ë¤¹¤ë¤³¤È¤Ç¡¢
-	Èï³²¤ò¤¢¤ë¸ÂÅ٤˿©¤¤»ß¤á¤ë¤³¤È¤Ï¤Ç¤­¤Þ¤¹¡£</para>
-
-      <orderedlist>

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***

From owner-svn-doc-all@freebsd.org  Sun Nov 29 19:00:21 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7A89B4AA268;
 Sun, 29 Nov 2020 19:00:21 +0000 (UTC)
 (envelope-from blackend@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Ckd3T31T7z3J1N;
 Sun, 29 Nov 2020 19:00:21 +0000 (UTC)
 (envelope-from blackend@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5AD6916689;
 Sun, 29 Nov 2020 19:00:21 +0000 (UTC)
 (envelope-from blackend@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0ATJ0LXv056151;
 Sun, 29 Nov 2020 19:00:21 GMT (envelope-from blackend@FreeBSD.org)
Received: (from blackend@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0ATJ0L62056150;
 Sun, 29 Nov 2020 19:00:21 GMT (envelope-from blackend@FreeBSD.org)
Message-Id: <202011291900.0ATJ0L62056150@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: blackend set sender to
 blackend@FreeBSD.org using -f
From: Marc Fonvieille <blackend@FreeBSD.org>
Date: Sun, 29 Nov 2020 19:00:21 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54719 - head/en_US.ISO8859-1/books/handbook/x11
X-SVN-Group: doc-head
X-SVN-Commit-Author: blackend
X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/x11
X-SVN-Commit-Revision: 54719
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2020 19:00:21 -0000

Author: blackend
Date: Sun Nov 29 19:00:20 2020
New Revision: 54719
URL: https://svnweb.freebsd.org/changeset/doc/54719

Log:
  Repalce mention to old staroffice with LibreOffice.  For consistency
  also use LibreOffice instead of Apache Openoffice in the same para.

Modified:
  head/en_US.ISO8859-1/books/handbook/x11/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/x11/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/x11/chapter.xml	Sun Nov 29 01:57:06 2020	(r54718)
+++ head/en_US.ISO8859-1/books/handbook/x11/chapter.xml	Sun Nov 29 19:00:20 2020	(r54719)
@@ -1080,11 +1080,11 @@ EndSection</programlisting>
 	<filename>xorg.conf</filename>.</para>
 
       <para>Now <application>Gimp</application>,
-	<application>Apache OpenOffice</application>, and all of the
+	<application>LibreOffice</application>, and all of the
 	other X applications should now recognize the installed
 	&truetype; fonts.  Extremely small fonts (as with text in a
 	high resolution display on a web page) and extremely large
-	fonts (within <application>&staroffice;</application>) will
+	fonts (within <application>LibreOffice</application>) will
 	look much better now.</para>
     </sect2>
 

From owner-svn-doc-all@freebsd.org  Sun Nov 29 19:01:19 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id A71E64AA3D9;
 Sun, 29 Nov 2020 19:01:19 +0000 (UTC)
 (envelope-from blackend@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Ckd4b4MPNz3J5v;
 Sun, 29 Nov 2020 19:01:19 +0000 (UTC)
 (envelope-from blackend@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 887F51669C;
 Sun, 29 Nov 2020 19:01:19 +0000 (UTC)
 (envelope-from blackend@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0ATJ1JWM061174;
 Sun, 29 Nov 2020 19:01:19 GMT (envelope-from blackend@FreeBSD.org)
Received: (from blackend@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0ATJ1Jgq061173;
 Sun, 29 Nov 2020 19:01:19 GMT (envelope-from blackend@FreeBSD.org)
Message-Id: <202011291901.0ATJ1Jgq061173@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: blackend set sender to
 blackend@FreeBSD.org using -f
From: Marc Fonvieille <blackend@FreeBSD.org>
Date: Sun, 29 Nov 2020 19:01:19 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54720 - head/fr_FR.ISO8859-1/books/handbook/x11
X-SVN-Group: doc-head
X-SVN-Commit-Author: blackend
X-SVN-Commit-Paths: head/fr_FR.ISO8859-1/books/handbook/x11
X-SVN-Commit-Revision: 54720
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2020 19:01:19 -0000

Author: blackend
Date: Sun Nov 29 19:01:19 2020
New Revision: 54720
URL: https://svnweb.freebsd.org/changeset/doc/54720

Log:
  Update Type1 fonts section.

Modified:
  head/fr_FR.ISO8859-1/books/handbook/x11/chapter.xml

Modified: head/fr_FR.ISO8859-1/books/handbook/x11/chapter.xml
==============================================================================
--- head/fr_FR.ISO8859-1/books/handbook/x11/chapter.xml	Sun Nov 29 19:00:20 2020	(r54719)
+++ head/fr_FR.ISO8859-1/books/handbook/x11/chapter.xml	Sun Nov 29 19:01:19 2020	(r54720)
@@ -1020,45 +1020,57 @@ EndSection</programlisting>
   </sect1>
 
   <sect1 xml:id="x-fonts">
-    <info><title>Utilisation des polices de caractères sous X11</title>
+    <!--
+    <sect1info>
       <authorgroup>
-        <author><personname><firstname>Murray</firstname><surname>Stokely</surname></personname><contrib>Contribution de </contrib></author>
+	<author>
+	  <firstname>Murray</firstname>
+	  <surname>Stokely</surname>
+	  <contrib>Contribution de </contrib>
+	</author>
       </authorgroup>
-    </info>
-    
+    </sect1info>
+    -->
+    <title>Utilisation des polices de caractères sous
+      <application>&xorg;</application></title>
 
     <sect2 xml:id="type1">
     <title>Polices de caractères Type1</title>
     <para>Les polices de caractères livrées par
-      défaut avec X11 sont loin
+      défaut avec <application>&xorg;</application> sont loin
       d'être idéales pour des applications de type publication.
       Les grandes polices utilisées pour les présentations
       présentent un aspect en escalier et peu professionnel, et
-      les petites polices sous <application>&netscape;</application> sont
+      les petites polices sont
       presque complètement
       illisibles.  Cependant, il existe de nombreuses polices
       Type1 (&postscript;) gratuites, de hautes qualités qui peuvent
       être aisément utilisées avec
-      X11.  Par exemple, la collection de polices de caractères
+      <application>&xorg;</application>..  Par exemple, la collection de polices de caractères
       URW  (<package>x11-fonts/urwfonts</package>)
       comprend une version haute qualité des polices de
       caractères standards type1 (<trademark class="registered">Times Roman</trademark>, <trademark class="registered">Helvetica</trademark>, <trademark class="registered">Palatino</trademark>
       et autres).  La collection Freefonts (<package>x11-fonts/freefonts</package>) comprend beaucoup
       plus de polices de caractères, mais la plupart d'entre elles sont
       destinées &agrave; être utilisées avec des logiciels
-      graphiques comme <application>The Gimp</application>, et ne sont pas
+      graphiques comme <application>Gimp</application>, et ne sont pas
       suffisamment complètes pour servir de polices
       de caractères d'affichage.  De plus
-      X11 peut être configuré
+      <application>&xorg;</application> peut être configuré
       pour utiliser les polices de caractères &truetype; avec un minimum
       d'effort.  Pour plus de détails &agrave; ce sujet,
-      consultez la page de manuel &man.X.7; ou la <link linkend="truetype">section sur les polices
-      de caractères &truetype;</link>.</para>
+      consultez la page de manuel &man.X.7; ou la section
+      <xref linkend="truetype"/>.</para>
 
     <para>Pour installer les collections de polices de caractères
-      Type1 précédentes &agrave; partir du catalogue
-      des logiciels portés, lancez les commandes suivantes:</para>
+      Type1 précédentes à partir des paquets binaires,
+      lancez les commandes suivantes:</para>
 
+      <screen>&prompt.root; <userinput>pkg install urwfonts</userinput></screen>
+
+      <para>Pour les compiler à partir du catalogue des logiciels
+	portés, lancez les commandes suivantes:</para>
+
       <screen>&prompt.root; <userinput>cd /usr/ports/x11-fonts/urwfonts</userinput>
 &prompt.root; <userinput>make install clean</userinput></screen>
 
@@ -1068,15 +1080,15 @@ EndSection</programlisting>
       (<filename>/etc/X11/xorg.conf</filename>),
       du type:</para>
 
-<programlisting>FontPath "/usr/local/lib/X11/fonts/URW/"</programlisting>
+    <programlisting>FontPath "/usr/local/share/fonts/URW/"</programlisting>
 
       <para>Autre possibilité, en ligne de commande dans une session X
 	lancez:</para>
 
-<screen>&prompt.user; <userinput>xset fp+ /usr/local/lib/X11/fonts/URW</userinput>
+      <screen>&prompt.user; <userinput>xset fp+ /usr/local/share/fonts/urwfonts</userinput>
 &prompt.user; <userinput>xset fp rehash</userinput></screen>
 
-      <para>Cela fonctionnera mais les effets seront perdus quand la
+      <para>Cela fonctionnera mais la configuration sera perdue quand la
 	session X sera fermée, &agrave; moins de l'ajouter dans le
 	fichier de
 	démarrage (<filename>~/.xinitrc</filename> pour une session
@@ -1085,7 +1097,7 @@ EndSection</programlisting>
 	par l'intermédiaire d'un gestionnaire de session graphique comme
 	<application>XDM</application>).  Une troisième méthode
 	est d'utiliser le nouveau fichier <filename>/usr/local/etc/fonts/local.conf</filename>:
-	voir la section sur l'<link linkend="antialias">anticrénelage</link>.</para>
+	comme montré dans la section <xref linkend="antialias"/>.</para>
     </sect2>
 
     <sect2 xml:id="truetype">
@@ -1110,41 +1122,46 @@ EndSection</programlisting>
 
     <para>Maintenant créez un répertoire pour les polices
       &truetype; (par exemple
-      <filename>/usr/local/lib/X11/fonts/TrueType</filename>) et copiez
+      <filename>/usr/local/share/fonts/TrueType</filename>) et copiez
       toutes les polices &truetype; dans ce répertoire.  Gardez &agrave;
       l'esprit
       que les polices &truetype; ne peuvent être directement prises d'un
-      Macintosh; elles doivent être dans un format &unix;/&ms-dos;/Windows pour
-      être utilisées sous X11.
+      &apple; &mac;; elles doivent être dans un format &unix;/&ms-dos;/&windows; pour
+      être utilisées sous <application>&xorg;</application>.
       Une fois les fichiers copiés dans ce répertoire, utilisez
-      <application>ttmkfdir</application> pour créer un fichier
+      <application>mkfontscale</application> pour créer un fichier
       <filename>fonts.dir</filename>, de façon &agrave; ce que le moteur
       d'affichage des polices d'X sache que de nouveaux fichiers ont
       été
-      installés.  <application>ttmkfdir</application> est disponible
-      dans le catalogue des logiciels portés de FreeBSD sous <package>x11-fonts/ttmkfdir</package>.</para>
+      installés.  <application>mkfontscale</application> peut être installé
+      à partir d'un paquet binaire:</para>
 
-<screen>&prompt.root; <userinput>cd /usr/local/lib/X11/fonts/TrueType</userinput>
-&prompt.root; <userinput>ttmkfdir -o fonts.dir</userinput></screen>
+      <screen>&prompt.root; <userinput>pkg install mkfontscale</userinput></screen>
 
