From owner-svn-doc-head@FreeBSD.ORG Fri Apr 18 19:42:58 2014 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 67C1F1FA; Fri, 18 Apr 2014 19:42:58 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48F12175E; Fri, 18 Apr 2014 19:42:58 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3IJgwKj016829; Fri, 18 Apr 2014 19:42:58 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3IJgwdB016828; Fri, 18 Apr 2014 19:42:58 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201404181942.s3IJgwdB016828@svn.freebsd.org> From: Dru Lavigne Date: Fri, 18 Apr 2014 19:42:58 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44606 - head/en_US.ISO8859-1/books/handbook/security X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2014 19:42:58 -0000 Author: dru Date: Fri Apr 18 19:42:57 2014 New Revision: 44606 URL: http://svnweb.freebsd.org/changeset/doc/44606 Log: Fix some redundancy and title capitalization in Security chapter. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Apr 18 17:35:05 2014 (r44605) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Apr 18 19:42:57 2014 (r44606) @@ -242,8 +242,8 @@ and even lock users into running only single, privileged commands such as &man.service.8; - After installation, edit the - /usr/local/etc/sudoers file by using + After installation, edit + /usr/local/etc/sudoers using the visudo interface. In this example, a new webadmin group will be added, the user trhodes to that group, and @@ -322,9 +322,8 @@ also enforce mixed characters. In particular the &man.pam.passwdqc.8; will be discussed. - To proceed, open the - /etc/pam.d/passwd file and add the - following line to the file. + To proceed, add the following line to + /etc/pam.d/passwd: password requisite pam_passwdqc.so min=disabled,disabled,disabled,12,10 similar=deny retry=3 enforce=users @@ -408,18 +407,18 @@ Enter new password: A backdoor or rootkit software does do one thing useful for administrators - once detected, it is a sign that a compromise happened at some point. But normally these types - types of applications are hidden very well. Tools do exist + of applications are hidden very well. Tools do exist to detect backdoors and rootkits, one of them is security/rkhunter. - After installation the system may be checked using the - following command which will produce a lot of - information: + After installation, the system may be checked using the + following command. It will produce a lot of + information and will require some manual + pressing of the ENTER key: &prompt.root; rkhunter -c - After the process complete, which will require some manual - pressing of the ENTER key, a status message + After the process completes, a status message will be printed to the screen. This message will include the amount of files checked, suspect files, possible rootkits, and more. During the check, some generic security warnings may @@ -477,8 +476,8 @@ Enter new password: &prompt.root; mtree: /bin checksum: 3427012225 - Viewing the bin_cksum_mtree file - should yield output similar to the following as well: + Viewing bin_cksum_mtree + should yield output similar to the following: # user: root # machine: dreadnaught @@ -518,8 +517,8 @@ Enter new password: was originally ran. Since no changes occurred in the time these commands were ran, the bin_chksum_output output will be empty. - To simulate a change, change the date on the - /bin/cat file using &man.touch.1; and run + To simulate a change, change the date on + /bin/cat using &man.touch.1; and run the verification command again: &prompt.root; touch /bin/cat @@ -1264,7 +1263,7 @@ Aug 27 15:37:58 Aug 28 01:37:58 krbtgt - Configuring a Server to use + <title>Configuring a Server to Use <application>Kerberos</application> @@ -1356,7 +1355,7 @@ kadmin> exit - Configuring a Client to use + <title>Configuring a Client to Use <application>Kerberos</application> @@ -2899,7 +2898,7 @@ user@unfirewalled-system.example.org's p - Don't confuse /etc/ssh/sshd_config + Do not confuse /etc/ssh/sshd_config with /etc/ssh/ssh_config (note the extra d in the first filename). The first file configures the server and the second file