+      <para>Puis créez un index des polices de caractères pour X dans
+	le répertoire:</para>
+
+      <screen>&prompt.root; <userinput>cd /usr/local/share/fonts/TrueType</userinput>
+&prompt.root; <userinput>mkfontscale</userinput></screen>
+
     <para>Maintenant ajoutez le répertoire des polices &truetype; au
       chemin des polices de caractères.  Cela est identique &agrave;
-      ce qui est décrit ci-dessus pour les polices <link linkend="type1">Type1</link>, c'est &agrave; dire, utiliser</para>
+      ce qui est décrit dans la section <xref linkend="type1"/>:</para>
 
-    <screen>&prompt.user; <userinput>xset fp+ /usr/local/lib/X11/fonts/TrueType</userinput>
+    <screen>&prompt.user; <userinput>xset fp+ /usr/local/share/fonts/TrueType</userinput>
 &prompt.user; <userinput>xset fp rehash</userinput></screen>
 
       <para>ou ajouter une ligne <literal>FontPath</literal> au fichier
 	<filename>xorg.conf</filename>.</para>
 
-      <para>Voil&agrave;.  Désormais <application>&netscape;</application>,
-	<application>Gimp</application>,
-	<application>&staroffice;</application>, et toutes les autres
+      <para>Désormais <application>Gimp</application>,
+	<application>LibreOffice</application>,
+	et toutes les autres
 	applications X devraient maintenant reconnaître les polices de
-	caractères &truetype;.  Les polices très petites (comme
+	caractères &truetype; installées.  Les polices très petites (comme
 	le texte de page web visualisé sur un écran haute
 	résolution) et les très
-	grandes polices (dans <application>&staroffice;</application>)
+	grandes polices (dans <application>LibreOffice</application>)
 	auront un rendu bien meilleur maintenant.</para>
     </sect2>
 

From owner-svn-doc-all@freebsd.org  Mon Nov 30 09:24:17 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0EE78474C57;
 Mon, 30 Nov 2020 09:24:17 +0000 (UTC)
 (envelope-from gahr@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Cl0DJ74kRz4pZM;
 Mon, 30 Nov 2020 09:24:16 +0000 (UTC)
 (envelope-from gahr@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E597D20FAC;
 Mon, 30 Nov 2020 09:24:16 +0000 (UTC)
 (envelope-from gahr@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0AU9OG4Y096745;
 Mon, 30 Nov 2020 09:24:16 GMT (envelope-from gahr@FreeBSD.org)
Received: (from gahr@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0AU9OGiW096744;
 Mon, 30 Nov 2020 09:24:16 GMT (envelope-from gahr@FreeBSD.org)
Message-Id: <202011300924.0AU9OGiW096744@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gahr set sender to
 gahr@FreeBSD.org using -f
From: Pietro Cerutti <gahr@FreeBSD.org>
Date: Mon, 30 Nov 2020 09:24:16 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54721 - head/en_US.ISO8859-1/htdocs/donations
X-SVN-Group: doc-head
X-SVN-Commit-Author: gahr
X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/donations
X-SVN-Commit-Revision: 54721
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2020 09:24:17 -0000

Author: gahr (ports committer)
Date: Mon Nov 30 09:24:16 2020
New Revision: 54721
URL: https://svnweb.freebsd.org/changeset/doc/54721

Log:
  Document Peter Sagerson's donation of a motherboard/CPU/RAM combo

Modified:
  head/en_US.ISO8859-1/htdocs/donations/donors.xml

Modified: head/en_US.ISO8859-1/htdocs/donations/donors.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/donations/donors.xml	Sun Nov 29 19:01:19 2020	(r54720)
+++ head/en_US.ISO8859-1/htdocs/donations/donors.xml	Mon Nov 30 09:24:16 2020	(r54721)
@@ -3065,6 +3065,13 @@
       <td> novel, kib, eadler, pi, rgrimes </td>
       <td> received </td>
   </tr>
+
+  <tr>
+      <td> <tt>Peter Sagerson &lt;psagers@ignorare.net&gt;</tt> </td>
+      <td> High-end motherboard/CPU/RAM combo </td>
+      <td> bcran </td>
+      <td> received </td>
+  </tr>
 </table>
 
 </body>

From owner-svn-doc-all@freebsd.org  Mon Nov 30 13:02:06 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3A77F47BB2C;
 Mon, 30 Nov 2020 13:02:06 +0000 (UTC)
 (envelope-from ryusuke@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Cl53f18cKz3Lrg;
 Mon, 30 Nov 2020 13:02:06 +0000 (UTC)
 (envelope-from ryusuke@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1AD1023ABD;
 Mon, 30 Nov 2020 13:02:06 +0000 (UTC)
 (envelope-from ryusuke@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0AUD250n033481;
 Mon, 30 Nov 2020 13:02:05 GMT (envelope-from ryusuke@FreeBSD.org)
Received: (from ryusuke@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0AUD25op033480;
 Mon, 30 Nov 2020 13:02:05 GMT (envelope-from ryusuke@FreeBSD.org)
Message-Id: <202011301302.0AUD25op033480@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ryusuke set sender to
 ryusuke@FreeBSD.org using -f
From: Ryusuke SUZUKI <ryusuke@FreeBSD.org>
Date: Mon, 30 Nov 2020 13:02:05 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54722 - head/ja_JP.eucJP/books/handbook/x11
X-SVN-Group: doc-head
X-SVN-Commit-Author: ryusuke
X-SVN-Commit-Paths: head/ja_JP.eucJP/books/handbook/x11
X-SVN-Commit-Revision: 54722
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2020 13:02:06 -0000

Author: ryusuke
Date: Mon Nov 30 13:02:05 2020
New Revision: 54722
URL: https://svnweb.freebsd.org/changeset/doc/54722

Log:
  - Merge the following from the English version:
  
  	r54661 -> r54719	head/ja_JP.eucJP/books/handbook/x11/chapter.xml

Modified:
  head/ja_JP.eucJP/books/handbook/x11/chapter.xml

Modified: head/ja_JP.eucJP/books/handbook/x11/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/x11/chapter.xml	Mon Nov 30 09:24:16 2020	(r54721)
+++ head/ja_JP.eucJP/books/handbook/x11/chapter.xml	Mon Nov 30 13:02:05 2020	(r54722)
@@ -3,7 +3,7 @@
      The FreeBSD Documentation Project
      The FreeBSD Japanese Documentation Project
 
-     Original revision: r54661
+     Original revision: r54719
      $FreeBSD$
 -->
 <chapter xmlns="http://docbook.org/ns/docbook"
@@ -1119,12 +1119,12 @@ EndSection</programlisting>
 	¥Õ¥¡¥¤¥ë¤Ë <literal>FontPath</literal> ¹Ô¤òÄɲä·¤Þ¤¹¡£</para>
 
       <para>¤³¤ì¤Ç <application>Gimp</application> ¤ä
-	<application>Apache OpenOffice</application>
+	<application>LibreOffice</application>
 	¤È¤¤¤Ã¤¿¤¹¤Ù¤Æ¤Î X ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤«¤é
 	&truetype; ¥Õ¥©¥ó¥È¤ò»È¤¦¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
 	(¹â²òÁüÅ٤ʥǥ£¥¹¥×¥ì¥¤¤Ç¸«¤ë¥¦¥§¥Ö¥Ú¡¼¥¸¾å¤Î¥Æ¥­¥¹¥È¤ß¤¿¤¤¤Ê)
 	¤È¤Æ¤â¾®¤µ¤Ê¥Õ¥©¥ó¥È¤ä
-	(<application>&staroffice;</application> ¤Ë¤¢¤ë¤è¤¦¤Ê)
+	(<application>LibreOffice</application> ¤Ë¤¢¤ë¤è¤¦¤Ê)
 	Èó¾ï¤ËÂ礭¤Ê¥Õ¥©¥ó¥È¤â¤«¤Ê¤êåºÎï¤Ë¸«¤¨¤ë¤è¤¦¤Ë¤Ê¤ë¤³¤È¤Ç¤·¤ç¤¦¡£</para>
     </sect2>
 

From owner-svn-doc-all@freebsd.org  Mon Nov 30 13:12:00 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D9EFD47C08B;
 Mon, 30 Nov 2020 13:12:00 +0000 (UTC)
 (envelope-from ryusuke@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Cl5H459tBz3Mvg;
 Mon, 30 Nov 2020 13:12:00 +0000 (UTC)
 (envelope-from ryusuke@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A318D23C62;
 Mon, 30 Nov 2020 13:12:00 +0000 (UTC)
 (envelope-from ryusuke@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0AUDC0lG038658;
 Mon, 30 Nov 2020 13:12:00 GMT (envelope-from ryusuke@FreeBSD.org)
Received: (from ryusuke@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0AUDC0r5038657;
 Mon, 30 Nov 2020 13:12:00 GMT (envelope-from ryusuke@FreeBSD.org)
Message-Id: <202011301312.0AUDC0r5038657@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ryusuke set sender to
 ryusuke@FreeBSD.org using -f
From: Ryusuke SUZUKI <ryusuke@FreeBSD.org>
Date: Mon, 30 Nov 2020 13:12:00 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54723 - head/ja_JP.eucJP/htdocs
X-SVN-Group: doc-head
X-SVN-Commit-Author: ryusuke
X-SVN-Commit-Paths: head/ja_JP.eucJP/htdocs
X-SVN-Commit-Revision: 54723
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2020 13:12:00 -0000

Author: ryusuke
Date: Mon Nov 30 13:12:00 2020
New Revision: 54723
URL: https://svnweb.freebsd.org/changeset/doc/54723

Log:
  - Merge the following from the English version:
  
  	r54662 -> r54710	head/ja_JP.eucJP/htdocs/where.xml

Modified:
  head/ja_JP.eucJP/htdocs/where.xml

Modified: head/ja_JP.eucJP/htdocs/where.xml
==============================================================================
--- head/ja_JP.eucJP/htdocs/where.xml	Mon Nov 30 13:02:05 2020	(r54722)
+++ head/ja_JP.eucJP/htdocs/where.xml	Mon Nov 30 13:12:00 2020	(r54723)
@@ -6,7 +6,7 @@
 <!ENTITY url.snapshot "https://download.FreeBSD.org/ftp/snapshots">
 ]>
 <!-- The FreeBSD Japanese Documentation Project -->
-<!-- Original revision: r54662 -->
+<!-- Original revision: r54710 -->
 
 <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
@@ -68,8 +68,6 @@
 
     <a name="download"></a>
 
-    <a name="download-rel121"></a>
-
     <a name="download-rel122"></a>
 
     <h1>&os; &rel122.current;-RELEASE</h1>
@@ -134,6 +132,8 @@
     </table>
     <br />
 
+    <a name="download-rel121"></a>
+
     <h1>&os; &rel121.current;-RELEASE</h1>
 
     <table class="tblbasic tblwide tbldownload">
@@ -304,19 +304,11 @@
 	  </td>
 	  <td>
 	    <ul class="txtdownloadlist">
-	      <li><a href="&url.snapshot;/arm/armv7/ISO-IMAGES/&rel.head;/">BANANAPI</a></li>
-	      <li><a href="&url.snapshot;/arm/armv7/ISO-IMAGES/&rel.head;/">BEAGLEBONE</a></li>
-	      <li><a href="&url.snapshot;/arm/armv7/ISO-IMAGES/&rel.head;/">CUBIEBOARD</a></li>
-	      <li><a href="&url.snapshot;/arm/armv7/ISO-IMAGES/&rel.head;/">CUBIEBOARD2</a></li>
-	      <li><a href="&url.snapshot;/arm/armv7/ISO-IMAGES/&rel.head;/">CUBOX/HUMMINGBOARD</a></li>
 	      <li><a href="&url.snapshot;/arm/armv7/ISO-IMAGES/&rel.head;/">GENERICSD</a></li>
-	      <li><a href="&url.snapshot;/arm/armv7/ISO-IMAGES/&rel.head;/">PANDABOARD</a></li>
 	      <li><a href="&url.snapshot;/arm64/aarch64/ISO-IMAGES/&rel.head;/">PINE64</a></li>
 	      <li><a href="&url.snapshot;/arm64/aarch64/ISO-IMAGES/&rel.head;/">PINE64-LTS</a></li>
 	      <li><a href="&url.snapshot;/arm/armv6/ISO-IMAGES/&rel.head;/">RPI-B</a></li>
-	      <li><a href="&url.snapshot;/arm/armv7/ISO-IMAGES/&rel.head;/">RPI2</a></li>
 	      <li><a href="&url.snapshot;/arm64/aarch64/ISO-IMAGES/&rel.head;/">RPI3</a></li>
-	      <li><a href="&url.snapshot;/arm/armv7/ISO-IMAGES/&rel.head;/">WANDBOARD</a></li>
 	    </ul>
 	  </td>
 	  <td>

From owner-svn-doc-all@freebsd.org  Mon Nov 30 21:22:02 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id B54434A82F9;
 Mon, 30 Nov 2020 21:22:02 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4ClJ8V4nk2z4jmK;
 Mon, 30 Nov 2020 21:22:02 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 97B5921B4;
 Mon, 30 Nov 2020 21:22:02 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0AULM24w048191;
 Mon, 30 Nov 2020 21:22:02 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0AULM2dT048190;
 Mon, 30 Nov 2020 21:22:02 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <202011302122.0AULM2dT048190@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
 using -f
From: Glen Barber <gjb@FreeBSD.org>
Date: Mon, 30 Nov 2020 21:22:02 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54724 - head/en_US.ISO8859-1/htdocs/releases/13.0R
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/13.0R
X-SVN-Commit-Revision: 54724
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2020 21:22:02 -0000

Author: gjb
Date: Mon Nov 30 21:22:02 2020
New Revision: 54724
URL: https://svnweb.freebsd.org/changeset/doc/54724

Log:
  Fix the code slush date for 13.0.
  
  Submitted by:	scottl (in part)
  Sponsored by:	Rubicon Communications, LLC (netgate.com)

Modified:
  head/en_US.ISO8859-1/htdocs/releases/13.0R/schedule.xml

Modified: head/en_US.ISO8859-1/htdocs/releases/13.0R/schedule.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/13.0R/schedule.xml	Mon Nov 30 13:12:00 2020	(r54723)
+++ head/en_US.ISO8859-1/htdocs/releases/13.0R/schedule.xml	Mon Nov 30 21:22:02 2020	(r54724)
@@ -87,7 +87,7 @@
 
       <tr>
 	<td>Code slush begins</td>
-	<td>21&nbsp;January&nbsp;2021</td>
+	<td>8&nbsp;January&nbsp;2021</td>
 	<td>-</td>
 	<td>Release Engineers announce that all further commits to the
 	  &local.branch.head; branch will not require explicit

From owner-svn-doc-all@freebsd.org  Tue Dec  1 13:27:22 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3A1FA4A9E02;
 Tue,  1 Dec 2020 13:27:22 +0000 (UTC) (envelope-from ygy@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CljZL19S1z3nTC;
 Tue,  1 Dec 2020 13:27:22 +0000 (UTC) (envelope-from ygy@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 16B1216166;
 Tue,  1 Dec 2020 13:27:22 +0000 (UTC) (envelope-from ygy@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B1DRLqC068355;
 Tue, 1 Dec 2020 13:27:21 GMT (envelope-from ygy@FreeBSD.org)
Received: (from ygy@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B1DRL3J068354;
 Tue, 1 Dec 2020 13:27:21 GMT (envelope-from ygy@FreeBSD.org)
Message-Id: <202012011327.0B1DRL3J068354@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ygy set sender to ygy@FreeBSD.org
 using -f
From: Guangyuan Yang <ygy@FreeBSD.org>
Date: Tue, 1 Dec 2020 13:27:21 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54725 - head/en_US.ISO8859-1/books/handbook/security
X-SVN-Group: doc-head
X-SVN-Commit-Author: ygy
X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/security
X-SVN-Commit-Revision: 54725
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 13:27:22 -0000

Author: ygy
Date: Tue Dec  1 13:27:21 2020
New Revision: 54725
URL: https://svnweb.freebsd.org/changeset/doc/54725

Log:
  Fix typos in Handbook sections 13.3 and 13.5.
  
  PR:		251478
  Submitted by:	Andreas <panden@gmail.com>

Modified:
  head/en_US.ISO8859-1/books/handbook/security/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml	Mon Nov 30 21:22:02 2020	(r54724)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml	Tue Dec  1 13:27:21 2020	(r54725)
@@ -741,7 +741,7 @@ MOS MALL GOAT ARM AVID COED</screen>
 
       <para>The <option>-c</option> sets console mode which assumes
 	that the command is being run from a secure location, such as
-	a computer under the user's control or a
+	a computer under the user's control or an
 	<acronym>SSH</acronym> session to a computer under the user's
 	control.</para>
 
@@ -1722,7 +1722,7 @@ kadmind_enable="YES"</programlisting>
 	and services to authenticate between themselves.  It does not
 	have a mechanism to authenticate the
 	<acronym>KDC</acronym> to the users, hosts, or services.  This
-	means that a trojanned <command>kinit</command> could record
+	means that a trojaned <command>kinit</command> could record
 	all user names and passwords.  File system integrity checking
 	tools like <package>security/tripwire</package> can
 	alleviate this.</para>

From owner-svn-doc-all@freebsd.org  Tue Dec  1 19:53:42 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 58ED64B2E1F;
 Tue,  1 Dec 2020 19:53:42 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Clt861yJHz4nhY;
 Tue,  1 Dec 2020 19:53:42 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 35A821B509;
 Tue,  1 Dec 2020 19:53:42 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B1JrgOD016966;
 Tue, 1 Dec 2020 19:53:42 GMT (envelope-from gordon@FreeBSD.org)
Received: (from gordon@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B1JreFr016958;
 Tue, 1 Dec 2020 19:53:40 GMT (envelope-from gordon@FreeBSD.org)
Message-Id: <202012011953.0B1JreFr016958@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gordon set sender to
 gordon@FreeBSD.org using -f
From: Gordon Tetlow <gordon@FreeBSD.org>
Date: Tue, 1 Dec 2020 19:53:40 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54726 - in head/share: security/advisories
 security/patches/EN-20:19 security/patches/EN-20:20 security/patches/EN-20:21
 security/patches/EN-20:22 security/patches/SA-20:31 security/pa...
X-SVN-Group: doc-head
X-SVN-Commit-Author: gordon
X-SVN-Commit-Paths: in head/share: security/advisories
 security/patches/EN-20:19 security/patches/EN-20:20 security/patches/EN-20:21
 security/patches/EN-20:22 security/patches/SA-20:31 security/patches/SA-20:32
 xml
X-SVN-Commit-Revision: 54726
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 19:53:42 -0000

Author: gordon (src committer)
Date: Tue Dec  1 19:53:40 2020
New Revision: 54726
URL: https://svnweb.freebsd.org/changeset/doc/54726

Log:
  Add EN-20:19 to EN-20:22, SA-20:31, and SA-20:32.
  
  Approved by:	so

Added:
  head/share/security/advisories/FreeBSD-EN-20:19.audit.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-EN-20:20.tzdata.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-EN-20:21.ipfw.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-EN-20:22.callout.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-20:31.icmp6.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-20:32.rtsold.asc   (contents, props changed)
  head/share/security/patches/EN-20:19/
  head/share/security/patches/EN-20:19/audit.12.1.patch   (contents, props changed)
  head/share/security/patches/EN-20:19/audit.12.1.patch.asc   (contents, props changed)
  head/share/security/patches/EN-20:19/audit.12.2.patch   (contents, props changed)
  head/share/security/patches/EN-20:19/audit.12.2.patch.asc   (contents, props changed)
  head/share/security/patches/EN-20:20/
  head/share/security/patches/EN-20:20/tzdata-2020d.patch   (contents, props changed)
  head/share/security/patches/EN-20:20/tzdata-2020d.patch.asc   (contents, props changed)
  head/share/security/patches/EN-20:21/
  head/share/security/patches/EN-20:21/ipfw.patch   (contents, props changed)
  head/share/security/patches/EN-20:21/ipfw.patch.asc   (contents, props changed)
  head/share/security/patches/EN-20:22/
  head/share/security/patches/EN-20:22/callout.12.1.patch   (contents, props changed)
  head/share/security/patches/EN-20:22/callout.12.1.patch.asc   (contents, props changed)
  head/share/security/patches/EN-20:22/callout.12.2.patch   (contents, props changed)
  head/share/security/patches/EN-20:22/callout.12.2.patch.asc   (contents, props changed)
  head/share/security/patches/SA-20:31/
  head/share/security/patches/SA-20:31/icmp6.11.4.patch   (contents, props changed)
  head/share/security/patches/SA-20:31/icmp6.11.4.patch.asc   (contents, props changed)
  head/share/security/patches/SA-20:31/icmp6.12.1.patch   (contents, props changed)
  head/share/security/patches/SA-20:31/icmp6.12.1.patch.asc   (contents, props changed)
  head/share/security/patches/SA-20:31/icmp6.12.2.patch   (contents, props changed)
  head/share/security/patches/SA-20:31/icmp6.12.2.patch.asc   (contents, props changed)
  head/share/security/patches/SA-20:32/
  head/share/security/patches/SA-20:32/rtsold.patch   (contents, props changed)
  head/share/security/patches/SA-20:32/rtsold.patch.asc   (contents, props changed)
Modified:
  head/share/xml/advisories.xml
  head/share/xml/notices.xml

Added: head/share/security/advisories/FreeBSD-EN-20:19.audit.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-20:19.audit.asc	Tue Dec  1 19:53:40 2020	(r54726)
@@ -0,0 +1,142 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-20:19.audit                                          Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          execve/fexecve system call auditing
+
+Category:       core
+Module:         kernel
+Announced:      2020-12-01
+Affects:        FreeBSD 12.1 and later.
+Corrected:      2020-10-27 13:13:04 UTC (stable/12, 12.2-STABLE)
+                2020-12-01 19:34:45 UTC (releng/12.2, 12.2-RELEASE-p1)
+                2020-12-01 19:34:45 UTC (releng/12.1, 12.1-RELEASE-p11)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The audit(4) facility allows a system administrator to audit
+security-relevant events.  System calls are one such security-related event,
+and the audit(4) facility will record whether the system call was successful
+along with other important details.
+
+II.  Problem Description
+
+All execve/fexecve system calls in affected versions will be reported as a
+failure, even upon successful execution.  For affected kernels, the exact
+error reported is EJUSTRETURN, 201, or "Just return" depending on the tooling
+used.  These can safely be considered successful returns for the fexecve and
+execve system calls.  Note that audit trails that were produced by kernels
+starting with FreeBSD 12.0 will exhibit this problem.
+
+III. Impact
+
+It is important to be able to determine when a process is, for instance,
+executing a shell.  Such events may be indicative of an intrusion if they
+are not expected.  Failure to report such an execution as successful may
+result in intrusions that are no longer detectable.
+
+IV.  Workaround
+
+No workaround is available.  This error is irrelevant for system
+administrators that do not use the audit(4) facility.  Users of the
+audit(4) facility could detect the specific error that is being
+returned as success, but this may complicate auditing as all failures
+must be recorded.
+
+V.   Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.2]
+# fetch https://security.FreeBSD.org/patches/EN-20:19/audit.12.2.patch
+# fetch https://security.FreeBSD.org/patches/EN-20:19/audit.12.2.patch.asc
+# gpg --verify audit.12.2.patch.asc
+
+[FreeBSD 12.1]
+# fetch https://security.FreeBSD.org/patches/EN-20:19/audit.12.1.patch
+# fetch https://security.FreeBSD.org/patches/EN-20:19/audit.12.1.patch.asc
+# gpg --verify audit.12.1.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r367080
+releng/12.2/                                                      r368249
+releng/12.1/                                                      r368249
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249179>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:19.audit.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GnclfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKqdBAAjBubNRAnzviekLybf9W6QnFT+9LrdoHEKM0epXT7GxHeGdKSbWwJPvaO
+PmogRZ88uPOvaRVYIjGLXjJf48zA6D5LuQrVre0BEICVsLEaKcoQpwqOgtSKroI4
+LguI26tLC/TmzWMid7CUeDOxzY0yg+t8QWPvrc9kDCZVqDFjrWtUDurLYM50p8Rm
+FHfbWgFg0g3ytPF6k7DuafDrSJIs0lULwOtAPBrYR5chTr3/quc6onU99B6oxo4K
+rRe4Se458M3Gm637lADAqqyRXtzwMXZ+bJBRFjdMZb3gn6QSRphHluXosv9EWwZe
+FV5muyouYzxObkE4ev8dXF8Xx6LyuWfYLj5r064DRS7oFIZjIc/5F3wUITmkzCSc
+iqOPZ545JO2Mxd5JwgA6QMy1YagHJb4MKDpwoQG5EHdNSSIRxRy9SEnyyxB/boMw
+c65iw+SXM6ln+iAoFO9tyoLF5ek9OFRMH/1hemkY82eECcMA2m8/taSHb3++YOQr
+7tmGjBZpynj/xDLQKwQiOrz5bVSPkWFc/4q9yQWAg/IoRPs+j/bsu1QoFlZX5b/8
+/161dxwjs5ZLsTj+/oV/cBKQSWIFkSkbaK61ZAdrysXmGHB1jJ6OZDlsXK9kptHr
+XavfRbYVCs8tB6NmWWEcfRQvLso20u+9zLO2X0yGz0+XEpKNU4k=
+=QTo/
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-EN-20:20.tzdata.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-20:20.tzdata.asc	Tue Dec  1 19:53:40 2020	(r54726)
@@ -0,0 +1,148 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-20:20.tzdata                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Timezone database information update
+
+Category:       contrib
+Module:         zoneinfo
+Announced:      2020-12-01
+Affects:        All supported versions of FreeBSD.
+Corrected:      2020-10-23 01:06:33 UTC (stable/12, 12.1-STABLE)
+                2020-12-01 19:35:48 UTC (releng/12.2, 12.2-RELEASE-p1)
+                2020-12-01 19:35:48 UTC (releng/12.1, 12.1-RELEASE-p11)
+                2020-10-23 01:06:42 UTC (stable/11, 11.4-STABLE)
+                2020-12-01 19:35:48 UTC (releng/11.4, 11.4-RELEASE-p5)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The tzsetup(8) program allows the user to specify the default local timezone.
+Based on the selected timezone, tzsetup(8) copies one of the files from
+/usr/share/zoneinfo to /etc/localtime.  This file actually controls the
+conversion.
+
+II.  Problem Description
+
+Several changes in Daylight Saving Time happened after previous FreeBSD
+releases were released that would affect many people who live in different
+parts of the world.  Because of these changes, the data in the zoneinfo files
+need to be updated, and if the local timezone on the running system is
+affected, tzsetup(8) needs to be run so the /etc/localtime is updated.
+
+III. Impact
+
+An incorrect time will be displayed on a system configured to use one of the
+affected timezones if the /usr/share/zoneinfo and /etc/localtime files are
+not updated, and all applications on the system that rely on the system time,
+such as cron(8) and syslog(8), will be affected.
+
+IV.  Workaround
+
+The system administrator can install an updated timezone database from the
+misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected.
+
+Applications that store and display times in Coordinated Universal Time (UTC)
+are not affected.
+
+V.   Solution
+
+Please note that some third party software, for instance PHP, Ruby, Java and
+Perl, may be using different zoneinfo data source, in such cases this
+software must be updated separately.  For software packages that is installed
+via binary packages, they can be upgraded by executing `pkg upgrade'.
+
+Following the instructions in this Errata Notice will update all of the
+zoneinfo files to be the same as what was released with FreeBSD release.
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.  Restart all the affected
+applications and daemons, or reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all the affected applications and daemons, or reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-20:20/tzdata-2020d.patch
+# fetch https://security.FreeBSD.org/patches/EN-20:20/tzdata-2020d.patch.asc
+# gpg --verify tzdata-2020d.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all the affected applications and daemons, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r366956
+releng/12.2/                                                      r368251
+releng/12.1/                                                      r368251
+stable/11/                                                        r366957
+releng/11.4/                                                      r368251
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:20.tzdata.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GndRfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLWBw/9HeAWb+xuxt8CdZUD+99vXFdHb8gLSFrlFZbHnjDwrGhz4yrAzO/3NFxh
+j+DQugxxUgLvJpm3W+sYAwqO7TjJE2DkG2BV2r4vdMCax3YpkPqvuk/3oYdVy+nm
+c0LTJDwHLWhluO7nrA3v49yOPICMGW1Xb7S7hNPHQaRCEVfP3hI61LM9sHAEp3zW
+Q44qWfeXK46grCCbviDI+GVYmQr3/b5QJbvLidzIAz+XTToD88+DDgaowwg8GuUn
+9v29aT8LjLB2XNYxRr3CZ5khdZTT5q+CGWSb0VvKHKaRgFMNLYw7gTKDOFTBQi0x
+utonkT5Jsxq6kqHbp9drA6LMvUzWOThrabxCaJEk5p7t5FQWtYUfDTsspThwS54e
+6n2cSCNg8j3eW6YVF7CVvCrUEsXejA/bv0ZW0M896oy5xizTKa6Yjh1llqNvpJ1h
+jW9UrxtI4oGQ+Q2cUc7+85P7ddNQ/wO/SHIRVcKPHVBbs8u0YAikGjUzEhWR/pDD
+tzUpNR3UTOIq96h1J+sK+jxk7arw6gCIksNDCKo3AI2DoXTe12K2OdG88OKW/t5P
+iZZZufbAvY88SdKSGlBHbSXZLiMB+uH1NTI2Fab4XIetXdZq/5TPX7rRmlINS8nd
+LMqCDSsVhjaUR6E1D3pOamo3n8IZgiluxqx7JZ2m9p0nKMjHDZo=
+=gsQm
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-EN-20:21.ipfw.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-20:21.ipfw.asc	Tue Dec  1 19:53:40 2020	(r54726)
@@ -0,0 +1,118 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-20:21.ipfw                                           Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Uninitialized variable in ipfw
+
+Category:       core
+Module:         ipfw
+Announced:      2020-12-01
+Affects:        FreeBSD 12.2
+Corrected:      2020-10-18 20:54:15 UTC (stable/12, 12.2-STABLE)
+                2020-12-01 19:36:36 UTC (releng/12.2, 12.2-RELEASE-p1)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+ipfw(8) is the command-line utility used to configure the ipfw(4) firewall.
+
+II.  Problem Description
+
+A regression in FreeBSD 12.2 meant that ipfw(8) fwd commands referencing
+specific port numbers may configure the firewall incorrectly.
+
+III. Impact
+
+Forwarding rules referencing port numbers may not work as configured.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-20:21/ipfw.patch
+# fetch https://security.FreeBSD.org/patches/EN-20:21/ipfw.patch.asc
+# gpg --verify ipfw.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r366816
+releng/12.2/                                                      r368252
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250434>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:21.ipfw.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GndRfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLY3w/8DpeBoG7dMm3m60BFStxuQMkUKwuMNiYXVOADLIACLW5F8fRxleAiMh1n
+09YHHO/OfoGuuI8FkviqUfwBQsX9ljY8x35/UUZtf19YTllKvmz8gTTAVYmkO0g/
+ohEZBMsA9h9Wfnn51/CVziTtO597mbLsJrt+lXnYVJLUIFdf6VNbK719ZtUOq53v
+5mMKaFqyZJzDTouXePPVirvsiM5a2S7qVSoWTDEgog6iYxvEeXhd4Mtbaxbl2UW5
+JJ1ZUycIUECCu2MI09JxZhRaRLnUA4RfzGIu63wxUJtfiKyIK0Afn3Gm/nyF+Sop
+X/rm7jg1DDdqMd55QdG9AchI4D4C0DcJbTo4r8OSRFzmwQlTAsfOAlrH3ov+E+0f
+rZ8SN2gjR/y+cdWQJxQ04pGh9NJkdrWMZJdZ047NnO8jF25rSN3iMgY6PydhE5TT
+JKZXcfjTUqGeFveeMqdaZ5uoUyKaE/DnrNimv7Y4tcY0dsRIVIZQb6ml1dJdrkCG
+6R5/yboAp2m9dtkplGUOo7cRae8bxXTQteANhZJYT3dqKDMKUJCw6ZShmr0pg2Of
+KASqUMdHYSIyGoUaQ+Pd3s5UweuG8NEZt+p302qbn8cBCncMioibZqUJyo0lt/zn
+jVFCZuepLOSGH7u0hYvlizkpbsXkUraBkQOTelqYyxXGoWF7WQg=
+=N2u/
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-EN-20:22.callout.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-20:22.callout.asc	Tue Dec  1 19:53:40 2020	(r54726)
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-20:22.callout                                        Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Race condition in callout CPU migration
+
+Category:       core
+Module:         callout
+Announced:      2020-12-01
+Affects:        FreeBSD 12.1 and 12.2
+Corrected:      2020-11-26 14:57:30 UTC (stable/12, 12.2-STABLE)
+                2020-12-01 19:37:33 UTC (releng/12.2, 12.2-RELEASE-p1)
+                2020-12-01 19:37:33 UTC (releng/12.1, 12.1-RELEASE-p11)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The callout(9) kernel subsystem is used by other kernel subsystems to request
+execution of a function following a specified timeout.  callout(9) implements
+an interface which allows a pending callout to be stopped.
+
+II.  Problem Description
+
+Callouts may be bound to a specific CPU, in which case that CPU is
+responsible for raising the timer interrupt which schedules execution of the
+callout.
+
+A kernel thread may attempt to stop a callout while it is actively executing,
+in which case the thread goes to sleep until execution has completed.  In the
+meantime the callout may be re-scheduled and re-executed on a different CPU.
+In this scenario, when the sleeping thread finally completes removal of the
+callout from some internal data structures, it may modify the wrong CPU's
+data structures and thus leave them in an invalid state.
+
+III. Impact
+
+The bug may result in kernel panics under some workloads, typically in the
+softclock threads.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.2]
+# fetch https://security.FreeBSD.org/patches/EN-20:22/callout.12.2.patch
+# fetch https://security.FreeBSD.org/patches/EN-20:22/callout.12.2.patch.asc
+# gpg --verify callout.12.2.patch.asc
+
+[FreeBSD 12.1]
+# fetch https://security.FreeBSD.org/patches/EN-20:22/callout.12.1.patch
+# fetch https://security.FreeBSD.org/patches/EN-20:22/callout.12.1.patch.asc
+# gpg --verify callout.12.1.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r368057
+releng/12.2/                                                      r368254
+releng/12.1/                                                      r368254
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:22.callout.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GndVfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJUHxAAg1Mw+GeweWrKv/qaDymHW6YTGF8/y1qJ9YQKhVZ4QCtFMX2E467Slh35
+sVOtfVsfUxKmwsKfdEM93sw9uSjj6///TodhF9vJMKGk/uVpF+PHrnFLtD+2VONs
+jhAtH1R5tatIQEZeijaGBGizxXQRN2y2PqUQfKBNIqO5u06rG3KonNI+Cx1TGKm1
+4R0ua06s0i2WpTsdW6AMszJqD3WbvlV7W5aM5pRfWtGM/OFksBKp/ScJ4J/MdOhh
+11g4RsbvPvxGwBMad32TDV9Npjmkcjy65Ro92RUHAkDOT9Eftt18w1JYNaOxl+/p
+fcS7cLBjdXJgvARJ57turXEiQT03SemG7yu9mr3SB//2Kh/RNVE5KFZev+i1kZOe
+98NS8+AYNyN3ovg5ceESuXBpVM+T+mFMu6NLfNFSfgfd0OneNSiiB0uDt2B07TWN
+LM0bz3vrq91GSnf7EZWppx/f3e8wIT0lBXcpJMJo9T56096ewoPMx9C5/RNqcrpL
+LskXRnwi8od0o8nw7nDWYlIGiAfWkwzXm5slvKA0v2c9qVsyB7OWtGtS+YonOb4c
+Eyc5b14MoRb9Y4J/fZHm3gWDVP9OQDWxyRTXvLZq8QCYmOYFoXspIM6kM5geOIZH
+S/X3Xl671coCtCJcQVQJShMwgEcEeUCtJcKEOJ+gC3f60E0aLS0=
+=l7SY
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-SA-20:31.icmp6.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-20:31.icmp6.asc	Tue Dec  1 19:53:40 2020	(r54726)
@@ -0,0 +1,152 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-20:31.icmp6                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          ICMPv6 use-after-free in error message handling
+
+Category:       core
+Module:         icmp6
+Announced:      2020-12-01
+Credits:        Maxime Villard
+Affects:        All supported versions of FreeBSD.
+Corrected:      2020-11-05 22:41:54 UTC (stable/12, 12.2-STABLE)
+                2020-12-01 19:38:52 UTC (releng/12.2, 12.2-RELEASE-p1)
+                2020-12-01 19:38:52 UTC (releng/12.1, 12.1-RELEASE-p11)
+                2020-12-01 03:07:26 UTC (stable/11, 11.4-STABLE)
+                2020-12-01 19:38:52 UTC (releng/11.4, 11.4-RELEASE-p5)
+CVE Name:       CVE-2020-7469
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+ICMPv6 is the ICMP protocol for IPv6.  It is used to transmit informational
+and error messages between IPv6 hosts.
+
+II.  Problem Description
+
+When an ICMPv6 error message is received, the FreeBSD ICMPv6 stack may
+extract information from the message to hand to upper-layer protocols.  As a
+part of this operation, it may parse IPv6 header options from a packet
+embedded in the ICMPv6 message.
+
+The handler for a routing option caches a pointer into the packet buffer
+holding the ICMPv6 message.  However, when processing subsequent options the
+packet buffer may be freed, rendering the cached pointer invalid.  The
+network stack may later dereference the pointer, potentially triggering a
+use-after-free.
+
+III. Impact
+
+A remote host may be able to trigger a read of freed kernel memory.  This may
+trigger a kernel panic if the address had been unmapped.
+
+IV.  Workaround
+
+Systems with IPv6 disabled are not affected.  No workaround is available
+except to disable IPv6 on the system's network interfaces.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date and
+reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.2]
+# fetch https://security.FreeBSD.org/patches/SA-20:31/icmp6.12.2.patch
+# fetch https://security.FreeBSD.org/patches/SA-20:31/icmp6.12.2.patch.asc
+# gpg --verify icmp6.12.2.patch.asc
+
+[FreeBSD 12.1]
+# fetch https://security.FreeBSD.org/patches/SA-20:31/icmp6.12.1.patch
+# fetch https://security.FreeBSD.org/patches/SA-20:31/icmp6.12.1.patch.asc
+# gpg --verify icmp6.12.1.patch.asc
+
+[FreeBSD 11.4]
+# fetch https://security.FreeBSD.org/patches/SA-20:31/icmp6.11.4.patch
+# fetch https://security.FreeBSD.org/patches/SA-20:31/icmp6.11.4.patch.asc
+# gpg --verify icmp6.11.4.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r367402
+releng/12.2/                                                      r368255
+releng/12.1/                                                      r368255
+stable/11/                                                        r368202
+releng/11.4/                                                      r368255
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<other info on vulnerability>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7469>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:31.icmp6.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GndVfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIE8g//d4TXo4cXH4H0k6Et5lCoKz7R+x/wE6EuTymvKOiYyvwGwk3TZnLwhSSr
++FmwYMa0nQfHl3JdbUFYcQdA8Q/mvh0OZf55icRRHwchA+V9ENzuN8DqP1FPbL09
+Ar3Q7osE2LyblTX9vOF0KYNWT+OmUZE5BDHEJ+OD5TKV2xWMkrksVOylXdKKgNyK
+Umc3uccud3nvBlrIeP5SiNewCP06/SEZkSovFI1QKCVJGs4hCO97Es0RWiY9MkPG
+JcUOdCsYVrvfcWNeRkcAqnH/vgWQYBumSW15ldNGIrMaUAi0DiDTisFIifPI1z8T
+j+WmxN2IGvjYQzLBLhpJqq9Ox1OUD2R6Q0YSsndMHgf2bo1HheVUtQlBPMOq/V/8
+I74Ppu2NPxdh2ocUzk60XaNZ2PuZhqkDMOLqZLcKNEe7m94ImzfNxtDGyRkEwpbw
+/Vu4ysFrHQR4derU3c9TV+LJwCYaoNw//0WKpcycnqfvb/y5dWgOc3sBf5zwiuRL
+NNwRnnRK/gaGoigJxm/Ev2SNsJDLs0g7IuscwYPRtadi1eUTeKeJFg3yvSVTYRov
+tGPIhWYmWvOmKSg8ZGIAnTcXeNleyymw+vi6l0gHtwcLJ0AjdbVEWZ3FCy7XvD3c
+yRbkJ4ORllto95caGGtzHDj0CMShYaOMNhrf+QrEYDRMB8jfXh0=
+=a0pv
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-SA-20:32.rtsold.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-20:32.rtsold.asc	Tue Dec  1 19:53:40 2020	(r54726)
@@ -0,0 +1,156 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-20:32.rtsold                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple vulnerabilities in rtsold
+
+Category:       core
+Module:         rtsold
+Announced:      2020-12-01
+Credits:        Quarkslab Vulnerability Reports
+Affects:        All supported versions of FreeBSD
+Corrected:      2020-12-01 19:35:48 UTC (stable/12, 12.2-STABLE)
+                2020-12-01 19:39:44 UTC (releng/12.2, 12.2-RELEASE-p1)
+                2020-12-01 19:39:44 UTC (releng/12.1, 12.1-RELEASE-p11)
+                2020-12-01 19:36:37 UTC (stable/11, 11.4-STABLE)
+                2020-12-01 19:39:44 UTC (releng/11.4, 11.4-RELEASE-p5)
+CVE Name:       CVE-2020-25577
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+As part of the stateless address autoconfiguration (SLAAC) mechanism, IPv6
+routers periodically broadcast router advertisement messages on attached
+networks to inform hosts of the correct network prefix, router address and
+MTU, as well as additional network parameters such as the DNS servers
+(RDNSS), DNS search list (DNSSL) and whether a stateful configuration service
+is available.  Hosts that have recently joined the network can broadcast a
+router solicitation message to solicit an immediate advertisement instead of
+waiting for the next periodic advertisement.
+
+The router solicitation daemon, rtsold(8), broadcasts router solicitation
+messages at startup or when the state of an interface changes from passive to
+active.  Incoming router advertisement messages are first processed by the
+kernel and then passed on to rtsold(8), which handles the DNS and stateful
+configuration options.
+
+II.  Problem Description
+
+Two bugs exist in rtsold(8)'s RDNSS and DNSSL option handling.  First,
+rtsold(8) failed to perform sufficient bounds checking on the extent of the
+option.  In particular, it does not verify that the option does not extend
+past the end of the received packet before processing its contents.  The
+kernel currently ignores such malformed packets but still passes them to
+userspace programs.
+
+Second, when processing a DNSSL option, rtsold(8) decodes domain name labels
+per an encoding specified in RFC 1035 in which the first octet of each label
+contains the label's length.  rtsold(8) did not validate label lengths
+correctly and could overflow the destination buffer.
+
+III. Impact
+
+It is believed that these bugs could be exploited to gain remote code
+execution within the rtsold(8) daemon, which runs as root.  Note that
+rtsold(8) only processes messages received from hosts attached to the same
+physical link as the interface(s) on which rtsold(8) is listening.
+
+In FreeBSD 12.2 rtsold(8) runs in a Capsicum sandbox, limiting the scope of a
+compromised rtsold(8) process.
+
+IV.  Workaround
+
+No workaround is available, but systems that do not run rtsold(8) are not
+affected.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-20:32/rtsold.patch
+# fetch https://security.FreeBSD.org/patches/SA-20:32/rtsold.patch.asc
+# gpg --verify rtsold.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r368250
+releng/12.2/                                                      r368256
+releng/12.1/                                                      r368256
+stable/11/                                                        r368253
+releng/11.4/                                                      r368256
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25577>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GndZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIUXQ/+K/FAB22beBBiOUDaRMF0n4a/umwvwX2BAy7PsLIzRcYL8ydhvTWPXQnU
+KssmRoi0eobczpIYgIqTDNDTI46UErEvfoCBTIiY+uedER77FKxesfnO/9S3owvh
+8uP+WCMzZXRfNvIYqEsK43ipm3LL4rDfUNLEdeFj0bLlwEwiTJaXsdLayJ3KpanN
+A3ykePDXnQD41BcDcotvzSV6r7o5dbCILI4K4zEOSCAXBP1Du16J/K/aHOWahJ20
+Ex6YFg0llH3VkAVE9iGdHLGFqakjobUhm+LzV9ShAkXZqZs3Hx+p8dfM4w7aicCM
+f6Nn0rLlb4ZdSmMnbsexoZZwO0v2dQNHd1EEtQD6zjJfey1auJKJLTcLoWXH+3mm
+w5eOjjmqdOkab0h224q8jidhgyUm1c8By5H5aZ79y5SpRG0mfuS82Z6uIAf0KKZ3
+uIzPswc0YtI30M638ZCKCug3gxwZu4EG7P08/Ab4B0fpyfqqLy6KVsMdH6w64R6+
+64twgiVPuM3DpokvTfdcQLp13IHeMJwkpdc/SICyg3NDAFJZMcIe6eqjko5FsNnH
+RSjA0SHRKyl303OLR+jUHe64m+LISyNne+fC1VoThbqQ1f5nWX9PlF4VjRu30Wz4
+8VcmRCehMT1G1aIEGG74zKDeWDP6+bGeieBU7Pa/jfr/aI88Hw0=
+=5tIC
+-----END PGP SIGNATURE-----

Added: head/share/security/patches/EN-20:19/audit.12.1.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/EN-20:19/audit.12.1.patch	Tue Dec  1 19:53:40 2020	(r54726)
@@ -0,0 +1,139 @@
+--- sys/amd64/linux/linux_machdep.c.orig
++++ sys/amd64/linux/linux_machdep.c
+@@ -81,6 +81,8 @@
+ #include <x86/ifunc.h>
+ #include <x86/sysarch.h>
+ 
++#include <security/audit/audit.h>
++
+ #include <amd64/linux/linux.h>
+ #include <amd64/linux/linux_proto.h>
+ #include <compat/linux/linux_emul.h>
+@@ -107,6 +109,7 @@
+ 	free(path, M_TEMP);
+ 	if (error == 0)
+ 		error = linux_common_execve(td, &eargs);
++	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
+ 	return (error);
+ }
+ 
+--- sys/amd64/linux32/linux32_machdep.c.orig
++++ sys/amd64/linux32/linux32_machdep.c
+@@ -69,6 +69,8 @@
+ #include <vm/vm.h>
+ #include <vm/vm_map.h>
+ 
++#include <security/audit/audit.h>
++
+ #include <compat/freebsd32/freebsd32_util.h>
+ #include <amd64/linux32/linux.h>
+ #include <amd64/linux32/linux32_proto.h>
+@@ -143,6 +145,7 @@
+ 	free(path, M_TEMP);
+ 	if (error == 0)
+ 		error = linux_common_execve(td, &eargs);
++	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
+ 	return (error);
+ }
+ 
+--- sys/arm64/linux/linux_machdep.c.orig
++++ sys/arm64/linux/linux_machdep.c
+@@ -38,6 +38,8 @@
+ #include <sys/proc.h>
+ #include <sys/sdt.h>
+ 
++#include <security/audit/audit.h>
++
+ #include <arm64/linux/linux.h>
+ #include <arm64/linux/linux_proto.h>
+ #include <compat/linux/linux_dtrace.h>
+@@ -74,6 +76,7 @@
+ 	free(path, M_TEMP);
+ 	if (error == 0)
+ 		error = linux_common_execve(td, &eargs);
++	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
+ 	return (error);
+ }
+ 
+--- sys/compat/freebsd32/freebsd32_misc.c.orig
++++ sys/compat/freebsd32/freebsd32_misc.c
+@@ -440,6 +440,7 @@
+ 	if (error == 0)
+ 		error = kern_execve(td, &eargs, NULL);
+ 	post_execve(td, error, oldvmspace);
++	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
+ 	return (error);
+ }
+ 
+@@ -460,6 +461,7 @@
+ 		error = kern_execve(td, &eargs, NULL);
+ 	}
+ 	post_execve(td, error, oldvmspace);
++	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
+ 	return (error);
+ }
+ 
+--- sys/i386/linux/linux_machdep.c.orig
++++ sys/i386/linux/linux_machdep.c
+@@ -61,6 +61,8 @@
+ #include <vm/vm.h>
+ #include <vm/vm_map.h>
+ 
++#include <security/audit/audit.h>
++
+ #include <i386/linux/linux.h>
+ #include <i386/linux/linux_proto.h>
+ #include <compat/linux/linux_emul.h>
+@@ -116,6 +118,7 @@
+ 	free(newpath, M_TEMP);
+ 	if (error == 0)
+ 		error = linux_common_execve(td, &eargs);
++	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
+ 	return (error);
+ }
+ 
+--- sys/kern/kern_exec.c.orig
++++ sys/kern/kern_exec.c
+@@ -224,6 +224,7 @@
+ 	if (error == 0)
+ 		error = kern_execve(td, &args, NULL);
+ 	post_execve(td, error, oldvmspace);
++	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
+ 	return (error);
+ }
+ 
+@@ -251,6 +252,7 @@
+ 		error = kern_execve(td, &args, NULL);
+ 	}
+ 	post_execve(td, error, oldvmspace);
++	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
+ 	return (error);
+ }
+ 
+@@ -279,6 +281,7 @@
+ 	if (error == 0)
+ 		error = kern_execve(td, &args, uap->mac_p);
+ 	post_execve(td, error, oldvmspace);
++	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
+ 	return (error);
+ #else
+ 	return (ENOSYS);
+--- sys/kern/subr_syscall.c.orig
++++ sys/kern/subr_syscall.c
+@@ -133,6 +133,16 @@
+ 
+ 		AUDIT_SYSCALL_ENTER(sa->code, td);
+ 		error = (sa->callp->sy_call)(td, sa->args);

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***

From owner-svn-doc-all@freebsd.org  Thu Dec  3 16:35:37 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 245994AA611;
 Thu,  3 Dec 2020 16:35:37 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Cn1fc0Gxsz4SPW;
 Thu,  3 Dec 2020 16:35:36 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 09D4A1C799;
 Thu,  3 Dec 2020 16:35:34 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B3GZY2O089883;
 Thu, 3 Dec 2020 16:35:34 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B3GZYhZ089882;
 Thu, 3 Dec 2020 16:35:34 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <202012031635.0B3GZYhZ089882@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
 using -f
From: Glen Barber <gjb@FreeBSD.org>
Date: Thu, 3 Dec 2020 16:35:34 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54727 - head/en_US.ISO8859-1/htdocs/releases/13.0R
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/13.0R
X-SVN-Commit-Revision: 54727
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 16:35:37 -0000

Author: gjb
Date: Thu Dec  3 16:35:34 2020
New Revision: 54727
URL: https://svnweb.freebsd.org/changeset/doc/54727

Log:
  Update the 13.0-RELEASE schedule to reflect the reminder email had
  been sent to developers.
  
  Approved by:	re (implicit)
  Sponsored by:	Rubicon Communications, LLC (netgate.com)

Modified:
  head/en_US.ISO8859-1/htdocs/releases/13.0R/schedule.xml

Modified: head/en_US.ISO8859-1/htdocs/releases/13.0R/schedule.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/13.0R/schedule.xml	Tue Dec  1 19:53:40 2020	(r54726)
+++ head/en_US.ISO8859-1/htdocs/releases/13.0R/schedule.xml	Thu Dec  3 16:35:34 2020	(r54727)
@@ -80,7 +80,7 @@
       <tr>
 	<td>Release schedule reminder</td>
 	<td>3&nbsp;December&nbsp;2020</td>
-	<td>-</td>
+	<td>3&nbsp;December&nbsp;2020</td>
 	<td>Release Engineers send reminder announcement e-mail to
 	  developers with updated schedule.</td>
       </tr>

From owner-svn-doc-all@freebsd.org  Thu Dec  3 19:05:39 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5DF774AD3B7;
 Thu,  3 Dec 2020 19:05:39 +0000 (UTC) (envelope-from ygy@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Cn4zl2D1lz4dDb;
 Thu,  3 Dec 2020 19:05:39 +0000 (UTC) (envelope-from ygy@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3EFE61DFE5;
 Thu,  3 Dec 2020 19:05:39 +0000 (UTC) (envelope-from ygy@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B3J5d8C083432;
 Thu, 3 Dec 2020 19:05:39 GMT (envelope-from ygy@FreeBSD.org)
Received: (from ygy@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B3J5dfw083430;
 Thu, 3 Dec 2020 19:05:39 GMT (envelope-from ygy@FreeBSD.org)
Message-Id: <202012031905.0B3J5dfw083430@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ygy set sender to ygy@FreeBSD.org
 using -f
From: Guangyuan Yang <ygy@FreeBSD.org>
Date: Thu, 3 Dec 2020 19:05:39 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54728 -
 head/en_US.ISO8859-1/books/porters-handbook/makefiles
X-SVN-Group: doc-head
X-SVN-Commit-Author: ygy
X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/porters-handbook/makefiles
X-SVN-Commit-Revision: 54728
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 19:05:39 -0000

Author: ygy
Date: Thu Dec  3 19:05:38 2020
New Revision: 54728
URL: https://svnweb.freebsd.org/changeset/doc/54728

Log:
  Add "education" virtual category to Porter's Handbook.
  
  - The category itself was added to the ports framework in r555738.
  - While there, fix a typo.
  
  PR:		248403
  Submitted by:	PauAmma <pauamma@gundo.com>
  Reviewed by:	adamw, bcr, mat
  Differential Revision:	https://reviews.freebsd.org/D27340

Modified:
  head/en_US.ISO8859-1/books/porters-handbook/makefiles/chapter.xml

Modified: head/en_US.ISO8859-1/books/porters-handbook/makefiles/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/porters-handbook/makefiles/chapter.xml	Thu Dec  3 16:35:34 2020	(r54727)
+++ head/en_US.ISO8859-1/books/porters-handbook/makefiles/chapter.xml	Thu Dec  3 19:05:38 2020	(r54728)
@@ -1127,6 +1127,18 @@ PORTEPOCH=	1</programlisting>
 	    </row>
 
 	    <row>
+	      <entry><filename>education</filename>
+		<literal>*</literal></entry>
+	      <entry>Education-related software.</entry>
+	      <entry>This includes applications, utilities, or games
+		primarily or substantially designed to help the user
+		learn a specific topic or study in general.  It also
+		includes course-writing applications, course-delivery
+		applications, and classroom or school management
+		applications.</entry>
+	    </row>
+
+	    <row>
 	      <entry><filename>elisp</filename>
 		<literal>*</literal></entry>
 	      <entry>Emacs-lisp ports.</entry>
@@ -1786,7 +1798,7 @@ PORTEPOCH=	1</programlisting>
 	not have a corresponding subdirectory in the ports tree&mdash;
 	or <emphasis>physical</emphasis> categories&mdash;those that
 	do.  This section discusses the issues involved in creating a
-	new physical category.  Read it thouroughly before proposing a
+	new physical category.  Read it thoroughly before proposing a
 	new one.</para>
 
       <para>Our existing practice has been to avoid creating a new

From owner-svn-doc-all@freebsd.org  Fri Dec  4 18:55:44 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 223A94A8685;
 Fri,  4 Dec 2020 18:55:44 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Cnhjr0VFfz3MP0;
 Fri,  4 Dec 2020 18:55:44 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 03CC010BE2;
 Fri,  4 Dec 2020 18:55:44 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B4IthjC079770;
 Fri, 4 Dec 2020 18:55:43 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B4Ith7i079768;
 Fri, 4 Dec 2020 18:55:43 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <202012041855.0B4Ith7i079768@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
 using -f
From: Glen Barber <gjb@FreeBSD.org>
Date: Fri, 4 Dec 2020 18:55:43 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54729 - head/share/tools
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/share/tools
X-SVN-Commit-Revision: 54729
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 18:55:44 -0000

Author: gjb
Date: Fri Dec  4 18:55:43 2020
New Revision: 54729
URL: https://svnweb.freebsd.org/changeset/doc/54729

Log:
  Add (commented) logic to webupdate{,.wrapper} to prepare for the
  conversion of the doc tree from Subversion to Git.
  
  Sponsored by:	Rubicon Communications, LLC (netgate.com)

Modified:
  head/share/tools/webupdate
  head/share/tools/webupdate.wrapper

Modified: head/share/tools/webupdate
==============================================================================
--- head/share/tools/webupdate	Thu Dec  3 19:05:38 2020	(r54728)
+++ head/share/tools/webupdate	Fri Dec  4 18:55:43 2020	(r54729)
@@ -15,6 +15,7 @@
 #
 #	PATH		- The search path as interpreted by the shell.
 #	SVNROOT		- Path to the FreeBSD SVN repository.
+#	GITROOT		- Path to the FreeBSD Git repository.
 #	BUILDDIR	- Where the checked out copies of the files are stored.
 #	DESTDIR		- Where the rendered copies should wind up.
 #	PUBDIR		- Where the rendered files are published.
@@ -35,7 +36,7 @@
 #
 #	0	- success
 #	1	- unknown failure
-#	2	- failure in SVN operations
+#	2	- failure in VCS operations
 #	3	- failure in make operations
 #
 # $FreeBSD$
@@ -46,6 +47,7 @@
 #
 DEFAULT_PATH=/bin:/usr/bin:/usr/local/bin;
 DEFAULT_SVNROOT=svn://svn.FreeBSD.org
+#DEFAULT_GITROOT=https://cgit-beta.FreeBSD.org
 DEFAULT_BUILDDIR=/usr/local/www/build;
 #DEFAULT_LOGDIR=/usr/local/www/build/log;
 DEFAULT_LOGDIR=/usr/local/www/logs/build;
@@ -62,6 +64,7 @@ DEFAULT_WEBMAILTO=freebsd-doc;
 #
 PATH=${PATH:-${DEFAULT_PATH}}; export PATH;
 SVNROOT=${SVNROOT:-${DEFAULT_SVNROOT}}; export SVNROOT;
+#GITROOT=${GITROOT:-${DEFAULT_GITROOT}}; export GITROOT;
 BUILDDIR=${BUILDDIR:-${DEFAULT_BUILDDIR}};
 LOGDIR=${LOGDIR:-${DEFAULT_LOGDIR}};
 DESTDIR=${DESTDIR:-${DEFAULT_DESTDIR}}; export DESTDIR
@@ -91,6 +94,7 @@ export NO_OBJ=YES
 subtrees='head src/share/man/man4
 relnotes11/doc relnotes11/man4
 ports';
+#subtrees="${subtrees} main"
 
 #
 # Update the checked out copies.  Check out new copies every Sunday or
@@ -126,6 +130,7 @@ if [ $cond ]; then
 
 	# Check out the new copies.  This creates all the $subtrees.
 	svn co $SVNROOT/doc/head head >> $LOGFILE 2>&1 || exit 2;
+	#git clone -b main $GITROOT/doc.git main >> $LOGFILE 2>&1 || exit 2;
 
 	test -d relnotes || mkdir relnotes;
 	mkdir -p src/share/man/man4
@@ -139,6 +144,8 @@ else
 	for dir in ${subtrees}; do
 		svn cleanup $dir >> $LOGFILE 2>&1 || exit 2;
 		svn update --accept theirs-full $dir >> $LOGFILE 2>&1 || exit 2;
+		#git -C main clean -f >> $LOGFILE 2>&1 || exit 2;
+		#git -C main pull >> $LOGFILE 2>&1 || exit 2;
 	done
 fi
 
@@ -151,6 +158,7 @@ fi
 # Build the web site.
 #
 cd $BUILDDIR/head || exit 1;
+#cd $BUILDDIR/main || exit 1;
 
 # get latest revision
 LATESTREVISION=$LOGDIR/LATESTREVISION
@@ -166,6 +174,7 @@ time make ${BUILDARGS} p-all >> $LOGFILE 2>&1 ||
 	 exit 3) || exit 3;
 
 cd $BUILDDIR/head/en_US.ISO8859-1/htdocs || exit 1;
+#cd $BUILDDIR/main/en_US.ISO8859-1/htdocs || exit 1;
 
 ( time make ${INSTARGS} -j8 all && time make ${INSTARGS} install ) >> $LOGFILE 2>&1 ||
 	(cat $LATESTREVISION >> $LOGFILE

Modified: head/share/tools/webupdate.wrapper
==============================================================================
--- head/share/tools/webupdate.wrapper	Thu Dec  3 19:05:38 2020	(r54728)
+++ head/share/tools/webupdate.wrapper	Fri Dec  4 18:55:43 2020	(r54729)
@@ -9,6 +9,7 @@
 
 PATH=/bin:/usr/bin:/usr/local/bin
 SVNROOT=svn://svn.FreeBSD.org
+GITROOT=https://cgit-beta.FreeBSD.org
 PUBDIR=/usr/local/www/www.freebsd.org
 DESTDIR="${PUBDIR}-clean"
 RSYNC_FLAGS="-avH"

From owner-svn-doc-all@freebsd.org  Fri Dec  4 23:13:25 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9C6D34AF016;
 Fri,  4 Dec 2020 23:13:25 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CnpR93pPKz4QlQ;
 Fri,  4 Dec 2020 23:13:25 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7543413C5F;
 Fri,  4 Dec 2020 23:13:25 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B4NDPAH043787;
 Fri, 4 Dec 2020 23:13:25 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B4NDPXu043786;
 Fri, 4 Dec 2020 23:13:25 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <202012042313.0B4NDPXu043786@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
 using -f
From: Glen Barber <gjb@FreeBSD.org>
Date: Fri, 4 Dec 2020 23:13:25 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54730 - head/share/tools
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/share/tools
X-SVN-Commit-Revision: 54730
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 23:13:25 -0000

Author: gjb
Date: Fri Dec  4 23:13:25 2020
New Revision: 54730
URL: https://svnweb.freebsd.org/changeset/doc/54730

Log:
  Update the webupdate script to uncomment git calls prior to the
  switchover for the repository.
  
  Sponsored by:	Rubicon Communications, LLC (netgate.com)

Modified:
  head/share/tools/webupdate

Modified: head/share/tools/webupdate
==============================================================================
--- head/share/tools/webupdate	Fri Dec  4 18:55:43 2020	(r54729)
+++ head/share/tools/webupdate	Fri Dec  4 23:13:25 2020	(r54730)
@@ -47,7 +47,7 @@
 #
 DEFAULT_PATH=/bin:/usr/bin:/usr/local/bin;
 DEFAULT_SVNROOT=svn://svn.FreeBSD.org
-#DEFAULT_GITROOT=https://cgit-beta.FreeBSD.org
+DEFAULT_GITROOT=https://cgit-beta.FreeBSD.org
 DEFAULT_BUILDDIR=/usr/local/www/build;
 #DEFAULT_LOGDIR=/usr/local/www/build/log;
 DEFAULT_LOGDIR=/usr/local/www/logs/build;
@@ -64,7 +64,7 @@ DEFAULT_WEBMAILTO=freebsd-doc;
 #
 PATH=${PATH:-${DEFAULT_PATH}}; export PATH;
 SVNROOT=${SVNROOT:-${DEFAULT_SVNROOT}}; export SVNROOT;
-#GITROOT=${GITROOT:-${DEFAULT_GITROOT}}; export GITROOT;
+GITROOT=${GITROOT:-${DEFAULT_GITROOT}}; export GITROOT;
 BUILDDIR=${BUILDDIR:-${DEFAULT_BUILDDIR}};
 LOGDIR=${LOGDIR:-${DEFAULT_LOGDIR}};
 DESTDIR=${DESTDIR:-${DEFAULT_DESTDIR}}; export DESTDIR
@@ -129,8 +129,8 @@ if [ $cond ]; then
 	rm -Rf $subtrees 2>/dev/null;
 
 	# Check out the new copies.  This creates all the $subtrees.
-	svn co $SVNROOT/doc/head head >> $LOGFILE 2>&1 || exit 2;
-	#git clone -b main $GITROOT/doc.git main >> $LOGFILE 2>&1 || exit 2;
+	#svn co $SVNROOT/doc/head head >> $LOGFILE 2>&1 || exit 2;
+	git clone -b main $GITROOT/doc.git main >> $LOGFILE 2>&1 || exit 2;
 
 	test -d relnotes || mkdir relnotes;
 	mkdir -p src/share/man/man4
@@ -142,10 +142,10 @@ if [ $cond ]; then
 	rm -f $BUILDDIR/fullbuild-clean.flag
 else
 	for dir in ${subtrees}; do
-		svn cleanup $dir >> $LOGFILE 2>&1 || exit 2;
-		svn update --accept theirs-full $dir >> $LOGFILE 2>&1 || exit 2;
-		#git -C main clean -f >> $LOGFILE 2>&1 || exit 2;
-		#git -C main pull >> $LOGFILE 2>&1 || exit 2;
+		#svn cleanup $dir >> $LOGFILE 2>&1 || exit 2;
+		#svn update --accept theirs-full $dir >> $LOGFILE 2>&1 || exit 2;
+		git -C main clean -f >> $LOGFILE 2>&1 || exit 2;
+		git -C main pull >> $LOGFILE 2>&1 || exit 2;
 	done
 fi
 
@@ -157,8 +157,8 @@ fi
 #
 # Build the web site.
 #
-cd $BUILDDIR/head || exit 1;
-#cd $BUILDDIR/main || exit 1;
+#cd $BUILDDIR/head || exit 1;
+cd $BUILDDIR/main || exit 1;
 
 # get latest revision
 LATESTREVISION=$LOGDIR/LATESTREVISION
@@ -173,8 +173,8 @@ time make ${BUILDARGS} p-all >> $LOGFILE 2>&1 ||
 			| /usr/sbin/sendmail -oi -f www-data@freebsd.org ${WEBMAILTO};
 	 exit 3) || exit 3;
 
-cd $BUILDDIR/head/en_US.ISO8859-1/htdocs || exit 1;
-#cd $BUILDDIR/main/en_US.ISO8859-1/htdocs || exit 1;
+#cd $BUILDDIR/head/en_US.ISO8859-1/htdocs || exit 1;
+cd $BUILDDIR/main/en_US.ISO8859-1/htdocs || exit 1;
 
 ( time make ${INSTARGS} -j8 all && time make ${INSTARGS} install ) >> $LOGFILE 2>&1 ||
 	(cat $LATESTREVISION >> $LOGFILE

From owner-svn-doc-all@freebsd.org  Sat Dec  5 00:39:02 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C1C6C4B04EF;
 Sat,  5 Dec 2020 00:39:02 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CnrKy509Bz4VS5;
 Sat,  5 Dec 2020 00:39:02 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 99D9C14BD6;
 Sat,  5 Dec 2020 00:39:02 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B50d259094140;
 Sat, 5 Dec 2020 00:39:02 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B50d2J9094138;
 Sat, 5 Dec 2020 00:39:02 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <202012050039.0B50d2J9094138@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
 using -f
From: Glen Barber <gjb@FreeBSD.org>
Date: Sat, 5 Dec 2020 00:39:02 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54731 - head/share/tools
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/share/tools
X-SVN-Commit-Revision: 54731
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2020 00:39:02 -0000

Author: gjb
Date: Sat Dec  5 00:39:01 2020
New Revision: 54731
URL: https://svnweb.freebsd.org/changeset/doc/54731

Log:
  Send fail-mail to me directly until I'm sure the transition to
  building from the git sources is indeed fine.
  
  Note: these scripts are not automatically updated on the builder,
  so I will manually update them and monitor for failures.
  
  Sponsored by:	Rubicon Communications, LLC (netgate.com)

Modified:
  head/share/tools/webupdate
  head/share/tools/webupdate.wrapper

Modified: head/share/tools/webupdate
==============================================================================
--- head/share/tools/webupdate	Fri Dec  4 23:13:25 2020	(r54730)
+++ head/share/tools/webupdate	Sat Dec  5 00:39:01 2020	(r54731)
@@ -55,9 +55,8 @@ DEFAULT_DESTDIR=/usr/local/www;
 DEFAULT_LOGFILE=webbuild.log
 DEFAULT_BUILDARGS='';
 DEFAULT_INSTARGS='';
-DEFAULT_WEBMAILTO=freebsd-doc;
-#DEFAULT_WEBMAILTO=simon;
-#DEFAULT_WEBMAILTO=hrs;
+#DEFAULT_WEBMAILTO=freebsd-doc;
+DEFAULT_WEBMAILTO=gjb;
 
 #
 # Variable setup.

Modified: head/share/tools/webupdate.wrapper
==============================================================================
--- head/share/tools/webupdate.wrapper	Fri Dec  4 23:13:25 2020	(r54730)
+++ head/share/tools/webupdate.wrapper	Sat Dec  5 00:39:01 2020	(r54731)
@@ -14,7 +14,8 @@ PUBDIR=/usr/local/www/www.freebsd.org
 DESTDIR="${PUBDIR}-clean"
 RSYNC_FLAGS="-avH"
 GEN_INDEX=yes
-WEBMAILTO=freebsd-doc@FreeBSD.org
+#WEBMAILTO=freebsd-doc@FreeBSD.org
+WEBMAILTO=gjb@FreeBSD.org
 FLAGDIR=/usr/local/www/build
 : ${PORTSDIR:=/usr/local/www/build/ports}; export PORTSDIR
 : ${INDEXNUM:=$(make -C ${PORTSDIR} -V OSREL)}

From owner-svn-doc-all@freebsd.org  Sat Dec  5 00:58:00 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 563064B102A;
 Sat,  5 Dec 2020 00:58:00 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Cnrlr20Bvz4Vy1;
 Sat,  5 Dec 2020 00:58:00 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 335ED14C69;
 Sat,  5 Dec 2020 00:58:00 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B50w0Mr006816;
 Sat, 5 Dec 2020 00:58:00 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B50vxpT006812;
 Sat, 5 Dec 2020 00:57:59 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <202012050057.0B50vxpT006812@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
 using -f
From: Glen Barber <gjb@FreeBSD.org>
Date: Sat, 5 Dec 2020 00:57:59 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54732 - in head/en_US.ISO8859-1/htdocs/releases:
 12.0R/hardware 12.1R/hardware 12.2R/hardware
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: in head/en_US.ISO8859-1/htdocs/releases: 12.0R/hardware
 12.1R/hardware 12.2R/hardware
X-SVN-Commit-Revision: 54732
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2020 00:58:00 -0000

Author: gjb
Date: Sat Dec  5 00:57:59 2020
New Revision: 54732
URL: https://svnweb.freebsd.org/changeset/doc/54732

Log:
  Avoid an unnecessary secondary 'svn co' call in the 'make install'
  target.  This should only be executed during 'make all', the latter
  causes unnecessary filesystem pollution.
  
  Sponsored by:	Rubicon Communications, LLC (netgate.com)

Modified:
  head/en_US.ISO8859-1/htdocs/releases/12.0R/hardware/Makefile
  head/en_US.ISO8859-1/htdocs/releases/12.1R/hardware/Makefile
  head/en_US.ISO8859-1/htdocs/releases/12.2R/hardware/Makefile

Modified: head/en_US.ISO8859-1/htdocs/releases/12.0R/hardware/Makefile
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.0R/hardware/Makefile	Sat Dec  5 00:39:01 2020	(r54731)
+++ head/en_US.ISO8859-1/htdocs/releases/12.0R/hardware/Makefile	Sat Dec  5 00:57:59 2020	(r54732)
@@ -21,7 +21,7 @@ FORMATS?=		html txt
 INSTALL_COMPRESSED?=	gz
 INSTALL_ONLY_COMPRESSED=
 
-.if ${.TARGET:M${DOC}.html}
+.if ${.TARGET:M${DOC}.html} && !make(install)
 MAN4TMP!=	${MKTEMP} -d ${.CURDIR}/svn.XXXXXXXX
 MAN4DIR=	${MAN4TMP}
 .if exists(${MAN4DIR})

Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/hardware/Makefile
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.1R/hardware/Makefile	Sat Dec  5 00:39:01 2020	(r54731)
+++ head/en_US.ISO8859-1/htdocs/releases/12.1R/hardware/Makefile	Sat Dec  5 00:57:59 2020	(r54732)
@@ -21,7 +21,7 @@ FORMATS?=		html txt
 INSTALL_COMPRESSED?=	gz
 INSTALL_ONLY_COMPRESSED=
 
-.if ${.TARGET:M${DOC}.html}
+.if ${.TARGET:M${DOC}.html} && !make(install)
 MAN4TMP!=	${MKTEMP} -d ${.CURDIR}/svn.XXXXXXXX
 MAN4DIR=	${MAN4TMP}
 .if exists(${MAN4DIR})

Modified: head/en_US.ISO8859-1/htdocs/releases/12.2R/hardware/Makefile
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.2R/hardware/Makefile	Sat Dec  5 00:39:01 2020	(r54731)
+++ head/en_US.ISO8859-1/htdocs/releases/12.2R/hardware/Makefile	Sat Dec  5 00:57:59 2020	(r54732)
@@ -21,7 +21,7 @@ FORMATS?=		html txt
 INSTALL_COMPRESSED?=	gz
 INSTALL_ONLY_COMPRESSED=
 
-.if ${.TARGET:M${DOC}.html}
+.if ${.TARGET:M${DOC}.html} && !make(install)
 MAN4TMP!=	${MKTEMP} -d ${.CURDIR}/svn.XXXXXXXX
 MAN4DIR=	${MAN4TMP}
 .if exists(${MAN4DIR})

From owner-svn-doc-all@freebsd.org  Sat Dec  5 02:02:10 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 53C2F4B2242;
 Sat,  5 Dec 2020 02:02:10 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Cnt9t21Jbz4Z6X;
 Sat,  5 Dec 2020 02:02:10 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 37DE815DC5;
 Sat,  5 Dec 2020 02:02:10 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B522AUe048846;
 Sat, 5 Dec 2020 02:02:10 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B522Agw048845;
 Sat, 5 Dec 2020 02:02:10 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <202012050202.0B522Agw048845@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
 using -f
From: Glen Barber <gjb@FreeBSD.org>
Date: Sat, 5 Dec 2020 02:02:10 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54733 - head/share/tools
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/share/tools
X-SVN-Commit-Revision: 54733
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2020 02:02:10 -0000

Author: gjb
Date: Sat Dec  5 02:02:09 2020
New Revision: 54733
URL: https://svnweb.freebsd.org/changeset/doc/54733

Log:
  Remove 'head' from 'subtrees', and uncomment the 'main' addition.
  
  Sponsored by:	Rubicon Communications, LLC (netgate.com)

Modified:
  head/share/tools/webupdate

Modified: head/share/tools/webupdate
==============================================================================
--- head/share/tools/webupdate	Sat Dec  5 00:57:59 2020	(r54732)
+++ head/share/tools/webupdate	Sat Dec  5 02:02:09 2020	(r54733)
@@ -90,10 +90,10 @@ export NO_OBJ=YES
 # assumes that the directory right below that is the language code.
 # This works fine if all the languages are in a directory called
 # 'doc', and not at all if they aren't.
-subtrees='head src/share/man/man4
+subtrees='src/share/man/man4
 relnotes11/doc relnotes11/man4
 ports';
-#subtrees="${subtrees} main"
+subtrees="${subtrees} main"
 
 #
 # Update the checked out copies.  Check out new copies every Sunday or

From owner-svn-doc-all@freebsd.org  Sat Dec  5 19:25:38 2020
Return-Path: <owner-svn-doc-all@freebsd.org>
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 348104A5AA3;
 Sat,  5 Dec 2020 19:25:38 +0000 (UTC)
 (envelope-from carlavilla@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CpKKt0tttz4bMX;
 Sat,  5 Dec 2020 19:25:38 +0000 (UTC)
 (envelope-from carlavilla@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1170122CF0;
 Sat,  5 Dec 2020 19:25:38 +0000 (UTC)
 (envelope-from carlavilla@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B5JPbRZ008425;
 Sat, 5 Dec 2020 19:25:37 GMT (envelope-from carlavilla@FreeBSD.org)
Received: (from carlavilla@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B5JPbVM008424;
 Sat, 5 Dec 2020 19:25:37 GMT (envelope-from carlavilla@FreeBSD.org)
Message-Id: <202012051925.0B5JPbVM008424@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: carlavilla set sender to
 carlavilla@FreeBSD.org using -f
From: Sergio Carlavilla Delgado <carlavilla@FreeBSD.org>
Date: Sat, 5 Dec 2020 19:25:37 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r54734 -
 head/en_US.ISO8859-1/books/handbook/advanced-networking
X-SVN-Group: doc-head
X-SVN-Commit-Author: carlavilla
X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/advanced-networking
X-SVN-Commit-Revision: 54734
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2020 19:25:38 -0000

Author: carlavilla
Date: Sat Dec  5 19:25:37 2020
New Revision: 54734
URL: https://svnweb.freebsd.org/changeset/doc/54734

Log:
  handbook: clarify that cmd examples use sh syntax
  
  Submitted by:	emaste@
  Approved by:	bcr@, carlavilla@
  Differential Revision:	https://reviews.freebsd.org/D23851

Modified:
  head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml	Sat Dec  5 02:02:09 2020	(r54733)
+++ head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml	Sat Dec  5 19:25:37 2020	(r54734)
@@ -3957,6 +3957,12 @@ ifconfig_<literal>lagg<replaceable>0</replaceable></li
 	<filename>/etc/inetd.conf</filename> and
 	<filename>/usr/local/etc/dhcpd.conf</filename>.</para>
 
+      <note>
+       <para>The command examples below assume use of the &man.sh.1; shell.
+       &man.csh.1; and &man.tcsh.1; users will need to start a
+       &man.sh.1; shell or adapt the commands to &man.csh.1; syntax.</para>
+      </note>
+
       <procedure>
 	<step>
 	  <para>Create the root directory which will contain a &os;